Menu
▾
▴
[Ipsec-tools-commits] [ ipsec-tools-Bugs-1800410 ] racoon closes all listening sockets
|
From: SourceForge.net <no...@so...> - 2007-11-29 15:06:21
|
Bugs item #1800410, was opened at 2007-09-22 17:59 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541482&aid=1800410&group_id=74601 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: 0.6 branch Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: racoon closes all listening sockets Initial Comment: On a Linux/x86 system, about once every 2~4 weeks, racoon suddenly closes all listening sockets. There is no entry in the output of: netstat -antup | grep racoon when run as root. There doesn't seem to be any unusual entry in the logs, other than SA expirations right before the sockets go away: racoon: INFO: ISAKMP-SA expired 192.168.1.66[500]-192.168.1.65[500] spi:1632fa5392c56738:2bf6d5a458859012 racoon: INFO: ISAKMP-SA deleted 192.168.1.66[500]-192.168.1.65[500] spi:1632fa5392c56738:2bf6d5a458859012 racoon: INFO: IPsec-SA expired: AH/Transport 192.168.1.65[0]->192.168.1.66[0] spi=99907246(0x5f476ae) racoon: INFO: IPsec-SA expired: ESP/Transport 192.168.1.65[0]->192.168.1.66[0] spi=18640305(0x11c6db1) racoon: INFO: IPsec-SA expired: AH/Transport 192.168.1.66[0]->192.168.1.65[0] spi=229707431(0xdb10ea7) racoon: INFO: IPsec-SA expired: ESP/Transport 192.168.1.66[0]->192.168.1.65[0] spi=176902503(0xa8b5167) Immediately after that, racoon stops listening and can no longer be reached from other hosts. netstat shows no listening sockets for racoon. However, ps shows racoon is still running. I'm not sure how to go about debugging this, so any suggestions on how more information can be extracted to track down the cause would be appreciated. The system is on Linux kernel 2.6.22.6, running Debian/etch for i386. ipsec-tools and racoon are both 0.6.6-3.1etch1 No sf.net account, so I can be reached at ra...@ne... ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2007-11-29 07:06 Message: Logged In: NO I also use the same racoon version, but my kernel version is 2.6.16-2-686 (really old). Maybe I have similar problems. Once a week racoon stops responding to ISAKMP packets. I made a "strace -p `cat /var/run/racoon.pid` -tt -o /tmp/strace-racoon.log" to generate a system-calls log file. My racoon does'nt close listening sockets, but hangs in a read system call at filedescriptor 4. Sometimes the read call finishes after some minutes, an hour or never. Next time I catch my racoon in such a state, i will do "netstat -antup | grep racoon" to verify, if this is the same or a differerent problem. uwe...@gm... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=541482&aid=1800410&group_id=74601 |
