misc/177785: ipsec-tools 0.8.0 racoon tends to segfault when multiple Phase1's aren't establishing

[Todd Blum]

E-mailed a core dump privately.

The problems seemed to have correlated with DSL outages of a specific ISP.  The
ISP replaced/repaired a DSL DSLAM and possibly some core routers as well.

racoon has been up stable now for several weeks since this change.


On Wed, May 1, 2013 at 1:04 PM, Todd Blum <todd at toddblum.org> wrote:

> racoon segfaulted again, but this time without any sainfo messages.
>
> The crash coincided with an ISP outage that affected at least 6 remote
> endpoints.  DPD was enabled on these tunnels:
>
> ...
> May  1 01:18:27 192.168.116.250 racoon: INFO: ISAKMP-SA deleted
> my.end.poi.nt[500]-x.x.x.x [500] spi:48131b4e56ac24b8:32ef67f65454935e
> May  1 01:18:28 192.168.116.250 racoon: [y.y.y.y ] INFO: DPD: remote
> (ISAKMP-SA spi=622012ee7f51261d:7e39cc0f5ee916a0) seems to be dead.
> May  1 01:18:28 192.168.116.250 racoon: INFO: purging ISAKMP-SA
> spi=622012ee7f51261d:7e39cc0f5ee916a0.
> May  1 01:18:28 192.168.116.250 racoon: INFO: purged IPsec-SA spi=
> 2284023606.
> May  1 01:18:28 192.168.116.250 racoon: INFO: purged IPsec-SA
> spi=187964617.
> May  1 01:18:28 192.168.116.250 racoon: INFO: purged ISAKMP-SA
> spi=622012ee7f51261d:7e39cc0f5ee916a0.
> May  1 01:18:28 192.168.116.250 racoon: INFO: ISAKMP-SA deleted
> my.end.poi.nt[500]-y.y.y.y [500] spi:622012ee7f51261d:7e39cc0f5ee916a0
> May  1 01:18:29 192.168.116.250 racoon: [z.z.z.z ] INFO: DPD: remote
> (ISAKMP-SA spi=3c837090349206bf:1086e896dce5e982) seems to be dead.
> May  1 01:18:29 192.168.116.250 racoon: INFO: purging ISAKMP-SA
> spi=3c837090349206bf:1086e896dce5e982.
> May  1 01:18:29 192.168.116.250 racoon: INFO: purged IPsec-SA
> spi=3531119898.
> May  1 01:18:29 192.168.116.250 racoon: INFO: purged IPsec-SA
> spi=124488619.
> May  1 01:18:29 192.168.116.250 racoon: INFO: purged ISAKMP-SA
> spi=3c837090349206bf:1086e896dce5e982.
> ...
>