[Swan-dev] crash after pluto: Fix addresspool reference count

Wolfgang Nothdurft wolfgang at linogate.de
Thu Oct 5 13:30:18 UTC 2017


Am 05.10.2017 um 15:01 schrieb Antony Antony:
> Hi Wolfgang,
> 
> I tried to reproduce your issue and no luck yet.
> Did you try ipsec stop?
> 

yes. it crashed immediatly after a connection was established, because 
of the missing reference or extra unreference addresspool call after 
freeing the addresspool.

Oct  5 11:33:26 d1 pluto[22722]: | unreference addresspool of conn 
xauth_0-client_sn-sn_192.168.11.0/24-0.0.0.0/0[1] kind CK_GOING_AWAY 
used 1 0x770c543040 po
ol_refcount 1
Oct  5 11:33:26 d1 pluto[22722]: | freeing memory for addresspool ptr 
0x770c543040
Oct  5 11:33:26 d1 pluto[22722]: | processing connection 
"xauth_0-client_sn-sn_192.168.11.0/24-0.0.0.0/0"
Oct  5 11:33:26 d1 pluto[22722]: 
"xauth_0-client_sn-sn_192.168.11.0/24-0.0.0.0/0": deleting non-instance 
connection
Oct  5 11:33:26 d1 pluto[22722]: | unreference addresspool of conn 
xauth_0-client_sn-sn_192.168.11.0/24-0.0.0.0/0[2] kind CK_TEMPLATE used 
206934544 0x770c543040 pool_refcount 206926464

> On Thu, Oct 05, 2017 at 09:45:02AM +0200, Wolfgang Nothdurft wrote:
>> Am 02.10.2017 um 13:58 schrieb Antony Antony:
>>> Hi Paul
>>>
>>> A quick test after the commit bd3a5f01 show a crash in test xauth-pluto-16
>>> pointing to addresspool.c. The crash happens with ipsec stop
>>>
>>> I couldn't repoduce lsw#299 yet. Did you manage to reproduce before
>> bd3a5f0
>>> patch?
>>
>> There seems a general problem with the reference code in addresspool, which
>> comes up with the latest changes.
>>
>> I can reproduce the problems very easy with two xauth clients connecting to
>> the same connection.
> 
> I could not use your exact config in libreswan testing enviroment yet. May
> be there is another issue with authby=secret and right=%any. Server seems to
> be looking for secret "%any".
> 
> Anyway I tried with X509 and main mode + xauth and two clients, a very
> similar setup with bd3a5f01e7 reverted. No issues.
> 
> So I can 't reproduce the issue you report in lsw#299.
> 
> [root at east xauth-pluto-23]# ipsec whack --trafficstatus
> 006 #2: "east-any"[1] 192.1.3.209, username=road, type=ESP, add_time=1507206015, inBytes=336, outBytes=252, lease=192.0.2.100/32
> 006 #4: "east-any"[2] 192.1.3.33, username=north, type=ESP, add_time=1507206030, inBytes=0, outBytes=0, lease=192.0.2.101/32
> 
> I also remember there is a v2 test with addresspool and two clients. And
> there no crash without bd3a5f01e7
> 
> committed!
> 
> -antony
> 
> PS: one possibility is with authby=secret addresspool behave different. IDs
> are different. If that is the case bd3a5f01e7 is not likely the fix.
> 



More information about the Swan-dev mailing list