[Swan-dev] ABORT: ASSERTION FAILED: *chosen_proposal == NULL (in ikev2_process_sa_payload() at ikev2_spdb_struct.c:1144)
Andrew Cagney
andrew.cagney at gmail.com
Tue May 28 22:57:29 UTC 2019
Note the initiator=0 in these log lines:
May 28 21:12:44 bar-host-01 pluto[27621]: | Message ID: ike
#3.PARENT_R2receiver #8.V2_IPSEC_R request 1; ike.initiator: sent=-1
recv=-1; ike.responder: sent=0 recv=0->1; receiver.wip: initiator=0
responder=0
May 28 21:12:44 bar-host-01 pluto[27621]: | Message ID: ike
#3.PARENT_R2sender #8.V2_IPSEC_R response 1; ike.initiator: sent=-1
recv=-1; ike.responder: sent=0->1 recv=1; sender.wip: initiator=0
responder=0
it should have been initiator=-1 since it wasn't initiating an
exchange. This wrong value leads to:
May 28 21:12:46 bar-host-01 pluto[27621]: | State DB: IKEv2 state
object #8 found, in STATE_V2_IPSEC_R (find_v2_sa_by_initiator_mip)
when the search should fail. It should be fixed by:
https://github.com/libreswan/libreswan/commit/46bac3061acc78e41cf0516c90a3390ea84def65
The "cause" should be:
https://github.com/libreswan/libreswan/commit/55f09de1e95b3ff3935da17475dd77a221ff7f14
et.al., which removed the crutch and exposing the problem.
--
Is there a test where the IKE initiator then adds 2 CHILD SAs?
Andrew
More information about the Swan-dev
mailing list