[Swan-dev] ABORT: ASSERTION FAILED: *chosen_proposal == NULL (in ikev2_process_sa_payload() at ikev2_spdb_struct.c:1144)
Andrew Cagney
andrew.cagney at gmail.com
Wed May 29 00:19:30 UTC 2019
On Tue, 28 May 2019 at 18:57, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>
> Note the initiator=0 in these log lines:
>
> May 28 21:12:44 bar-host-01 pluto[27621]: | Message ID: ike
> #3.PARENT_R2receiver #8.V2_IPSEC_R request 1; ike.initiator: sent=-1
> recv=-1; ike.responder: sent=0 recv=0->1; receiver.wip: initiator=0
> responder=0
> May 28 21:12:44 bar-host-01 pluto[27621]: | Message ID: ike
> #3.PARENT_R2sender #8.V2_IPSEC_R response 1; ike.initiator: sent=-1
> recv=-1; ike.responder: sent=0->1 recv=1; sender.wip: initiator=0
> responder=0
>
> it should have been initiator=-1 since it wasn't initiating an
> exchange. This wrong value leads to:
>
> May 28 21:12:46 bar-host-01 pluto[27621]: | State DB: IKEv2 state
> object #8 found, in STATE_V2_IPSEC_R (find_v2_sa_by_initiator_mip)
>
> when the search should fail. It should be fixed by:
>
> https://github.com/libreswan/libreswan/commit/46bac3061acc78e41cf0516c90a3390ea84def65
>
> The "cause" should be:
>
> https://github.com/libreswan/libreswan/commit/55f09de1e95b3ff3935da17475dd77a221ff7f14
>
> et.al., which removed the crutch and exposing the problem.
Also https://github.com/libreswan/libreswan/commit/046c72992e0d68e5d0dfaab8a27aa47986f05d5c
which switched a lookup from requiring both .st_msgid(old) and
wip.initiator(new) match just checking the new value patches.
Again post 3.28.
> --
>
> Is there a test where the IKE initiator then adds 2 CHILD SAs?
>
> Andrew
More information about the Swan-dev
mailing list