[Swan-dev] ikev2-mobike-03: road.pluto.log: ABORT: ASSERTION FAILED: sr->eroute_owner == SOS_NOBODY (in delete_states_by_connection() at state.c:1382)

Andrew Cagney andrew.cagney at gmail.com
Fri Nov 1 12:02:29 UTC 2019


On Fri, 1 Nov 2019 at 02:06, Antony Antony <antony at phenome.org> wrote:
>
> On Tue, Oct 29, 2019 at 05:08:32PM -0400, Andrew Cagney wrote:
> > Toumo and I brainstormed this a bit as Toumo was seeing it on his laptop.
> >
> > During shutdown, while it is trying to delete everything, it panics in
> > delete_states_by_connection() where:
> >
> > -- it deletes all states associated with a connection (the log shows
> > it deleting both the child and parent):
> >
> >        foreach_state_by_connection_func_delete(c,
> >                 relations ? same_phase1_sa_relations : same_phase1_sa);
> >
> > -- checks that, with the states all gone, there's no lingering route:
> >
> >         const struct spd_route *sr;
> >         for (sr = &c->spd; sr != NULL; sr = sr->spd_next) {
> >                 passert(sr->eroute_owner == SOS_NOBODY);
> >                 passert(sr->routing != RT_ROUTED_TUNNEL);
> >         }
> >
> > except there is - hooking up a debugger shows sr->eroute_owner ==
> > CHILD_SA so for some reason deleting the child didn't delete the route
> > ...
> >
> > Looking back through the logs, the interesting thing seems to be:
> >
> > | XFRM RTM_DELADDR 192.1.33.222 IFA_LOCAL
> > | FOR_EACH_STATE_... in record_deladdr (for_each_state)
> > | start processing: state #2 connection "road-eastnet"[1] 192.1.2.23
> > from 192.1.2.23:500 (in for_each_state() at state.c:1570)
> > | stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23
> > from 192.1.2.23:500 (in for_each_state() at state.c:1572)
> > | start processing: state #1 connection "road-eastnet"[1] 192.1.2.23
> > from 192.1.2.23:500 (in for_each_state() at state.c:1570)
> > | FOR_EACH_CONNECTION_... in route_owner
> > |  conn road-eastnet mark 0/00000000, 0/00000000 vs
> > |  conn road-eastnet mark 0/00000000, 0/00000000
> > |  conn road-eastnet mark 0/00000000, 0/00000000 vs
> > |  conn road-eastnet mark 0/00000000, 0/00000000
> > | route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL
> > | running updown command "ipsec _updown" for verb down
> > | command executing down-client
> > | executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0'
> > PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0'
> > PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222'
> > PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32'
> > PLUTO_MY_CLIENT_NET='192.0.3.10'
> > PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0'
> > PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP'
> > PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23'
> > PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0'
> > PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
> > PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey'
> > PLUTO_ADDTIME='1571944637'
> > PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO'
> > PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4'
> > XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0'
> > PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=''
> > PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1'...
> >
> >
> > I'm wondering if the code shutting down the above 'client' was meant
> > to remove the child's route from the connection?
>
> my recollect is no. To minimze clear traffic leak during mobike attempt.
> However,  new IKE packet(s) must leave. Let me check.
>
> May be there is an easy fix to avoid this assert.
>
> -antony
>


More information about the Swan-dev mailing list