[Swan-dev] ikev2-mobike-03: road.pluto.log: ABORT: ASSERTION FAILED: sr->eroute_owner == SOS_NOBODY (in delete_states_by_connection() at state.c:1382)

Andrew Cagney andrew.cagney at gmail.com
Tue Oct 29 21:08:32 UTC 2019


Toumo and I brainstormed this a bit as Toumo was seeing it on his laptop.

During shutdown, while it is trying to delete everything, it panics in
delete_states_by_connection() where:

-- it deletes all states associated with a connection (the log shows
it deleting both the child and parent):

       foreach_state_by_connection_func_delete(c,
                relations ? same_phase1_sa_relations : same_phase1_sa);

-- checks that, with the states all gone, there's no lingering route:

        const struct spd_route *sr;
        for (sr = &c->spd; sr != NULL; sr = sr->spd_next) {
                passert(sr->eroute_owner == SOS_NOBODY);
                passert(sr->routing != RT_ROUTED_TUNNEL);
        }

except there is - hooking up a debugger shows sr->eroute_owner ==
CHILD_SA so for some reason deleting the child didn't delete the route
...

Looking back through the logs, the interesting thing seems to be:

| XFRM RTM_DELADDR 192.1.33.222 IFA_LOCAL
| FOR_EACH_STATE_... in record_deladdr (for_each_state)
| start processing: state #2 connection "road-eastnet"[1] 192.1.2.23
from 192.1.2.23:500 (in for_each_state() at state.c:1570)
| stop processing: state #2 connection "road-eastnet"[1] 192.1.2.23
from 192.1.2.23:500 (in for_each_state() at state.c:1572)
| start processing: state #1 connection "road-eastnet"[1] 192.1.2.23
from 192.1.2.23:500 (in for_each_state() at state.c:1570)
| FOR_EACH_CONNECTION_... in route_owner
|  conn road-eastnet mark 0/00000000, 0/00000000 vs
|  conn road-eastnet mark 0/00000000, 0/00000000
|  conn road-eastnet mark 0/00000000, 0/00000000 vs
|  conn road-eastnet mark 0/00000000, 0/00000000
| route owner of "road-eastnet"[1] 192.1.2.23 unrouted: NULL
| running updown command "ipsec _updown" for verb down
| command executing down-client
| executing down-client: PLUTO_VERB='down-client' PLUTO_VERSION='2.0'
PLUTO_CONNECTION='road-eastnet' PLUTO_INTERFACE='eth0'
PLUTO_NEXT_HOP='192.1.33.254' PLUTO_ME='192.1.33.222'
PLUTO_MY_ID='192.1.3.209' PLUTO_MY_CLIENT='192.0.3.10/32'
PLUTO_MY_CLIENT_NET='192.0.3.10'
PLUTO_MY_CLIENT_MASK='255.255.255.255' PLUTO_MY_PORT='0'
PLUTO_MY_PROTOCOL='0' PLUTO_SA_REQID='16392' PLUTO_SA_TYPE='ESP'
PLUTO_PEER='192.1.2.23' PLUTO_PEER_ID='192.1.2.23'
PLUTO_PEER_CLIENT='192.0.2.0/24' PLUTO_PEER_CLIENT_NET='192.0.2.0'
PLUTO_PEER_CLIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA='' PLUTO_STACK='netkey'
PLUTO_ADDTIME='1571944637'
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV2_ALLOW+IKEV2_ALLOW_NARROWING+SAREF_TRACK+IKE_FRAG_ALLOW+MOBIKE+ESN_NO'
PLUTO_CONN_KIND='CK_INSTANCE' PLUTO_CONN_ADDRFAMILY='ipv4'
XAUTH_FAILED=0 PLUTO_MY_SOURCEIP='192.0.3.10' PLUTO_IS_PEER_CISCO='0'
PLUTO_PEER_DNS_INFO='' PLUTO_PEER_DOMAIN_INFO='' PLUTO_PEER_BANNER=''
PLUTO_CFG_SERVER='0' PLUTO_CFG_CLIENT='1'...


I'm wondering if the code shutting down the above 'client' was meant
to remove the child's route from the connection?

Andrew


More information about the Swan-dev mailing list