[Swan-dev] unstable connection serial numbers

[Andrew Cagney]

I've encountered another race.  Tests such as algparse-02-fips, which
start pluto only to immediately shut it down, can leak:

leak-detective enabled
leak: fork pid, item size: 96
leak detective found 1 leaks, total size 96

because the addconn child process is still running.

On Wed, 7 Oct 2020 at 21:16, Andrew Cagney <andrew.cagney at gmail.com> wrote:
>
> On Wed, 7 Oct 2020 at 19:53, Paul Wouters <paul at nohats.ca> wrote:
> >
> > Run ‘ss’ or netstat and look for the listen without the whack ?
>
> I changed it to 'whack --impair none'.  These all though have the same
> problem - they wait for pluto to be running and not addconn to finish.
>
> >
> > Sent from my iPhone
> >
> > > On Oct 7, 2020, at 17:14, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> > >
> > > The stray 'whack --listen' is coming from  wait-until-pluto-started,
> > > for instance:
> > >
> > > | whack: delete 'clear'
> > > | whack: connection 'clear'
> > > | whack: delete 'clear-or-private'
> > > | whack: connection 'clear-or-private'
> > > | from whack: got --esp=
> > > | whack: delete 'private-or-clear'
> > > | whack: connection 'private-or-clear'
> > > | from whack: got --esp=
> > > | whack: listen <------------- this is from wait-until-pluto-started
> > > | whack: delete 'private'
> > > | whack: connection 'private'
> > > | from whack: got --esp=
> > > | whack: delete 'block'
> > > | whack: connection 'block'
> > > | whack: listen <------ this is from addconn
> > > | whack: route
> > >
> > > which means, in addition to screwing around with addconn, it isn't
> > > waiting for addconn to finish.
> > >
> > > Thoughts on making this more robust?
> > >
> > >> On Tue, 29 Sep 2020 at 21:45, Andrew Cagney <andrew.cagney at gmail.com> wrote:
> > >> I'm trying to understand this diff
> > >> https://testing.libreswan.org/v3.30-1853-gc4b35c42cb-main/newoe-25-cat-2/OUTPUT/road.console.diff
> > >> -000 "block":   newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $9;
> > >> +000 "block":   newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $5;
> > >> Pluto is receiving something like the following from whack:
> > >> - add $1 clear
> > >> - add $2 clear-or-private
> > >> - add $3 private-or-clear
> > >> - add $4 private
> > >> but then it receives either:
> > >> - add $5 block
> > >> - listen -> triggers groups $6-$9
> > >> or:
> > >> - listen-> triggers groups $5-$8
> > >> - add $9 block
> > >> I'm guessing there are two whacks or something?
> > > _______________________________________________
> > > Swan-dev mailing list
> > > Swan-dev at lists.libreswan.org
> > > https://lists.libreswan.org/mailman/listinfo/swan-dev
> >