[Swan] klips + ipsec whack --shutdown causes lockup

Paul Wouters paul at nohats.ca
Fri Sep 6 14:46:53 UTC 2019 

ipsec klipsdebug —all


> 
> Testing latest master branch 3d5516b1c.  When trying to restart ipsec services using klips, I get a device lockup and/or reboot. Syslog seems to stop at different places (ssh connection).
> 
> Is there other debugging that would help besides whack --debug all?
> 
> Thanks!
> 
> -Brian
> 
> 
> 1656 tmp]# ipsec barf
> Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Libreswan for the first time; alternatively, your log files have been emptied (ie, logrotate) or we do not understand your logging configuration.
> Unable to find Pluto messages, typically found in /var/log/secure or equivalent. You may need to run Libreswan for the first time; alternatively, your log files have been emptied (ie, logrotate) or we do not understand your logging configuration.
> DA70N-051656
> Fri Sep  6 09:20:15 CDT 2019
> + _________________________ version
> + ipsec --version
> Linux Libreswan 3.master-201936.git (netkey) on 4.9.119


It believes it is running XFRM, not KLIPS


> + _________________________ /proc/version
> + cat /proc/version
> Linux version 4.9.119 (captain at 784c3b036f31) (gcc version 7.4.0 (Ubuntu/Linaro 7.4.0-1ubuntu1~18.04) ) #1 PREEMPT Fri Sep 6 14:00:18 UTC 2019
> + _________________________ /proc/net/ipsec_eroute
> + '[' -r /proc/net/ipsec_eroute ']'
> + _________________________ /proc/net/ipsec_spi
> + '[' -r /proc/net/ipsec_spi ']'
> + _________________________ /proc/net/ipsec_spigrp
> + '[' -r /proc/net/ipsec_spigrp ']'
> + _________________________ /proc/net/ipsec_tncfg
> + '[' -r /proc/net/ipsec_tncfg ']'
> + '[' -r /proc/sys/net/core/xfrm_acq_expires ']'
> + _________________________ ip-xfrm-state
> + ip xfrm state
> + _________________________ ip-xfrm-policy
> + ip xfrm policy
> + _________________________ cat-proc-net-xfrm_stat
> + cat /proc/net/xfrm_stat
> XfrmInError                     0
> XfrmInBufferError               0

You still have XFRM loaded or compiled in?


Paul

More information about the Swan mailing list