From: "Martin J. Bligh" <mbligh@aracnet.com>
To: linux-kernel <linux-kernel@vger.kernel.org>
Cc: jsanchez@cs.ucf.edu
Subject: [Bug 1030] New: racoon causes oops when implementing IPSec key
Date: Sat, 02 Aug 2003 07:19:32 -0700 [thread overview]
Message-ID: <89550000.1059833972@[10.10.2.4]> (raw)
http://bugme.osdl.org/show_bug.cgi?id=1030
Summary: racoon causes oops when implementing IPSec key
Kernel Version: 2.6.0-test1
Status: NEW
Severity: normal
Owner: acme@conectiva.com.br
Submitter: jsanchez@cs.ucf.edu
Distribution: SuSE and LFS
Hardware Environment: e100 cards
Software Environment: ipsec-tools 0.2.2
Problem Description:
I setkey with a policy to use esp and ah on each box. I start racoon on each box. I punch up a web
page on one from the other. Insta-oops x 2.
Unable to handle kernel NULL pointer dereference at virtual address 00000000
printing eip:
c02bbd06
*pde = 00000000
Oops: 0000 [#1]
CPU: 0
EIP: 0060:[<c02bbd06>] Not tainted
EFLAGS: 00010206
EIP is at memcpy+0x1e/0x39
eax: 00000018 ebx: f6fe8a00 ecx: 00000006 edx: 00000000
esi: 00000000 edi: 00000000 ebp: c0562520 esp: f6fb5ccc
ds: 007b es: 007b ss:0068
Process racoon (pid: 418, threadinfo=f6fb4000 task=f6fbb300)
Stack:
Call Trace:
xfrm_state_update
pfkey_add
parse_exthdrs
pfkey_process
pfkey_sendmsg
sock_sendmsg
verify_iovec
sys_sendmsg
sockfd_lookup
sys_sendto
sys_getsockname
__pollwait
update_process
sys_send
sys_socketcall
syscall_call
Code: f3 a5 a8 02 74 02 66 a5 a8 01 74 01 a4 89 d0 8b 74 24 02 8b
<0>Kernel panic: Fatal exception in interrupt
In interrupt handler = not syncing
For some of the other numbers that didn't get copied, check 67.9.9.32/oops.jpg. Email me if its
dead, which it will be after 20 august.
Steps to reproduce:
> From each box:
# !setkey -f
flush;
spdflush;
spdadd $this_box $other_box any -P out ipsec esp/transport//use ah/transport//use;
spdadd $other_box $this_box any -P in ipsec esp/transport//use ah/transport//use;
Set up racoon (the default config would probably work, here is the gist of mine)
remote anonymous
{
exchange_mode main;
my_identifier address;
peers_identifier address;
lifetime time 1 min; # sec,min,hour
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2;
}
}
sainfo anonymous
{
lifetime time 20 min;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}
Start racoon on each box.
Open a new connection to cause a key exchange.
Hit the reset button on each box.
reply other threads:[~2003-08-02 14:19 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='89550000.1059833972@[10.10.2.4]' \
--to=mbligh@aracnet.com \
--cc=jsanchez@cs.ucf.edu \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).