Re: [Swan-dev] pluto: Fix nat_traversal assertion failure in main_inI1_outR1

Mon, 11 May 2015 20:45:07 -0700 

On Mon, May 11, 2015 at 12:19:56PM -0400, Paul Wouters wrote:
>
> which side did not support NAT-T? I assume netkey was used with
> libreswan. Was the kernel >= 2.6.22 ? I'll do a test with openswan
> with nat_traversal=no (libreswan no longer supports 'no' and only
> disables nat-t when the kernel does not support it)

Both sides support NAT-T.  Weird, I also can't see how this can
crash but it really did, multiple times, and stopped after the
patch:

pluto[7485]: packet from 116.233.49.207:500: ignoring Vendor ID payload 
[Openswan(project)]
pluto[7485]: packet from 116.233.49.207:500: received Vendor ID payload [Dead 
Peer Detection]
pluto[7485]: packet from 116.233.49.207:500: received Vendor ID payload [RFC 
3947]
pluto[7485]: packet from 116.233.49.207:500: ignoring Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-03]
pluto[7485]: packet from 116.233.49.207:500: ignoring Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02_n]
pluto[7485]: packet from 116.233.49.207:500: ignoring Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-02]
pluto[7485]: packet from 116.233.49.207:500: ignoring Vendor ID payload 
[draft-ietf-ipsec-nat-t-ike-00]
pluto[7485]: "ithilien"[1] 116.233.49.207 #1: enabling possible NAT-traversal 
with method RFC 3947 (NAT-Traversal)
pluto[7485]: "ithilien"[1] 116.233.49.207 #1: responding to Main Mode from 
unknown peer 116.233.49.207
pluto[7485]: "ithilien"[1] 116.233.49.207 #1: ASSERTION FAILED at 
/home/gondost/herbert/src/git/libreswan-work/programs/pluto/ikev1_main.c:881: 
numvidtosend == 0
pluto[7485]: "ithilien"[1] 116.233.49.207 #1: ABORT at 
/home/gondost/herbert/src/git/libreswan-work/programs/pluto/ikev1_main.c:881
pluto[7485]: "ithilien"[1] 116.233.49.207 #1: ABORT at 
/home/gondost/herbert/src/git/libreswan-work/programs/pluto/ikev1_main.c:881
ipsec__plutorun: !pluto failure!:  exited with error status 134 (signal 6)

Cheers,
-- 
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev

Reply via email to