Am 05.10.2017 um 15:01 schrieb Antony Antony:
Hi Wolfgang,
I tried to reproduce your issue and no luck yet.
Did you try ipsec stop?
yes. it crashed immediatly after a connection was established, because
of the missing reference or extra unreference addresspool call after
freeing the addresspool.
Oct 5 11:33:26 d1 pluto[22722]: | unreference addresspool of conn
xauth_0-client_sn-sn_192.168.11.0/24-0.0.0.0/0[1] kind CK_GOING_AWAY
used 1 0x770c543040 po
ol_refcount 1
Oct 5 11:33:26 d1 pluto[22722]: | freeing memory for addresspool ptr
0x770c543040
Oct 5 11:33:26 d1 pluto[22722]: | processing connection
"xauth_0-client_sn-sn_192.168.11.0/24-0.0.0.0/0"
Oct 5 11:33:26 d1 pluto[22722]:
"xauth_0-client_sn-sn_192.168.11.0/24-0.0.0.0/0": deleting non-instance
connection
Oct 5 11:33:26 d1 pluto[22722]: | unreference addresspool of conn
xauth_0-client_sn-sn_192.168.11.0/24-0.0.0.0/0[2] kind CK_TEMPLATE used
206934544 0x770c543040 pool_refcount 206926464
On Thu, Oct 05, 2017 at 09:45:02AM +0200, Wolfgang Nothdurft wrote:
Am 02.10.2017 um 13:58 schrieb Antony Antony:
Hi Paul
A quick test after the commit bd3a5f01 show a crash in test xauth-pluto-16
pointing to addresspool.c. The crash happens with ipsec stop
I couldn't repoduce lsw#299 yet. Did you manage to reproduce before
bd3a5f0
patch?
There seems a general problem with the reference code in addresspool, which
comes up with the latest changes.
I can reproduce the problems very easy with two xauth clients connecting to
the same connection.
I could not use your exact config in libreswan testing enviroment yet. May
be there is another issue with authby=secret and right=%any. Server seems to
be looking for secret "%any".
Anyway I tried with X509 and main mode + xauth and two clients, a very
similar setup with bd3a5f01e7 reverted. No issues.
So I can 't reproduce the issue you report in lsw#299.
[root@east xauth-pluto-23]# ipsec whack --trafficstatus
006 #2: "east-any"[1] 192.1.3.209, username=road, type=ESP,
add_time=1507206015, inBytes=336, outBytes=252, lease=192.0.2.100/32
006 #4: "east-any"[2] 192.1.3.33, username=north, type=ESP,
add_time=1507206030, inBytes=0, outBytes=0, lease=192.0.2.101/32
I also remember there is a v2 test with addresspool and two clients. And
there no crash without bd3a5f01e7
committed!
-antony
PS: one possibility is with authby=secret addresspool behave different. IDs
are different. If that is the case bd3a5f01e7 is not likely the fix.
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev