on 15/Nov/2006 a las 13:36:20, Jesus Roncero Franco wrote:
> Hi all,
> I have a problem with a production machine that is running out of memory on
> OpenBSD 4.0 (and it happens just the same on another one running OpenBSD
> 3.9). Basically isakmpd memory consumption grows linearly in time until OOM
> enters in actions and kill processes.
Well, Hans-Joerg Hoexer kindly sent me a patch to test on my system and since
applying it, isakmpd does not eat the memory. Just for the record if anyone
searches the mail archives on a similar issue. I guess that, if the bug is
confirmed by the openbsd developers, it will be commited to CVS.
Anyway, I'm trying to figure out what to do with all those packets I am
receiving. They are not much of a problem but I am trying to see if it's a
configuration at our end or theirs. Basically, we are getting DPD packets
(STATUS_DPD_R_U_THERE) every two seconds and those messages contain an
invalid SPI so we send back a notification message. But it seems it is
ignored. We are responding to other DPD messages correctly though. Any hint
on this?
Well, thanks a lot. Part of the packages follows:
16:34:13.348912 192.168.55.1.500 > 192.168.0.1.500: [udp sum ok] isakmp v1.0
exchange INFO
cookie: 5c52a23ab4a9652f->5b08a903eb96c91e msgid: 2ef8fdab len: 84
payload: HASH len: 20
payload: NOTIFICATION len: 32
notification: STATUS_DPD_R_U_THERE seq 1730471878 [ttl 0] (id 1,
len 112)
16:34:13.349363 192.168.0.1.500 > 192.168.55.1.500: [udp sum ok] isakmp v1.0
exchange INFO
cookie: 5c52a23ab4a9652f->5b08a903eb96c91e msgid: 9a848779 len: 60
payload: HASH len: 20
payload: NOTIFICATION len: 12
notification: INVALID SPI [ttl 0] (id 1, len 88)
--
Jeszs Roncero <[EMAIL PROTECTED]>
System Developer
Tel: +44 (0) 845 666 7778
http://www.mxtelecom.com
