Re: [strongSwan] strongswan 5.8.3 core dump
Hi Marco, >> I pushed a fix to master [1]. I guess we'll be releasing 5.8.4 soon. > > I have applied your fix and after 5 hours, everything is in good shape. > Thanks a lot Tobias for the quick response and fix. Thanks for testing and sorry for the inconvenience. Regards, Tobias
Re: [strongSwan] strongswan 5.8.3 core dump
Hello Tobias, > I pushed a fix to master [1]. I guess we'll be releasing 5.8.4 soon. I have applied your fix and after 5 hours, everything is in good shape. Thanks a lot Tobias for the quick response and fix. Cheers, Marco PS: Here is the log: [CFG] found matching child config "apsil-10.221.128.183" with prio 6 [CFG] selecting traffic selectors for other: [CFG] config: 10.221.128.183/32, received: 10.221.0.0/16 => match: 10.221.128.183/32 [CFG] selecting traffic selectors for us: [CFG] config: 10.240.123.0/26, received: 10.240.123.0/26 => match: 10.240.123.0/26 [CFG] selecting proposal: [CFG]no acceptable DIFFIE_HELLMAN_GROUP found [CFG] selecting proposal: [CFG]no acceptable ENCRYPTION_ALGORITHM found [CFG] received proposals: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ [CFG] configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ [IKE] no matching proposal found, sending NO_PROPOSAL_CHOSEN [IKE] queueing INFORMATIONAL task [IKE] delaying task initiation, QUICK_MODE exchange in progress
Re: [strongSwan] strongswan 5.8.3 core dump
Hi Marco, > Here is the charon.log: I hope it will be useful for you. Thanks for the update. This is a bug introduced with the changes that attempt to keep the proposal selection for IKEv1 more consistent (returning the lifetimes of the actually selected transform and the correct proposal and transform IDs). Determining the correct lifetimes now depends on the selected proposal/transform. Unfortunately, there was one location in the code (as Quick Mode responder) where the proposal might not be defined when the lifetimes are determined. This caused the crash here as no matching proposal was selected: > [CFG] selecting proposal: > [CFG]no acceptable DIFFIE_HELLMAN_GROUP found > [CFG] selecting proposal: > [CFG]no acceptable ENCRYPTION_ALGORITHM found > [CFG] received proposals: > ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ > [CFG] configured proposals: > ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, > ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ I pushed a fix to master [1]. I guess we'll be releasing 5.8.4 soon. Regards, Tobias [1] https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=cb26c554
Re: [strongSwan] strongswan 5.8.3 core dump
Hello Tobias, Here is the charon.log: I hope it will be useful for you. [CFG] found matching child config "apsil-10.221.128.183" with prio 6 [CFG] selecting traffic selectors for other: [CFG] config: 10.221.128.183/32, received: 10.221.0.0/16 => match: 10.221.128.183/32 [CFG] selecting traffic selectors for us: [CFG] config: 10.240.123.0/26, received: 10.240.123.0/26 => match: 10.240.123.0/26 [CFG] selecting proposal: [CFG]no acceptable DIFFIE_HELLMAN_GROUP found [CFG] selecting proposal: [CFG]no acceptable ENCRYPTION_ALGORITHM found [CFG] received proposals: ESP:3DES_CBC/HMAC_SHA1_96/NO_EXT_SEQ [CFG] configured proposals: ESP:3DES_CBC/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ, ESP:AES_CBC_128/AES_CBC_192/AES_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/HMAC_SHA1_96/AES_XCBC_96/NO_EXT_SEQ [DMN] thread 15 received 11 [LIB] dumping 11 stack frame addresses: [LIB]/lib64/libpthread.so.0 @ 0x7f100083d000 [0x7f100084e3b0] [LIB] -> ??:? [LIB]/usr/local/lib/ipsec/libcharon.so.0 @ 0x7f1000d63000 [0x7f1000d86603] [LIB] -> /tmp/STRONGSWAN/strongswan-5.8.3/src/libcharon/encoding/payloads/sa_payload.c:411 [LIB]/usr/local/lib/ipsec/libcharon.so.0 @ 0x7f1000d63000 [0x7f1000dc6ab7] [LIB] -> /tmp/STRONGSWAN/strongswan-5.8.3/src/libcharon/sa/ikev1/tasks/quick_mode.c:748 [LIB]/usr/local/lib/ipsec/libcharon.so.0 @ 0x7f1000d63000 [0x7f1000dc8d1c] [LIB] -> /tmp/STRONGSWAN/strongswan-5.8.3/src/libcharon/sa/ikev1/tasks/quick_mode.c:1153 [LIB]/usr/local/lib/ipsec/libcharon.so.0 @ 0x7f1000d63000 [0x7f1000dbc70d] [LIB] -> /tmp/STRONGSWAN/strongswan-5.8.3/src/libcharon/sa/ikev1/task_manager_v1.c:1081 [LIB]/usr/local/lib/ipsec/libcharon.so.0 @ 0x7f1000d63000 [0x7f1000d94a77] [LIB] -> /tmp/STRONGSWAN/strongswan-5.8.3/src/libcharon/sa/ike_sa.c:1587 [LIB]/usr/local/lib/ipsec/libcharon.so.0 @ 0x7f1000d63000 [0x7f1000d8c111] [LIB] -> /tmp/STRONGSWAN/strongswan-5.8.3/src/libcharon/processing/jobs/process_message_job.c:74 [LIB]/usr/local/lib/ipsec/libstrongswan.so.0 @ 0x7f1000ff5000 [0x7f100102cb83] [LIB] -> /tmp/STRONGSWAN/strongswan-5.8.3/src/libstrongswan/processing/processor.c:235 [LIB]/usr/local/lib/ipsec/libstrongswan.so.0 @ 0x7f1000ff5000 [0x7f100103e4b7] [LIB] -> /tmp/STRONGSWAN/strongswan-5.8.3/src/libstrongswan/threading/thread.c:332 (discriminator 3) [LIB]/lib64/libpthread.so.0 @ 0x7f100083d000 [0x7f1000844684] [LIB] -> ??:? [LIB]/lib64/libc.so.6 @ 0x7f100027 (clone+0x6d) [0x7f1000376eed] [LIB] -> ??:? [DMN] killing ourself, received critical signal From: Tobias Brunner Sent: Wednesday, March 25, 2020 3:07 PM To: Marco Berizzi ; users@lists.strongswan.org Subject: Re: [strongSwan] strongswan 5.8.3 core dump Hi Marco, > What should I do to debug it? First, not stripping symbols/debug information from binaries probably would help. Then you might already see what the problem is. Otherwise try attaching a debugger or use one to analyze the core dump (if one is created). Regards, Tobias
Re: [strongSwan] strongswan 5.8.3 core dump
Hi, Also make sure you're not mixing libraries of different versions. Kind regards Noel Am 25.03.20 um 15:07 schrieb Tobias Brunner: > Hi Marco, > >> What should I do to debug it? > > First, not stripping symbols/debug information from binaries probably > would help. Then you might already see what the problem is. Otherwise > try attaching a debugger or use one to analyze the core dump (if one is > created). > > Regards, > Tobias > signature.asc Description: OpenPGP digital signature
Re: [strongSwan] strongswan 5.8.3 core dump
Thanks Tobias, I have run again 'make install', without stripping anymore the symbols. I'm waiting the crash. Thanks again. From: Tobias Brunner Sent: Wednesday, March 25, 2020 3:07 PM To: Marco Berizzi ; users@lists.strongswan.org Subject: Re: [strongSwan] strongswan 5.8.3 core dump Hi Marco, > What should I do to debug it? First, not stripping symbols/debug information from binaries probably would help. Then you might already see what the problem is. Otherwise try attaching a debugger or use one to analyze the core dump (if one is created). Regards, Tobias
Re: [strongSwan] strongswan 5.8.3 core dump
Hi Marco, > What should I do to debug it? First, not stripping symbols/debug information from binaries probably would help. Then you might already see what the problem is. Otherwise try attaching a debugger or use one to analyze the core dump (if one is created). Regards, Tobias