[strongSwan] The memory of charon process abnormal

Sun, 10 Mar 2013 23:54:38 -0700 

Dear all:
 
I meet two problems with strongswan 4.6.4 in linux      . 
 
The first problem, I establish 70 ipsec tunnels per second with an instrument, 
at first the tunnels were established successfully. But about 3 hours later, 
the instrument send out the IKE INIT packet with nonzero message ID, so that 
the linux not respond the IKE INIT, the ipsec tunnels could not established and 
the memory of charon keep rising until exhaust the memory of linux. The message 
shows me such information:
 
=========================================
 
Mar  1 17:18:47 (none) daemon.info charon: 899[IKE] received message ID 31, 
expected 0. Ignored 
 
Mar  1 17:18:47 (none) daemon.info charon: 134[ENC] parsed IKE_SA_INIT request 
28 [ SA KE No V ] 
 
Mar  1 17:18:47 (none) daemon.info charon: 134[IKE] received message ID 28, 
expected 0. Ignored 
 
Mar  1 17:18:47 (none) daemon.info charon: 965[NET] received packet: from 
10.0.41.39[500] to 10.2.0.5[500] 
 
Mar  1 17:18:47 (none) daemon.info charon: 142[NET] received packet: from 
10.0.24.166[500] to 10.2.0.5[500] 
 
Mar  1 17:18:47 (none) daemon.info charon: 51[NET] received packet: from 
10.0.33.68[500] to 10.2.0.5[500] 
 
Mar  1 17:18:47 (none) daemon.info charon: 978[ENC] parsed IKE_SA_INIT request 
26 [ SA KE No V ] 
 
Mar  1 17:18:47 (none) daemon.info charon: 978[IKE] received message ID 26, 
expected 0. Ignored 
 
Mar  1 17:18:47 (none) daemon.info charon: 14[NET] received packet: from 
10.0.41.25[500] to 10.2.0.5[500] 
 
Mar  1 17:18:47 (none) daemon.info charon: 904[ENC] parsed IKE_SA_INIT request 
477 [ SA KE No V ] 
 
Mar  1 17:18:47 (none) daemon.info charon: 904[IKE] received message ID 477, 
expected 0. Ignored 
 
Mar  1 17:18:47 (none) daemon.info charon: 937[ENC] parsed IKE_SA_INIT request 
61 [ SA KE No V ] 
 
Mar  1 17:18:47 (none) daemon.info charon: 937[IKE] received message ID 61, 
expected 0. Ignored
 
==================================================
 
I want to know why the memory of charon keep rising? How to solve such problem?
 
The second problem, we modify some fields of the IKE INIT and send out to linux 
with instrument. Then strongswan seems abnormal because it couldn??t handle the 
following normal IKE INIT packet. Why such abnormal IKE INIT packet lead to the 
strongswan couldn??t handle the following normal IKE INIT packet?
 
yourth
 
anna
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to