Hi,
As a matter of clarification, I set ulimit as unlimited for core files on host
where Charon daemon runs. I find, the charon crashes when i try to run in 10k
IPsec tunnels using openssl's ECDH. Here goes the stack trace.
Program terminated with signal 6, Aborted.
#0 0x000000555abfbda0 in raise () from /lib64/libc.so.6
(gdb) bt
#0 0x000000555abfbda0 in raise () from /lib64/libc.so.6
#1 0x000000555ac0069c in abort () from /lib64/libc.so.6
#2 0x000000555abf3388 in __assert_fail () from /lib64/libc.so.6
#3 0x000000555af03b94 in ssleay_rand_add ()
from /usr/lib64/plugins/libstrongswan-openssl.so
#4 0x000000555aea1068 in RAND_add ()
from /usr/lib64/plugins/libstrongswan-openssl.so
#5 0x000000555aef0760 in bnrand ()
from /usr/lib64/plugins/libstrongswan-openssl.so
#6 0x000000555aef0a40 in BN_rand ()
from /usr/lib64/plugins/libstrongswan-openssl.so
#7 0x000000555aef0570 in bn_rand_range ()
from /usr/lib64/plugins/libstrongswan-openssl.so
#8 0x000000555aef0664 in BN_rand_range ()
from /usr/lib64/plugins/libstrongswan-openssl.so
#9 0x000000555ae8f314 in EC_KEY_generate_key ()
from /usr/lib64/plugins/libstrongswan-openssl.so
#10 0x000000555ae73618 in openssl_ec_diffie_hellman_create ()
from /usr/lib64/plugins/libstrongswan-openssl.so
#11 0x000000555a809b18 in create_dh () from /usr/lib64/libstrongswan.so.0
#12 0x000000555a8c1ae4 in build_i () from /usr/lib64/libcharon.so.0
#13 0x000000555a8b28c4 in initiate () from /usr/lib64/libcharon.so.0
#14 0x000000555a888420 in initiate_execute () from /usr/lib64/libcharon.so.0
---Type <return> to continue, or q <return> to quit---
#15 0x000000555a888bfc in initiate () from /usr/lib64/libcharon.so.0
#16 0x000000555aff6fb0 in do_load_test ()
from /usr/lib64/plugins/libstrongswan-load-tester.so
#17 0x000000555a81e11c in execute () from /usr/lib64/libstrongswan.so.0
#18 0x000000555a81eef4 in process_jobs () from /usr/lib64/libstrongswan.so.0
#19 0x000000555a822d60 in thread_main () from /usr/lib64/libstrongswan.so.0
#20 0x000000555a7b8698 in ?? () from /lib64/libpthread.so.0
warning: GDB can't find the start of the function at 0x555a7b8697.
GDB is unable to find the start of the function at 0x555a7b8697
and thus can't determine the size of that function's stack frame.
This means that GDB may be unable to access that stack frame, or
the frames below it.
This problem is most likely caused by an invalid program counter or
stack pointer.
However, if you think GDB should simply search farther back
from 0x555a7b8697 for code which looks like the beginning of a
function, you can increase the range of the search using the `set
heuristic-fence-post' command.
(gdb)
Can anyone pls clarify whether it is a bug or I have missed something?
Regards,
Chinmaya
On Thursday, January 30, 2014 2:29 PM, Chinmaya Dwibedy <[email protected]>
wrote:
Hi ,
To use ECDH I did the followings for Multi-Core MIPS64 processor
target
1. Cross-compiled OpenSSL 1.0.0 with ECDH support.
2. Cross-compiled strongswan (5.0.4) with
–enable-openssl,--enable-load-tester & --disable-gmp plugins.
Notes:
1. The openssl-1.0.0 with the default option generate
static lib. The strongswan uses the static openssl and crypto lib.
2. I am using the load tester plugin (strongswan
5.0.4) to create thousands of IPsec tunnels.
I installed both the packages in Wind River Linux. I configured
the following IPsec transform sets as follows
1. In conn %default section of Ipsec.conf (IKE
Responder)
ike=aes128-sha1-ecp192!
1. In load-tester section of strongswan.conf (IKE
Initiator)
proposal = aes128-sha1-ecp192
Surprisingly I find, with ECP_192, the tunnel setup rate is
very slow i.e., 3 tunnels per second. However with MODP_768 (using gmp
library), the tunnel setup rate is to be 125-130 tunnels per second. The ECDH
is supposed to be significantly faster than MODP.
Can anyone please help one this or suggest me if I might have
missed anything. Thanking you in advance for your support and help.
Regards,
Chinmaya
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
