Date: Wed, 7 Dec 2005 15:56:44 +0100 From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> To: freebsd-security@freebsd.org Subject: Re: racoon with freebsd-4.11 crashes Message-ID: <20051207145644.GA18279@zen.inc> In-Reply-To: <20051207142148.84069.qmail@web8512.mail.in.yahoo.com> References: <20051207142148.84069.qmail@web8512.mail.in.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Dec 07, 2005 at 02:21:48PM +0000, priya yelgar wrote: > Hi Hi. > Running racoon on a Freebsd-4.11 machine gives a > kernel panic. > I am using the racoon from ports directory which comes > with the freebsd installation. It may not change lots of things for this kernel crash, but do you use port security/racoon (obsolete) or security/ipsec-tools ? > Steps followed are as shown below: > > racoon -f /usr/local/etc/racoon/raccon.conf > setkey -f ipsec.conf > > ping -c 1 <ip_of_the_other_gw> It would be really interesting if we could also have your ipsec.conf file. > The ping will lead into a crash. > The crash dump looks like for th ping packet it is > going to apply a SA. > It is going in "key_checkrequest" in key.c file and > crashing there. > > As I know "key_checkrequest" is used to apply a > exsiting SA to a outgoing packet. Not exactly. It searches for an existing SA for the packet, and sends an ACQUIRE message to the IKE daemon if needed. > But in case of racoon the first ping packet is used > for negotiation with other gateway to establish the > SA. > > I am not understading as to why it is going in > key_checkrequest ans crashing. There are 3 panic() in this function, could you give us the panic message ? Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051207145644.GA18279>