From owner-freebsd-security@FreeBSD.ORG Wed Dec 7 14:57:18 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AAB016A423 for ; Wed, 7 Dec 2005 14:57:18 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from smtp3.mail.easynet.fr (smarthost169.mail.easynet.fr [212.180.1.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 648AD43D58 for ; Wed, 7 Dec 2005 14:56:57 +0000 (GMT) (envelope-from vanhu@zeninc.net) Received: from easyconnect2121135-233.clients.easynet.fr ([212.11.35.233] helo=smtp.zeninc.net) by smtp3.mail.easynet.fr with esmtp (Exim 4.50) id 1Ek0j3-0005mc-J6 for freebsd-security@freebsd.org; Wed, 07 Dec 2005 15:56:57 +0100 Received: by smtp.zeninc.net (smtpd, from userid 1000) id BD6B63F17; Wed, 7 Dec 2005 15:56:44 +0100 (CET) Date: Wed, 7 Dec 2005 15:56:44 +0100 From: VANHULLEBUS Yvan To: freebsd-security@freebsd.org Message-ID: <20051207145644.GA18279@zen.inc> References: <20051207142148.84069.qmail@web8512.mail.in.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051207142148.84069.qmail@web8512.mail.in.yahoo.com> User-Agent: All mail clients suck. This one just sucks less. Subject: Re: racoon with freebsd-4.11 crashes X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Dec 2005 14:57:18 -0000 On Wed, Dec 07, 2005 at 02:21:48PM +0000, priya yelgar wrote: > Hi Hi. > Running racoon on a Freebsd-4.11 machine gives a > kernel panic. > I am using the racoon from ports directory which comes > with the freebsd installation. It may not change lots of things for this kernel crash, but do you use port security/racoon (obsolete) or security/ipsec-tools ? > Steps followed are as shown below: > > racoon -f /usr/local/etc/racoon/raccon.conf > setkey -f ipsec.conf > > ping -c 1 It would be really interesting if we could also have your ipsec.conf file. > The ping will lead into a crash. > The crash dump looks like for th ping packet it is > going to apply a SA. > It is going in "key_checkrequest" in key.c file and > crashing there. > > As I know "key_checkrequest" is used to apply a > exsiting SA to a outgoing packet. Not exactly. It searches for an existing SA for the packet, and sends an ACQUIRE message to the IKE daemon if needed. > But in case of racoon the first ping packet is used > for negotiation with other gateway to establish the > SA. > > I am not understading as to why it is going in > key_checkrequest ans crashing. There are 3 panic() in this function, could you give us the panic message ? Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com