From owner-freebsd-security  Mon Jul 15 15:28:12 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B5EA837B400
	for <freebsd-security@freebsd.org>; Mon, 15 Jul 2002 15:28:08 -0700 (PDT)
Received: from carbon.berkeley.netdot.net (carbon.berkeley.netdot.net [216.27.190.205])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 80AB843E4A
	for <freebsd-security@freebsd.org>; Mon, 15 Jul 2002 15:28:08 -0700 (PDT)
	(envelope-from nick@carbon.berkeley.netdot.net)
Received: by carbon.berkeley.netdot.net (Postfix, from userid 101)
	id 509DBF83A; Mon, 15 Jul 2002 15:28:08 -0700 (PDT)
Date: Mon, 15 Jul 2002 15:28:08 -0700
From: Nicholas Esborn <nick@netdot.net>
To: freebsd-security@freebsd.org
Subject: Racoon problems with 4.6-STABLE
Message-ID: <20020715222808.GE14733@netdot.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hello,

I'm having problems with racoon since upgrading from 4.5-S to 4.6-S.

I had to kill routed, it was causing the routing table to be updated many
times per second and flooding my racoon logs.  This behavior seems to be
new after the upgrade.

A worse problem, however, is that racoon doesn't seem to add all the SAD
entries it negotiates to the kernel.  The result is messages like:

Jul 15 15:22:23 port /kernel: IPv4 AH input: no key association found for spi 207489362
Jul 15 15:22:35 port /kernel: IPv4 AH input: no key association found for spi 129435238
Jul 15 15:22:36 port /kernel: IPv4 AH input: no key association found for spi 129435238

These associations should have been added by racoon.

Is anyone willing to lend a hand?  I could use some suggestions as to where
to look/what data to capture to find the problem.

Thanks!

-nick

-- 
Nicholas Esborn
Unix Systems Administrator
nick@netdot.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message