Date: Tue, 16 Jul 2002 03:12:24 -0600 From: "Duncan Patton a Campbell is Dhu" <campbell@neotext.ca> To: Shoichi Sakane <sakane@kame.net>, campbell@neotext.ca Cc: security@FreeBSD.ORG Subject: Re: racoon/FreeBSD 4.5 problems & observations Message-ID: <20020716091224.M29164@babayaga.neotext.ca> In-Reply-To: <20020715164425B.sakane@kame.net> References: <200207100943.g6A9hcA01547@localhost.neotext.ca> <20020715164425B.sakane@kame.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Then I upgraded (several months or so ago) ww0 to run 4.5. On doing this > > I first found my /var/log/racoon.log would bloat and overrun the > > filesystem (the 110% useage syndrome). So I then linked /var/log/racoon.log > > to /dev/null and ran like that. No good. The racoon task would bloat > > by 4k per packet transmitted across the VPN to the 4.5 node and would > > quickly reach 2, 3 or 4 hundred megabytes in memory useage. Didn't matter > > whether I was setting up for tunnel or transport. And it didn't matter > > which version of the racoon task I was using: binaries from 4.3 behaved > > as badly on the 4.5 system as did the latest release. Same with binaries > > I compiled on both systems. > > there is no difference of racoon between 4.5 and 4.3. > what kind of message did you find in the racoon.log ? > > i think these messages relatived to routing informations. > racoon watches the routing socket in order to get addresses which > are assigned to interfaces. when racoon gets either RTM_NEWADDR, > RTM_DELADDR, RTM_DELETE or RTM_IFINFO, racoon will re-start to get > address list. > if your routing table changes frequently, racoon dumps plenty of > messages into the racoon.log. > > to prevent this, you should define addresses to have racoon listened > by using the listen directive. This makes sense: my system has several interfaces, and racoon seemed to be flipping amongst them. Here's a sample from the last log: 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): fe80::201:2ff:fe24:8791%xl0[500] used as isakmp port (fd=12) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=6) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): fe80::1%lo0[500] used as isakmp port (fd=7) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): ::1[500] used as isakmp port (fd=8) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): fe80::201:2ff:fe24:864f%xl1[500] used as isakmp port (fd=9) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): 204.92.68.1[500] used as isakmp port (fd=10) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): 24.70.64.200[500] used as isakmp port (fd=11) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): fe80::201:2ff:fe24:8791%xl0[500] used as isakmp port (fd=12) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=6) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): fe80::1%lo0[500] used as isakmp port (fd=7) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): ::1[500] used as isakmp port (fd=8) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): fe80::201:2ff:fe24:864f%xl1[500] used as isakmp port (fd=9) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): 204.92.68.1[500] used as isakmp port (fd=10) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): 24.70.64.200[500] used as isakmp port (fd=11) Thanks, Duncan Patton a Campbell is Duibh ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020716091224.M29164>