From owner-freebsd-security Tue Jul 16 2:12:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B29237B400 for ; Tue, 16 Jul 2002 02:12:25 -0700 (PDT) Received: from localhost.neotext.ca (h24-70-64-200.ed.shawcable.net [24.70.64.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D87643E6D for ; Tue, 16 Jul 2002 02:12:24 -0700 (PDT) (envelope-from campbell@babayaga.neotext.ca) Received: from babayaga.neotext.ca (localhost.neotext.ca [127.0.0.1]) by localhost.neotext.ca (8.11.6/8.11.0) with ESMTP id g6G9COa21344; Tue, 16 Jul 2002 03:12:24 -0600 (MDT) (envelope-from campbell@babayaga.neotext.ca) From: "Duncan Patton a Campbell is Dhu" To: Shoichi Sakane , campbell@neotext.ca Cc: security@FreeBSD.ORG Subject: Re: racoon/FreeBSD 4.5 problems & observations Date: Tue, 16 Jul 2002 03:12:24 -0600 Message-Id: <20020716091224.M29164@babayaga.neotext.ca> In-Reply-To: <20020715164425B.sakane@kame.net> References: <200207100943.g6A9hcA01547@localhost.neotext.ca> <20020715164425B.sakane@kame.net> X-Mailer: Open WebMail 1.70 20020712 X-OriginatingIP: 127.0.0.1 (campbell) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > > Then I upgraded (several months or so ago) ww0 to run 4.5. On doing this > > I first found my /var/log/racoon.log would bloat and overrun the > > filesystem (the 110% useage syndrome). So I then linked /var/log/racoon.log > > to /dev/null and ran like that. No good. The racoon task would bloat > > by 4k per packet transmitted across the VPN to the 4.5 node and would > > quickly reach 2, 3 or 4 hundred megabytes in memory useage. Didn't matter > > whether I was setting up for tunnel or transport. And it didn't matter > > which version of the racoon task I was using: binaries from 4.3 behaved > > as badly on the 4.5 system as did the latest release. Same with binaries > > I compiled on both systems. > > there is no difference of racoon between 4.5 and 4.3. > what kind of message did you find in the racoon.log ? > > i think these messages relatived to routing informations. > racoon watches the routing socket in order to get addresses which > are assigned to interfaces. when racoon gets either RTM_NEWADDR, > RTM_DELADDR, RTM_DELETE or RTM_IFINFO, racoon will re-start to get > address list. > if your routing table changes frequently, racoon dumps plenty of > messages into the racoon.log. > > to prevent this, you should define addresses to have racoon listened > by using the listen directive. This makes sense: my system has several interfaces, and racoon seemed to be flipping amongst them. Here's a sample from the last log: 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): fe80::201:2ff:fe24:8791%xl0[500] used as isakmp port (fd=12) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=6) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): fe80::1%lo0[500] used as isakmp port (fd=7) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): ::1[500] used as isakmp port (fd=8) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): fe80::201:2ff:fe24:864f%xl1[500] used as isakmp port (fd=9) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): 204.92.68.1[500] used as isakmp port (fd=10) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): 24.70.64.200[500] used as isakmp port (fd=11) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): fe80::201:2ff:fe24:8791%xl0[500] used as isakmp port (fd=12) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): 127.0.0.1[500] used as isakmp port (fd=6) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): fe80::1%lo0[500] used as isakmp port (fd=7) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): ::1[500] used as isakmp port (fd=8) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): fe80::201:2ff:fe24:864f%xl1[500] used as isakmp port (fd=9) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): 204.92.68.1[500] used as isakmp port (fd=10) 2002-06-19 04:01:23: INFO: isakmp.c:1379:isakmp_open(): 24.70.64.200[500] used as isakmp port (fd=11) Thanks, Duncan Patton a Campbell is Duibh ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message