[strongSwan-dev] [PATCH 0/2] Add reference counting to child_sa

Thomas Egerer thomas.egerer at secunet.com
Fri May 14 17:28:28 CEST 2010 

Hello Martin, *,

I stumbled across a segfault that occured in one of  my stress tests
with charon. The test pumps data from one red network to another and
uses data base rekeying (soft limit is 90Mb, hard limit 100Mb). Since
the vpn-gateways are connected via gigabit-network child rekeying takes
place every two seconds or so.
Now I've seen it happening (only twice so far and not reliably
reproducable) that charon crashes in child_rekey.c:303. The syslog of
box and xob (where box is the one crashing) illustrates what happens.
While box creates the rekey_job and executes it xob does the same. When
xob detects the rekey collision and deletes the redundant child the
problem is with box which processes the delete request from xob and
destroys the child_sa still referenced in the rekey_job. Whenn box now
tries to access the child_sa it crashes.
I've prepared a quickly hacked patch that extends child_sa with a
get_ref function and increases this refcount in ike_sa->get_child_sa.
I'm not sure about any unwanted side effects, or if this is a very good
solution. Please take a look and let me know

Thomas

May 13 04:09:01 box /charon: [IKE:13] CHILD_SA 92068177{30702}
established with SPIs cbad64dc_i c0cdc881_o and TS 192.168.2.0/24 ===
192.168.1.0/24


May 13 04:09:03 box /charon: [KNL:03] creating rekey job for ESP
CHILD_SA with SPI c0cdc881 and reqid {30702}
May 13 04:09:03 box /charon: [IKE:16] establishing CHILD_SA 92068177{30702}
May 13 04:09:03 box /charon: [ENC:16] generating CREATE_CHILD_SA request
8602 [ N(REKEY_SA) SA No TSi TSr ]
May 13 04:09:03 box /charon: [NET:16] sending packet: from 10.1.1.2[500]
to 10.1.1.1[500]

May 13 04:09:03 box /charon: [NET:15] received packet: from
10.1.1.1[500] to 10.1.1.2[500]
May 13 04:09:03 box /charon: [ENC:15] parsed CREATE_CHILD_SA request
7764 [ N(REKEY_SA) SA No TSi TSr ]
May 13 04:09:03 box /charon: [IKE:15] CHILD_SA 92068177{30702}
established with SPIs cdcb877a_i c659dccd_o and TS 192.168.2.0/24 ===
192.168.1.0/24
May 13 04:09:03 box /charon: [ENC:15] generating CREATE_CHILD_SA
response 7764 [ SA No TSi TSr ]
May 13 04:09:03 box /charon: [NET:15] sending packet: from 10.1.1.2[500]
to 10.1.1.1[500]

May 13 04:09:03 box /charon: [NET:13] received packet: from
10.1.1.1[500] to 10.1.1.2[500]
May 13 04:09:03 box /charon: [ENC:13] parsed INFORMATIONAL request 7765
[ D ]
May 13 04:09:03 box /charon: [IKE:13] received DELETE for ESP CHILD_SA
with SPI c0cdc881
May 13 04:09:03 box /charon: [IKE:13] closing CHILD_SA 92068177{30702}
with SPIs cbad64dc_i c0cdc881_o and TS 192.168.2.0/24 === 192.168.1.0/24
May 13 04:09:03 box /charon: [IKE:13] sending DELETE for ESP CHILD_SA
with SPI cbad64dc
May 13 04:09:03 box /charon: [IKE:13] CHILD_SA closed

May 13 04:09:03 box /charon: [ENC:13] generating INFORMATIONAL response
7765 [ D ]
May 13 04:09:03 box /charon: [NET:13] sending packet: from 10.1.1.2[500]
to 10.1.1.1[500]
May 13 04:09:03 box /charon: [NET:12] received packet: from
10.1.1.1[500] to 10.1.1.2[500]
May 13 04:09:03 box /charon: [ENC:12] parsed CREATE_CHILD_SA response
8602 [ SA No TSi TSr ]
May 13 04:09:03 box /charon: [IKE:12] CHILD_SA 92068177{30702}
established with SPIs c9e8944b_i c5a048e8_o and TS 192.168.2.0/24 ===
192.168.1.0/24
May 13 04:09:03 box /charon: [DMN:12] thread 1252084624 received 11


May 13 04:08:41 xob /charon: [KNL:03] creating rekey job for ESP
CHILD_SA with SPI c0cdc881 and reqid {30714}



May 13 04:08:41 xob /charon: [IKE:13] establishing CHILD_SA be6340f5{30714}
May 13 04:08:41 xob /charon: [ENC:13] generating CREATE_CHILD_SA request
7764 [ N(REKEY_SA) SA No TSi TSr ]
May 13 04:08:41 xob /charon: [NET:13] sending packet: from 10.1.1.1[500]
to 10.1.1.2[500]


May 13 04:08:41 xob /charon: [NET:15] received packet: from
10.1.1.2[500] to 10.1.1.1[500]
May 13 04:08:41 xob /charon: [ENC:15] parsed CREATE_CHILD_SA request
8602 [ N(REKEY_SA) SA No TSi TSr ]
May 13 04:08:41 xob /charon: [IKE:15] CHILD_SA be6340f5{30714}
established with SPIs c5a048e8_i c9e8944b_o and TS 192.168.1.0/24 ===
192.168.2.0/24
May 13 04:08:41 xob /charon: [ENC:15] generating CREATE_CHILD_SA
response 8602 [ SA No TSi TSr ]
May 13 04:08:41 xob /charon: [NET:15] sending packet: from 10.1.1.1[500]
to 10.1.1.2[500]

May 13 04:08:41 xob /charon: [NET:17] received packet: from
10.1.1.2[500] to 10.1.1.1[500]
May 13 04:08:41 xob /charon: [ENC:17] parsed CREATE_CHILD_SA response
7764 [ SA No TSi TSr ]
May 13 04:08:41 xob /charon: [IKE:17] CHILD_SA be6340f5{30714}
established with SPIs c659dccd_i cdcb877a_o and TS 192.168.1.0/24 ===
192.168.2.0/24
May 13 04:08:41 xob /charon: [IKE:17] CHILD_SA rekey collision won,
deleting rekeyed child
May 13 04:08:41 xob /charon: [IKE:17] closing CHILD_SA be6340f5{30714}
with SPIs c0cdc881_i cbad64dc_o and TS 192.168.1.0/24 === 192.168.2.0/24
May 13 04:08:41 xob /charon: [IKE:17] sending DELETE for ESP CHILD_SA
with SPI c0cdc881

May 13 04:08:41 xob /charon: [ENC:17] generating INFORMATIONAL request
7765 [ D ]
May 13 04:08:41 xob /charon: [NET:17] sending packet: from 10.1.1.1[500]
to 10.1.1.2[500]
May 13 04:08:41 xob /charon: [NET:16] received packet: from
10.1.1.2[500] to 10.1.1.1[500]
May 13 04:08:41 xob /charon: [ENC:16] parsed INFORMATIONAL response 7765
[ D ]
May 13 04:08:41 xob /charon: [IKE:16] received DELETE for ESP CHILD_SA
with SPI cbad64dc
May 13 04:08:41 xob /charon: [IKE:16] CHILD_SA closed

More information about the Dev mailing list