[strongSwan-dev] charon deadlock involving three threads

Jan Willem Beusink beusink at gmail.com
Mon Dec 26 16:40:51 CET 2011


Hello again,

my Christmas present to you: the promised info neccessary to recreate the
deadlock.

Setup: host A (192.168.1.134) - host B (192.168.1.135)

Installed strongSwan on both host using:
wget http://download.strongswan.org/strongswan-4.5.3.tar.bz2
tar -xvf strongswan-4.5.3.tar.bz2
cd strongswan-4.5.3.tar.bz2
./configure --enable-openssl
make
sudo make install

Certs, config etc included per host in attached tar file. Taken from
/usr/local/
running the attached script from host A should recreate deadlock. Note that
the script restarts strongSwan on both ends and start connections. It
assumes non-blocking root access. I.e. authorized keys have been set up,
and that the script was run as root (to be able to start a connection using
ipsec command).

In my case it deadlocks at confidence_run 2. Note that the actual
confidence run identifier (integer) is used as seed in the calculation of
exponentially divided inter-arrival time of the initiated connections, see
gsl-randist command in the script. And that other parameters set in the
script influence also impact on actual generated inter-arrival time.

Please let me know if I can assist any further on this matter.

Merry Christmas,

Jan Willem

2011/12/24 Jan Willem Beusink <beusink at gmail.com>

> Hi Tobias,
>
> I'll send you the complete configs, certs, scripts, etc, to reproduce the
> bug in a few days.
> I now can confirm however, that the bug occurs in a  vanilla build (4.5.3)
> using only --enable-openssl.
>
> I'll send you the requested info as soon as I have time.
>
> Regards,
>
> Jan Willem
>
> On Dec 23, 2011, at 12:05 PM, Tobias Brunner wrote:
>
> > Hi Jan Willem,
> >
> >> I'll be happy to provide more details where so desired.
> >
> > It would help to know where those threads are blocked.  Could you attach
> > GDB when such a deadlock occurs and then use "thread apply all bt" to
> > get a backtrace of all the threads.
> >
> > Otherwise, if you could provide complete configs to reliably reproduce
> > the deadlock that might help too (Thomas did a great job on that).
> >
> > Regards,
> > Tobias
>
>


-- 
Met vriendelijke groeten,

  Jan Willem Beusink
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20111226/e5142e26/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hostA.tar
Type: application/x-tar
Size: 604160 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20111226/e5142e26/attachment.tar>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hostB.tar
Type: application/x-tar
Size: 604160 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20111226/e5142e26/attachment-0001.tar>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: exp2.debug.script
Type: application/octet-stream
Size: 2640 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20111226/e5142e26/attachment.obj>


More information about the Dev mailing list