[strongSwan-dev] Issue: After setting up the IPsec tunnel, ping the VPN server causes the host crash.

LIU Jingen Jingen.Liu at alcatel-sbell.com.cn
Fri Apr 12 08:53:40 CEST 2013 

Hello,

Do you have any comments on my issue? I don't know whether it's caused by my host system or by the strongswan(Due to I didn't modify the codes
correctly.)

My arm based Linux host system which had been installed with strongswan 4.6.4(I had modified the 4.6.4 codes, and defined a new EAP based method),
the host 135.251.123.160 can ping VPN server 10.9.133.20 passed firstly, then I set up the IPsec tunnel between 135.251.123.160 and 10.9.133.20,
then ping the VPN server 10.9.133.30 causes the host crash.

Ping other IPs are fine, such as 135.251.123.154. But if I ping any IP in the range of 172.22.26.0/24 172.23.13.0/24 10.9.133.0/24 will cause
my host crash, such as ping 172.22.26.1 or 10.9.133.20 will cause my host crash.


root at OpenWrt:/# ifconfig -a
eth1      Link encap:Ethernet  HWaddr 00:15:E1:18:EE:20
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

eth2      Link encap:Ethernet  HWaddr 00:2A:2B:2C:2D:2E
          inet addr:135.251.123.160  Bcast:135.251.123.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:30596 errors:0 dropped:345 overruns:0 frame:0
          TX packets:19708 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:23960468 (22.8 MiB)  TX bytes:2768939 (2.6 MiB)
          Interrupt:130

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tunl0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root at OpenWrt:/# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         135.251.123.1   0.0.0.0         UG        0 0          0 eth2
135.251.123.0   0.0.0.0         255.255.255.0   U         0 0          0 eth2
root at OpenWrt:/#
root at OpenWrt:/# ping 10.9.133.20
PING 10.9.133.20 (10.9.133.20): 56 data bytes
64 bytes from 10.9.133.20: seq=0 ttl=60 time=6.149 ms
64 bytes from 10.9.133.20: seq=1 ttl=60 time=8.677 ms
64 bytes from 10.9.133.20: seq=2 ttl=60 time=11.864 ms
64 bytes from 10.9.133.20: seq=3 ttl=60 time=15.087 ms
^C
--- 10.9.133.20 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 6.149/10.444/15.087 ms
root at OpenWrt:/# ipsec restart
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 4.6.4 IPsec [starter]...
root at OpenWrt:/# ipsec statusall
000 Status of IKEv1 pluto daemon (strongSwan 4.6.4):
000 interface lo/lo 127.0.0.1:500
000 interface eth2/eth2 135.251.123.160:500
000 interface eth2/eth2 10.23.25.1:500
000 %myid = '%any'
000 loaded plugins: aes des sha1 sha2 md5 random x509 pkcs1 pgp dnskey pem gmp hmac xauth attr kernel-netlink resolve
000 debug options: raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+natt+oppo+controlmore
000
Status of IKEv2 charon daemon (strongSwan 4.6.4):
  uptime: 3 seconds, since Jan 01 00:01:21 1970
  malloc: sbrk 135168, mmap 0, used 104864, free 30304
  worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0, scheduled: 8
  loaded plugins: aes des sha1 sha2 md5 random x509 revocation constraints pubkey pkcs1 pgp pem fips-prf gmp xcbc hmac attr kernel-netlink resolve socket-raw stroke updown eap-femto-Ds2460b
Listening IP addresses:
  135.251.123.160
Connections:
        tun1:  135.251.123.160...10.9.133.20
        tun1:   local:  [fbsr-010000000005986e at eapds2460.alcatel-sbell.com.cn] uses EAP authentication
        tun1:   remote: [alcatel-sbell.com.cn] uses any authentication
        tun1:   child:  0.0.0.0/0 === 0.0.0.0/0 TUNNEL
Security Associations (1 up, 0 connecting):
        tun1[1]: ESTABLISHED 2 seconds ago, 135.251.123.160[fbsr-010000000005986e at eapds2460.alcatel-sbell.com.cn]...10.9.133.20[alcatel-sbell.com.cn]
        tun1[1]: IKE SPIs: 26469a6d797d7ce0_i* 265332c2f39adf6f_r, EAP reauthentication in 2 hours
        tun1[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
        tun1{1}:  INSTALLED, TUNNEL, ESP SPIs: cc883bb0_i ccdf7dc6_o
        tun1{1}:  AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 42 minutes
        tun1{1}:   10.23.25.1/32 === 172.22.26.0/24 172.23.13.0/24 10.9.133.0/24 0.0.0.0/24  // jingen: IPsec tunnel had been set up successfully.
root at OpenWrt:/# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         135.251.123.1   255.255.255.0   UG        0 0          0 eth2
0.0.0.0         135.251.123.1   0.0.0.0         UG        0 0          0 eth2
10.9.133.0      135.251.123.1   255.255.255.0   UG        0 0          0 eth2
135.251.123.0   0.0.0.0         255.255.255.0   U         0 0          0 eth2
172.22.26.0     135.251.123.1   255.255.255.0   UG        0 0          0 eth2
172.23.13.0     135.251.123.1   255.255.255.0   UG        0 0          0 eth2
root at OpenWrt:/# ping 135.251.123.154
PING 135.251.123.154 (135.251.123.154): 56 data bytes
64 bytes from 135.251.123.154: seq=0 ttl=255 time=2.632 ms
64 bytes from 135.251.123.154: seq=1 ttl=255 time=0.886 ms
64 bytes from 135.251.123.154: seq=2 ttl=255 time=0.873 ms
64 bytes from 135.251.123.154: seq=3 ttl=255 time=0.759 ms
root at OpenWrt:/# ping 10.9.133.20
PING 10.9.133.20Unable to handle kernel NULL pointer dereference at virtual address 00000028  // jingen: It crashes here, and I can reproduce the issue 100%, and the virtual address is always 00000028.
pgd = c0004000
[00000028] *pgd=00000000
 (10.9.133.20): Internal error: Oops: 17 [#1] PREEMPT SMP
Modules linked in: camellia serpent blowfish cast5 nf_nat_irc nf_conntrack_irc nf_nat_ftp nf_conntrack_ftp xt_policy xt_esp ipt_ah ipt_MASQUERADE iptable_nat nf_nat xt_conntrack xt_NOTRACK iptable_raw xt_state nf_conntrack_ipv4 nf_defrag_ipv4 nf_conntrack ipt_REJECT xt_TCPMSS ipt_LOG xt_comment xt_multiport xt_mac xt_limit iptable_mangle iptable_filter ip_tables xt_tcpudp x_tables ipcomp xfrm4_tunnel xfrm4_mode_tunnel xfrm4_mode_transport xfrm4_mode_beet esp4 ah4 xfrm_user xfrm_ipcomp af_key ts_fsm ts_bm ts_kmp crc_ccitt
CPU: 1    Not tainted  (3.0.51-rt75 #2)
PC is at xfrm_output_resume+0xf8/0x34c
LR is at comcerto_crypto_done+0x54/0x64
pc : [<c0270554>]    lr : [<c01ea2b0>]    psr: a0000013
sp : cfb13eb0  ip : 00000000  fp : 00000000
r10: 00000001  r9 : 00000006  r8 : ffffffb6
r7 : cfb46200  r6 : cf3ee320  r5 : ffffffb6  r4 : cef23ba0
r3 : 00000000  r2 : cfb13ec0  r1 : ffffffb6  r0 : cf3ee320
Flags: NzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
Control: 10c53c7d  Table: 0ede804a  DAC: 00000015
Process irq/50-Comcerto (pid: 387, stack limit = 0xcfb12270)
Stack: (0xcfb13eb0 to 0xcfb14000)
3ea0:                                     f4002500 cfb46200 c0026c88 c00b6660
3ec0: cfb13ec0 cef23ba0 ffffffb6 f4002500 cfb46200 00000009 00000001 c01ea2b0
3ee0: cfb46200 cef23ba0 ffffffb6 ffffffb6 cfb46284 c01ea4a0 cfb46200 f4002500
3f00: cfb46284 f4002568 00000000 c01ea848 cfb4631c cfb46320 000f4240 cfb46324
3f20: 00000000 c0051500 c03740f8 cfb12000 00000001 00000000 00000000 c0050c04
3f40: 00000000 cfa0a940 cfb12000 c05bf2b0 00000001 c03a2300 c037629c 00000000
3f60: c0376288 c0051744 c0376240 00000001 cf9898a0 c0082bc4 c037629c c0082c10
3f80: c0376240 cf9898a0 cf9898bc c0082a70 cf9898a0 00000000 cf831e3c cf9898a0
3fa0: c0082994 00000013 00000000 00000000 00000000 c006510c 00000000 cf9898a0
3fc0: 00000000 00000000 00000000 cfb13fcc cfb13fcc 00000000 00000000 00000000
3fe0: cfb13fe0 cfb13fe0 cf831e3c c0065088 c0032070 c0032070 00000000 00000000
[<c0270554>] (xfrm_output_resume+0xf8/0x34c) from [<c01ea2b0>] (comcerto_crypto_done+0x54/0x64)
[<c01ea2b0>] (comcerto_crypto_done+0x54/0x64) from [<c01ea4a0>] (elp_callback+0x1e0/0x254)
[<c01ea4a0>] (elp_callback+0x1e0/0x254) from [<c01ea848>] (elp_irq_out_tasklet+0xb8/0x158)
[<c01ea848>] (elp_irq_out_tasklet+0xb8/0x158) from [<c0051500>] (__tasklet_action.clone.5+0x9c/0x150)
[<c0051500>] (__tasklet_action.clone.5+0x9c/0x150) from [<c0050c04>] (__do_softirq_common+0xbc/0x180)
[<c0050c04>] (__do_softirq_common+0xbc/0x180) from [<c0051744>] (local_bh_enable+0xc0/0x158)
[<c0051744>] (local_bh_enable+0xc0/0x158) from [<c0082c10>] (irq_forced_thread_fn+0x4c/0x54)
[<c0082c10>] (irq_forced_thread_fn+0x4c/0x54) from [<c0082a70>] (irq_thread+0xdc/0x1f8)
[<c0082a70>] (irq_thread+0xdc/0x1f8) from [<c006510c>] (kthread+0x84/0x8c)
[<c006510c>] (kthread+0x84/0x8c) from [<c0032070>] (kernel_thread_exit+0x0/0x8)
Code: 1a000093 e5963048 e3580000 e3c33001 (e5937028)
56 data bytes
---[ end trace 0000000000000002 ]---
exiting task "irq/50-Comcerto" (387) is an active IRQ thread (irq 50)

Best regards
Jingen, Liu
------------
Alcatel-Lucent Shanghai Bell Co.,Ltd. WSPD NanJing R&D Center.
Floor 10, Changjiang Technological Park, No.40, Nanchang Road, GuLou District.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130412/316f5ac8/attachment.html>

More information about the Dev mailing list