[strongSwan] [strongSwan 5.0.1] kernel panic occur

신충수 cavatina at samji.com
Thu Dec 13 02:29:15 CET 2012 

Sefficeware

Hello, all

I'm trying to setup a IPsec IPv4 tunnel with strongSwan. And it looks like success establishing SA.
But when using the Tunnel, Kernel panic is occured. How can I solve this problem?

Below is console log. If someone can answer the question, I appreciate you very much. Thanks in advance!

Jason

-------------- console log --------------------------
test:/usr/local/sbin> ./ipsec start --debug-all
Starting strongSwan 5.0.1 IPsec [starter]...
Loading config setup
Loading conn %default
  ikelifetime=60m
  keylife=20m
  rekeymargin=3m
  keyingtries=1
  keyexchange=ikev2
  authby=secret
Loading conn 'home'
  left=172.16.41.63
  leftfirewall=no
  right=172.16.41.64
  rightsubnet=10.1.0.0/24
  auto=add
sh: modprobe: not found
sh: modprobe: not found
sh: modprobe: not found
sh: modprobe: not found
sh: modprobe: not found
found netkey IPsec stack
test:/usr/local/sbin> ./ipsec up home
initiating IKE_SA home[1] to 172.16.41.64
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from 172.16.41.63[500] to 172.16.41.64[500]
received packet: from 172.16.41.64[500] to 172.16.41.63[500]
parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(MULT_AUTH) ]
authentication of '172.16.41.63' (myself) with pre-shared key
establishing CHILD_SA home
generating IKE_AUTH request 1 [ IDi N(INIT_CONTACT) IDr AUTH SA TSi TSr N(MOBIKE_SUP) N(NO_ADD_ADDR) N(MULT_AUTH) N(EAP_ONLY) ]
sending packet: from 172.16.41.63[4500] to 172.16.41.64[4500]
received packet: from 172.16.41.64alg: No test for authenc(hmac(sha1),cbc(aes)) (authenc(hmac(sha1-generic),cbc(aes-generic)))
[4500] to 172.16.41.63[4500]
parsed IKE_AUTH response 1 [ IDr Acavium_delete_hndl : NULL Sa/SA Handle : with x a800000026981800 x->sa_handle (null)
UTH SA TSi TSr N(AUTH_LFT) N(MOBIKE_SUP) N(NO_ADD_ADDR) ]
authentication of '172.16.41.64' with pre-shared key successful
IKE_SA home[1] established between 172.16.41.63[172.16.41.63]...172.16.41.64[172.16.41.64]
scheduling reauthentication in 3404s
maximum IKE_SA lifetime 3584s
CHILD_SA home{1} established with SPIs cbe681ac_i cb4240e0_o and TS 172.16.41.63/32 === 10.1.0.0/24 
test:/usr/local/sbin> 
test:/usr/local/sbin> ./ipsec statusall
Status of IKE charon daemon (strongSwan 5.0.1, Linux 2.6.32.27-Cavium-Octeon, mips64):
  uptime: 24 seconds, since Jan 01 00:02:10 1970
  malloc: sbrk 270336, mmap 0, used 211312, free 59024
  worker threads: 8 of 16 idle, 7/1/0/0 working, job queue: 0/0/0/0, scheduled: 3
  loaded plugins: charon aes des sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs8 pgp dnskey pem fips-prf gmp xcbc cmac hmac attr kernel-netlink resolve socket-default stroke updown eap-identity eap-sim eap-aka eap-aka-3gpp2 xauth-generic
Listening IP addresses:
  172.16.41.63
Connections:
        home:  172.16.41.63...172.16.41.64  IKEv2
        home:   local:  [172.16.41.63] uses pre-shared key authentication
        home:   remote: [172.16.41.64] uses pre-shared key authentication
        home:   child:  dynamic === 10.1.0.0/24 TUNNEL
Security Associations (1 up, 0 connecting):
        home[1]: ESTABLISHED 8 seconds ago, 172.16.41.63[172.16.41.63]...172.16.41.64[172.16.41.64]
        home[1]: IKEv2 SPIs: 61a7dbfe28992e3d_i* aaea0425f8f17eb6_r, pre-shared key reauthentication in 53 minutes
        home[1]: IKE proposal: AES_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_2048
        home{1}:  INSTALLED, TUNNEL, ESP SPIs: cbe681ac_i cb4240e0_o
        home{1}:  AES_CBC_128/HMAC_SHA1_96, 0 bytes_i, 0 bytes_o, rekeying in 14 minutes
        home{1}:   172.16.41.63/32 === 10.1.0.0/24 
test:/usr/local/sbin> 
test:/usr/local/sbin> 
test:/usr/local/sbin> ping 10.1.0.10
PING 10.1.0.10 (10.1.0.10) 56(84) bytes of data.CPU 0 Unable to handle kernel paging request at virtual address 0000010000000010, epc == ffffffffc0007f84, ra == ffffffffc0007f44
Oops[#1]:
Cpu 0
$ 0   : 0000000000000000 0000000000000008 0000010000000010 a800000026964180
$ 4   : 0000000000000002 0000000000000001 0000000000000054 0000010000000010
$ 8   : fffffffffffffffe 0000000000000000 0000000000000070 1011121314151617
$12   : 0000000000000010 ffffffff80105b14 0000000060f89f07 3031323334353637
$16   : 0000000000000060 a800000026964180 a800000026981c00 a8000000314bee00
$20   : a800000026964180 0000000000000000 a80000003149f240 000000000000000c
$24   : 0000000000000000 ffffffffc0007ea8                                  
$28   : a800000026a40000 a800000026a43940 a800000000845400 ffffffffc0007f44
Hi    : 00000000000002b0
Lo    : 00000000000271c9
epc   : ffffffffc0007f84 cavium_ipsec_esp4_output+0xdc/0x3c0 [cvm_ipsec_kame]
    Not tainted
ra    : ffffffffc0007f44 cavium_ipsec_esp4_output+0x9c/0x3c0 [cvm_ipsec_kame]
Status: 1000cce3    KX SX UX KERNEL EXL IE 
Cause : 0080000c
BadVA : 0000010000000010
PrId  : 000d9401 (Cavium Octeon II)
Modules linked in: cvm_ipsec_kame lge_femto1588_irq
Process ping (pid: 917, threadinfo=a800000026a40000, task=a800000026a27540, tls=000000555e4252a0)
Stack : a800000026964180 a800000026964180 a800000026981c00 ffffffff804cf4d4
        0000000000000000 a800000026964180 a800000026981c00 a8000000314bee00
        a800000026981c34 0000000000000000 ffffffff8083b120 a8000000269641b8
        ffffffff808e0000 ffffffff8051dec0 a800000026964180 a80000002696903c
        a80000002ed5e080 a8000000314bee00 0000000000004000 0000000000000040
        0000000000004000 a800000026a43ce0 ffffffff808e0000 ffffffff804d076c
        a800000026a43a68 0000000000000000 a800000026a43ce0 a80000002ed5e080
        0000000000000040 a800000026a43a48 0000000000000000 ffffffff804f0d3c
        0000000000100100 0000000000000000 0a01000a00000000 0000000000000000
        00ffffff80837b00 0000000000000000 000000000a01000a ac10293f00000000
        ...
Call Trace:
[<ffffffffc0007f84>] cavium_ipsec_esp4_output+0xdc/0x3c0 [cvm_ipsec_kame]
[<ffffffff8051dec0>] xfrm_output_resume+0x2f8/0x420
[<ffffffff804d076c>] ip_push_pending_frames+0x28c/0x3f8
[<ffffffff804f0d3c>] raw_sendmsg+0x4b4/0x890
[<ffffffff804904d4>] sock_sendmsg+0xec/0x128
[<ffffffff80490710>] SyS_sendmsg+0x200/0x2e0
[<ffffffff80102c44>] handle_sys64+0x44/0x64

Code: 24a2ffff  24a40001  00e2102d <a0450000> 8e860068  01061023  00501021  00a2182b  1460fff7 
Disabling lock debugging due to kernel taint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121213/91b37cc3/attachment.html>

More information about the Users mailing list