[strongSwan] why strongswan 4.6.4 resstart automatically soomtimes?

nanjian5 nanjian5 at gmail.com
Mon Apr 1 18:19:04 CEST 2013


hi all,

Do anyone find that strongswan 4.6.4 will suddenly kill itself and restart?

I have used strongswan 4.5.2 for a long time and find it work fine.
Recently I update to stongswan 4.6.4 and it seems good at the beginning.But
recently it often restart by itseft with the following messages in
/var/log/messages:
========================================================================================================
 Apr  1 08:51:58 (none) daemon.info
 charon: 131[IKE] received DELETE for ESP CHILD_SA with SPI 0b49e974
Apr  1 08:51:58 (none) daemon.info
 charon: 520[ENC] generating INFORMATIONAL response 2 [ D ]
Apr  1 08:51:58 (none) daemon.info
 charon: 520[NET] sending packet: from 10.2.0.5[500] to 10.0.40.216[500]
Apr  1 08:51:58 (none) daemon.info
 charon: 520[NET] received packet: from 10.0.40.45[500] to 10.2.0.5[500]
Apr  1 08:51:58 (none) daemon.info
 charon: 520[ENC] parsed INFORMATIONAL request 2 [ D ]
Apr  1 08:51:58 (none) daemon.info
 charon: 520[IKE] received DELETE for ESP CHILD_SA with SPI 0b49ed28



Apr  1 08:51:58 (none) daemon.info charon: 603[DMN] thread 603 received 10
Apr  1 08:51:58 (none) daemon.info
 charon: 603[DMN] killing ourself, received critical signal
Apr  1 08:51:58 (none) authpriv.warn ipsec_starter[11658]: charon has
died -- restart scheduled (5sec)
Apr  1 08:52:03 (none) daemon.info
 charon: 00[DMN] Starting IKEv2 charon daemon (strongSwan 4.6.4)
Apr  1 08:52:03 (none) daemon.info
 charon: 00[CFG] loading ca certificates from '/tmp/lib/etc/ipsec.d/cacerts'
Apr  1 08:52:03 (none) daemon.info
 charon: 00[CFG] loading aa certificates from '/tmp/lib/etc/ipsec.d/aacerts'
Apr  1 08:52:03 (none) daemon.info
 charon: 00[CFG] loading ocsp signer certificates from
'/tmp/lib/etc/ipsec.d/ocspcerts'
Apr  1 08:52:03 (none) daemon.info
 charon: 00[CFG] loading attribute certificates from
'/tmp/lib/etc/ipsec.d/acerts'
Apr  1 08:52:03 (none) daemon.info
 charon: 00[CFG] loading crls from '/tmp/lib/etc/ipsec.d/crls'
Apr  1 08:52:03 (none) daemon.info
 charon: 00[CFG] loading secrets from '/tmp/lib/etc/ipsec.secrets'
Apr  1 08:52:03 (none) daemon.info charon: 00[CFG]   loaded IKE secret for
home at debug.strongswan.org
Apr  1 08:52:03 (none) daemon.info
 charon: 00[CFG]   loaded IKE secret for *@debug.strongswan.org
Apr  1 08:52:03 (none) daemon.info
 charon: 00[CFG]   loaded IKE secret for %any
Apr  1 08:52:03 (none) daemon.info charon: 00[KNL] listening on interfaces:
Apr  1 08:52:03 (none) daemon.info charon: 00[KNL]   pow0
Apr  1 08:52:03 (none) daemon.info charon: 00[KNL]     10.2.0.5
Apr  1 08:52:03 (none) daemon.info charon: 00[KNL]   spi20
Apr  1 08:52:03 (none) daemon.info charon: 00[KNL]     10.2.6.31
Apr  1 08:52:03 (none) daemon.info
 charon: 00[KNL] received netlink error: Invalid argument (22)
Apr  1 08:52:03 (none) daemon.info
 charon: 00[KNL] unable to create IPv4 routing table rule
Apr  1 08:52:03 (none) daemon.info
 charon: 00[KNL] received netlink error: Invalid argument (22)
Apr  1 08:52:03 (none) daemon.info
 charon: 00[KNL] unable to create IPv6 routing table rule
Apr  1 08:52:03 (none) daemon.info
 charon: 00[NET] could not open socket: Address family not supported
by protocol
Apr  1 08:52:03 (none) daemon.info
 charon: 00[NET] could not open IPv6 socket, IPv6 disabled
Apr  1 08:52:03 (none) daemon.info
 charon: 00[CFG] HA config misses local/remote address
Apr  1 08:52:03 (none) daemon.info
 charon: 00[LIB] plugin 'ha': failed to load - ha_plugin_create returned NULL
Apr  1 08:52:03 (none) daemon.info
 charon: 00[DMN] loaded plugins: openssl random x509 pubkey hmac xcbc
stroke kernel-pfkey kernel-netlink eap-radius socket-default dhcp
Apr  1 08:52:03 (none) daemon.info
 charon: 00[JOB] spawning 1000 worker threads
Apr  1 08:52:03 (none) authpriv.warn ipsec_starter[11658]: charon
(6278) started after 20 ms
=================================================================================================================
The dameon modules of charon said it receive the signal 10 and kill itself.
I check usage of linux signal in the manual of linux, and find that signal
10 means SIGBUS because of bad memory access.


Is it a bug in strongswan 4.6.4 ?
How to fix it?

------------------------------
lijianrong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130402/4c3edaa3/attachment.html>


More information about the Users mailing list