[strongSwan] why strongswan 4.6.4 resstart automatically soomtimes?

nanjian5 nanjian5 at gmail.com
Wed Apr 10 15:13:04 CEST 2013


> The dameon modules of charon said it receive the signal 10 and kill
> I check usage of linux signal in the manual of linux, and find that signal
> 10 means SIGBUS because of bad memory access.

Under which architecture does your system run? What compiler did you

To identify the issue, it would help to get a backtrace from where that
SIGBUS is raised. You may try to run charon in the foreground with
"ipsec start --attach-gdb". If you don't have gdb on that system, "ipsec
start --nofork" might work, as a backtrace gets printed to stderr if
your system features the backtrace() call.

This is what happen after "ipsec start --attach-gdb" when 120 ipsec tunnels
is establishing per second and strongswan is loging into syslog.

372[CFG] <3108> looking for peer configs matching[%any]...[a2430]

461[CFG] <au-gw|3005> selected peer config 'au-gw'

916[CFG] <3072> looking for peer configs matching[%any]...[a6082]

721[CFG] <3101> looking for peer configs matching[%any]...[a2428]

907[CFG] <3071> looking for peer configs matching[%any]...[a5561]

591[CFG] <3096> looking for peer configs matching[%any]...[a5567]

946[CFG] <3109> looking for peer configs matching[%any]...[a4526]

998[CFG] <3074> looking for peer configs matching[%any]...[a4517]

724[CFG] <3099> looking for peer configs matching[%any]...[a4523]

771[CFG] <3069> looking for peer configs matching[%any]...[a6080]

60[CFG] <au-gw|3007> selected peer config 'au-gw'

128[CFG] <3123> looking for peer configs matching[%any]...[a2434]

843[CFG] <3103> looking for peer configs matching[%any]...[a6090]

619[CFG] <3107> looking for peer configs matching[%any]...[a4524]

843[CFG] <au-gw|3103> selected peer config 'au-gw'

202[CFG] <au-gw|2993> selected peer config 'au-gw'

956[CFG] <au-gw|2985> selected peer config 'au-gw'

857[CFG] <au-gw|3000> selected peer config 'au-gw'

541[CFG] <au-gw|3045> selected peer config 'au-gw'

510[CFG] <au-gw|3047> selected peer config 'au-gw'

383[CFG] <au-gw|2991> selected peer config 'au-gw'

471[CFG] <3112> looking for peer c[New LWP 31095]

onfigs matching[%any]...[a4527]

433[JOB] <2950> deleting half open IKE_SA after timeout

369[JOB] <2966> deleting half open IKE_SA after timeout

441[JOB] <2975> deleting half open IKE_SA after timeout

215[JOB] <2976> deleting half open IKE_SA after timeout

215[JOB] <2967> deleting half open IKE_SA after timeout

182[JOB] <2982> deleting half open IKE_SA after timeout

668[CFG] <au-gw|3050> selected peer config 'au-gw'

855[CFG] <au-gw|3090> selected peer config 'au-gw'

854[JOB] <2969> deleting half open IKE_SA after timeout

Program received signal SIGSEGV, Segmentation fault.

[Switching to LWP 31095]

0x0000005555b08c68 in memcpy () from /lib64/libc.so.6

(gdb) bt

#0  0x0000005555b08c68 in memcpy () from /lib64/libc.so.6

#1  0x0000005555e21414 in SHA1_Update ()

   from /tmp/lib/lib/ipsec/plugins/libstrongswan-openssl.so

#2  0x000000574b6fee70 in ?? ()

warning: GDB can't find the start of the function at 0x574b6fee70.

We build the strongswan with the following command:
./configure --build=mips64octeon --host=mips64-octeon-linux-gnu
--prefix=/tmp/lib ABI=64 CFLAGS=-mabi=64   --enable-eap-aka
--enable-eap-radius   --enable-nat-transport    --enable-kernel-pfkey
--enable-socket-default --enable-socket-raw --enable-socket-dynamic
 --disable-gmp --enable-openssl   --enable-eap-identity --enable-updown
 --enable-dhcp --enable-farp;make clean;make;make install

the linux version is :

Linux (none) #10 SMP Sun Jan 1 10:15:42 CST 2012
 mips64 unknown.

Is it enough to fixed this bug?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130410/a7b40c03/attachment.html>

More information about the Users mailing list