[strongSwan] Child SA query and delete after inactivity timeout
Riaan Kruger
riaank at gmail.com
Tue Jul 9 09:30:00 CEST 2013
I am using strongswan-4.5.3 on FreeBSD 8.3. Is it at all possible that
charon will try to access a child SA in the kernel after it was deleted
(because of inactivity). I am seeing the following series of messages:
<START>
deleting CHLD_SA after 300 seconds of inactivty
closing CHILD_SA ... with SPIs "spi1" (0 bytes) "spi2" (0 bytes) and TS ...
:
:
some time later, the following starts (around the tims a the child sa needs
a rekey) and repeats at each DPD request
unable to query SAD entry with SPI "spi1": No such file or directory
sending DPD request
much later (around the time the IKE_SA needs a rekey)
IKE_SA deleted
unable to delete SAD entry with SPI "spi1": No such file or directory
thread 10 received 11
killing ourselves, received critical signal
<END>
Any idea what could cause this?
Any pointers as what to look at ?
Unfortunately this happened at a remote operational site, so testing
different log levels and settings will be very difficult.
Riaan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130709/915586bd/attachment.html>
More information about the Users
mailing list