[strongSwan] The memory of charon process abnormal

[梅香]

Dear all:
 
I meet two problems with strongswan 4.6.4 in linux      . 
 
The first problem, I establish 70 ipsec tunnels per second with an instrument, at first the tunnels were established successfully. But about 3 hours later, the instrument send out the IKE INIT packet with nonzero message ID, so that the linux not respond the IKE INIT, the ipsec tunnels could not established and the memory of charon keep rising until exhaust the memory of linux. The message shows me such information:
 
=========================================
 
Mar  1 17:18:47 (none) daemon.info charon: 899[IKE] received message ID 31, expected 0. Ignored 
 
Mar  1 17:18:47 (none) daemon.info charon: 134[ENC] parsed IKE_SA_INIT request 28 [ SA KE No V ] 
 
Mar  1 17:18:47 (none) daemon.info charon: 134[IKE] received message ID 28, expected 0. Ignored 
 
Mar  1 17:18:47 (none) daemon.info charon: 965[NET] received packet: from 10.0.41.39[500] to 10.2.0.5[500] 
 
Mar  1 17:18:47 (none) daemon.info charon: 142[NET] received packet: from 10.0.24.166[500] to 10.2.0.5[500] 
 
Mar  1 17:18:47 (none) daemon.info charon: 51[NET] received packet: from 10.0.33.68[500] to 10.2.0.5[500] 
 
Mar  1 17:18:47 (none) daemon.info charon: 978[ENC] parsed IKE_SA_INIT request 26 [ SA KE No V ] 
 
Mar  1 17:18:47 (none) daemon.info charon: 978[IKE] received message ID 26, expected 0. Ignored 
 
Mar  1 17:18:47 (none) daemon.info charon: 14[NET] received packet: from 10.0.41.25[500] to 10.2.0.5[500] 
 
Mar  1 17:18:47 (none) daemon.info charon: 904[ENC] parsed IKE_SA_INIT request 477 [ SA KE No V ] 
 
Mar  1 17:18:47 (none) daemon.info charon: 904[IKE] received message ID 477, expected 0. Ignored 
 
Mar  1 17:18:47 (none) daemon.info charon: 937[ENC] parsed IKE_SA_INIT request 61 [ SA KE No V ] 
 
Mar  1 17:18:47 (none) daemon.info charon: 937[IKE] received message ID 61, expected 0. Ignored
 
==================================================
 
I want to know why the memory of charon keep rising? How to solve such problem?
 
The second problem, we modify some fields of the IKE INIT and send out to linux with instrument. Then strongswan seems abnormal because it couldn’t handle the following normal IKE INIT packet. Why such abnormal IKE INIT packet lead to the strongswan couldn’t handle the following normal IKE INIT packet?
 
yourth
 
anna
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130311/c951fdb5/attachment.html>