[strongSwan] Crash strongSwan

Fabrice Barconnière fabrice.barconniere at ac-dijon.fr
Tue Sep 20 13:16:16 CEST 2016


Hello,

charon crash when using revocation plugin. It can happen several times
in a minute during establishing connections.

2016-09-10T04:00:08.010176+02:00 sphynx-25.in.ac-dijon.fr charon: 60[DMN] thread 60 received 11
2016-09-10T04:00:08.010426+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]  dumping 14 stack frame addresses:
2016-09-10T04:00:08.010455+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f8692df8000 [0x7f8692e08330]
2016-09-10T04:00:08.014968+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.015002+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000 [0x7f86934b1ba3]
2016-09-10T04:00:08.018784+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.018815+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000 [0x7f86934b1cfa]
2016-09-10T04:00:08.022568+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.022599+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000 [0x7f86934b1d3b]
2016-09-10T04:00:08.026316+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.026349+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000 (array_invoke_offset+0x33) [0x7f86934a4433]
2016-09-10T04:00:08.030030+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.030062+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000 (array_destroy_offset+0x9) [0x7f86934a44b9]
2016-09-10T04:00:08.033702+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.033732+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /usr/lib/ipsec/libcharon.so.0 @ 0x7f8693016000 [0x7f869303bce4]
2016-09-10T04:00:08.037407+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.037438+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /usr/lib/ipsec/libcharon.so.0 @ 0x7f8693016000 [0x7f869303dd21]
2016-09-10T04:00:08.041220+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.041251+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /usr/lib/ipsec/libcharon.so.0 @ 0x7f8693016000 [0x7f869303fd7d]
2016-09-10T04:00:08.045087+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.045119+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /usr/lib/ipsec/libcharon.so.0 @ 0x7f8693016000 [0x7f86930360b3]
2016-09-10T04:00:08.048908+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.048941+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000 [0x7f86934b8df2]
2016-09-10T04:00:08.052686+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.052721+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /usr/lib/ipsec/libstrongswan.so.0 @ 0x7f8693490000 [0x7f86934bbc14]
2016-09-10T04:00:08.056503+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.056535+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /lib/x86_64-linux-gnu/libpthread.so.0 @ 0x7f8692df8000 [0x7f8692e00184]
2016-09-10T04:00:08.060346+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.060421+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]   /lib/x86_64-linux-gnu/libc.so.6 @ 0x7f8692a33000 (clone+0x6d) [0x7f8692b2d37d]
2016-09-10T04:00:08.064165+02:00 sphynx-25.in.ac-dijon.fr charon: 60[LIB]     ->
2016-09-10T04:00:08.116914+02:00 sphynx-25.in.ac-dijon.fr charon: 60[DMN] killing ourself, received critical signal
2016-09-10T04:00:13.122115+02:00 sphynx-25.in.ac-dijon.fr charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.1.2, Linux 4.2.0-42-generic, x86_64)
2016-09-10T04:00:13.131081+02:00 sphynx-25.in.ac-dijon.fr charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
2016-09-10T04:00:13.131853+02:00 sphynx-25.in.ac-dijon.fr charon: 00[CFG]   loaded ca certificate "C=FR, O=Ministere Education Nationale Enseignement Superieur Recherche, CN=AC Racine Ministere ENESR" from '/etc/ipsec.d/cacerts/AC Racine Ministere ENESR.pem'
2016-09-10T04:00:13.132024+02:00 sphynx-25.in.ac-dijon.fr charon: 00[CFG]   loaded ca certificate "C=FR, O=Education Nationale, OU=0002 110043015, CN=AC Education Nationale" from '/etc/ipsec.d/cacerts/AC Education Nationale.pem'
2016-09-10T04:00:13.132334+02:00 sphynx-25.in.ac-dijon.fr charon: 00[CFG]   loaded ca certificate "C=FR, O=gouv, L=Dijon, OU=education, OU=ac-dijon, CN=CA-sphynx-25-RVP" from '/etc/ipsec.d/cacerts/CA-sphynx-25-RVP.pem'
2016-09-10T04:00:13.132506+02:00 sphynx-25.in.ac-dijon.fr charon: 00[CFG]   loaded ca certificate "C=FR, O=Education Nationale, OU=0002 110043015, CN=AC EN Scolarite et Formation" from '/etc/ipsec.d/cacerts/AC EN Scolarite et Formation.pem'
2016-09-10T04:00:13.132526+02:00 sphynx-25.in.ac-dijon.fr charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
2016-09-10T04:00:13.132551+02:00 sphynx-25.in.ac-dijon.fr charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
2016-09-10T04:00:13.132571+02:00 sphynx-25.in.ac-dijon.fr charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'
2016-09-10T04:00:13.132593+02:00 sphynx-25.in.ac-dijon.fr charon: 00[CFG] loading crls from '/etc/ipsec.d/crls'
2016-09-10T04:00:13.132712+02:00 sphynx-25.in.ac-dijon.fr charon: 00[CFG]   loaded crl from '/etc/ipsec.d/crls/cc2e370f06b2b9b5e92dffbe5237c61db4b70717.crl'
2016-09-10T04:00:13.132732+02:00 sphynx-25.in.ac-dijon.fr charon: 00[CFG] loading secrets from '/etc/ipsec.secrets'
2016-09-10T04:00:13.143970+02:00 sphynx-25.in.ac-dijon.fr charon: 00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/privAGRIATES-DIJON-40.ac-dijon.fr.pem'
2016-09-10T04:00:13.155125+02:00 sphynx-25.in.ac-dijon.fr charon: 00[CFG]   loaded RSA private key from '/etc/ipsec.d/private/privsphynx.pem'
2016-09-10T04:00:13.155262+02:00 sphynx-25.in.ac-dijon.fr charon: 00[LIB] loaded plugins: charon test-vectors curl aes sha1 sha2 md5 random nonce x509 revocation constraints pkcs1 pkcs8 pem openssl xcbc cmac hmac ctr ccm gcm attr kernel-netlink resolve socket-default stroke updown eap-identity addrblock
2016-09-10T04:00:13.155276+02:00 sphynx-25.in.ac-dijon.fr charon: 00[LIB] unable to load 5 plugin features (5 due to unmet dependencies)
2016-09-10T04:00:13.155338+02:00 sphynx-25.in.ac-dijon.fr charon: 00[LIB] dropped capabilities, running as uid 0, gid 0
2016-09-10T04:00:13.155354+02:00 sphynx-25.in.ac-dijon.fr charon: 00[JOB] spawning 64 worker threads
2016-09-10T04:00:13.160589+02:00 sphynx-25.in.ac-dijon.fr charon: 04[CFG] crl caching to /etc/ipsec.d/crls enabled

When revocation plugin is disabled, it's OK.
CRL and OCSP are used for checking certificates. CRL is for servers
certificates status, and OCSP for CA certificates status.
File "charon.log.gz" contains log between 2 crashes.
What can i do to resolve this problem ?

OS : Ubuntu 14.04
strongSwan : 5.1.2

-- 
Regards,
Fabrice Barconnière
Pôle logiciels libres - EOLE

-------------- next part --------------
A non-text attachment was scrubbed...
Name: charon.log.gz
Type: application/gzip
Size: 546010 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160920/20306bf6/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20160920/20306bf6/attachment-0001.sig>


More information about the Users mailing list