[Bug 339674] New: novell-nortelplugins causes racoon crash with split tunnel
https://bugzilla.novell.com/show_bug.cgi?id=339674 Summary: novell-nortelplugins causes racoon crash with split tunnel Product: SUSE Linux 10.1 Version: Final Platform: x86-64 OS/Version: SLED 10 Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: david.mattes@boeing.com QAContact: qa@suse.de CC: stingleff@novell.com Found By: Customer When I connect to our Nortel VPN server with split tunneling enabled, racoon crashes when the list of split tunnel routes is downloaded. If I hack racoon to ignore the split tunnel routes, the connection works just fine. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c1
Thomas Biege
https://bugzilla.novell.com/show_bug.cgi?id=339674#c2
--- Comment #2 from Sam Tingleff
https://bugzilla.novell.com/show_bug.cgi?id=339674#c3
--- Comment #3 from Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674
Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674
Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674#c4
David Mattes
https://bugzilla.novell.com/show_bug.cgi?id=339674#c5
--- Comment #5 from Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674
Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674#c6
David Mattes
https://bugzilla.novell.com/show_bug.cgi?id=339674#c7
Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674#c8
David Mattes
https://bugzilla.novell.com/show_bug.cgi?id=339674#c9
--- Comment #9 from Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674
Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674#c10
--- Comment #10 from Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674#c11
David Mattes
https://bugzilla.novell.com/show_bug.cgi?id=339674#c12
David Mattes
https://bugzilla.novell.com/show_bug.cgi?id=339674#c13
--- Comment #13 from Li Bin
I tried on a 32-bit computer. I still couldn't get anything useful out of gdb. But the following did show up in the syslog just before racoon crashed.
A3945578!mattes bugzilla> cat bug.txt Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckIPv4Callback... Nov 29 09:28:07 e061240 racoon: DEBUG: ASSIGNED IP ADDRESS IS 6047090 Nov 29 09:28:07 e061240 racoon: DEBUG: Acking INTERNAL IP Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 6 Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 16392 Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckKACallback... Nov 29 09:28:07 e061240 racoon: DEBUG: KA IN SECS IS 384 Nov 29 09:28:07 e061240 racoon: DEBUG: Acking KA Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 16394 Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckIPv4MaskCallback... Nov 29 09:28:07 e061240 racoon: DEBUG: Acking INTERNAL IP MASK Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckIPv4DnsCallback... Nov 29 09:28:07 e061240 racoon: DEBUG: Acking INTERNAL IP DNS Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckIPv4DnsCallback... Nov 29 09:28:07 e061240 racoon: DEBUG: Acking INTERNAL IP DNS Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 4 Nov 29 09:28:07 e061240 racoon: DEBUG: Unexpected SET attribute 4 Nov 29 09:28:07 e061240 racoon: DEBUG: ==> Enter cfgAckBifurcationCallback...
What next?
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674#c14
David Mattes
https://bugzilla.novell.com/show_bug.cgi?id=339674
User bili@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c15
Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674
User bili@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c16
--- Comment #16 from Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674
User bili@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c17
--- Comment #17 from Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674
User david.mattes@boeing.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c18
David Mattes
https://bugzilla.novell.com/show_bug.cgi?id=339674
User bili@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c19
Li Bin
That did the trick for the split tunnel! Thanks!
BTW, I have another VPN issue - you may want me to open another bug. It appeared with novell-ipsec-tools-0.6.3-26.14 (SLED10SP1) as a regression from novell-ipsec-tools-0.6.3-26.4 (SLED10). When I connect with 26.4 the relevant entries in syslog are: racoon: INFO: IPsec-SA established: ESP/Tunnel 10.0.0.1[0]->192.168.1.150[0] racoon: INFO: IPsec-SA established: ESP/Tunnel 192.168.1.150[0]->10.0.0.1[0]
And the tunnel works fine. But when I connect with 26.14 these change to: racoon: INFO: IPsec-SA established: ESP/Tunnel 10.0.0.1[500]->192.168.1.150[500] racoon: INFO: IPsec-SA established: ESP/Tunnel 192.168.1.150[500]->10.0.0.1[500]
And then I get a constant (~1/sec) stream of the following: racoon: DEBUG: KA: 192.168.1.150[500]->10.0.0.1[500] racoon: DEBUG: sockname 192.168.1.150[500] racoon: DEBUG: send packet from 192.168.1.150[500] racoon: DEBUG: send packet to 10.0.0.1[500] racoon: DEBUG: src4 192.168.1.150[500] racoon: DEBUG: dst4 10.0.0.1[500] racoon: DEBUG: 1 times of 1 bytes message will be sent to 10.0.0.1[500] racoon: DEBUG: ff
The only difference I can see is the change from ip[0] to ip[500], going from version 26.4 to version 26.14. What is the [500], and why did that change between the two versions? Is this a config option?
Thanks!
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674
User bili@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c23
--- Comment #23 from Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674
User hmuelle@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c24
Harald Mueller-Ney
Hi, David. It's a good idea for opening another bug. If you don't mind we'll discuss this problem after you open another bug. Thanks! And I'll submit this bug to QA(ast@novell.com) for updating the new version, then close it.
What do you mean bei "updating the new version? Is your intention to ask for an maintenance update, we should release to all SLE10 customers? Looking at the bug, it sound reasonable, but we should fix the other issue first and release both packages fied in one update. Do we already have a bug for the other issue? We need to connect both bugs, this one blocks the other. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674
User bili@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c25
Li Bin
What do you mean bei "updating the new version? I just wanna to know whether this fix need to merge the SLED10.
Is your intention to ask for an maintenance update, we should release to all SLE10 customers? Yes, it's my intention.
Looking at the bug, it sound reasonable, but we should fix the other issue first and release both packages fied in one update. Do we already have a bug for the other issue? We need to connect both bugs, this one blocks the other.
Yes, we already open a new bug #346211, https://bugzilla.novell.com/show_bug.cgi?id=346211 So we'll connect with you after the bug#346211 fixed? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674
User hmuelle@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c26
Harald Mueller-Ney
https://bugzilla.novell.com/show_bug.cgi?id=339674
User bili@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c27
--- Comment #27 from Li Bin
Exactly. Setting this one blocking 346211 (we need to release both together).
It is fine to ask "maintenance" for an maintenance update in the other bug by setting needinfo to ast@novell.com but you should explicitely mention this bug so that whoever will answer for maintenance is aware that both fixes should be released together.
Thanks! I got it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674
User hmuelle@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c29
Harald Mueller-Ney
https://bugzilla.novell.com/show_bug.cgi?id=339674
User uwedr@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c30
Uwe Drechsel
https://bugzilla.novell.com/show_bug.cgi?id=339674
User bili@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c31
--- Comment #31 from Li Bin
openSUSE is not covered by L3 support, which is needed here. A fix is going to be released as Maintenance Update for SUSE Linux Enterprise Desktop.
I assume you need the fix for SLED, right?
Yes, and also I've submit the new package to STABLE for next release for OpenSUSE 11 and SLED10 SP2. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=339674
User bili@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c32
Li Bin
https://bugzilla.novell.com/show_bug.cgi?id=339674
User ast@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=339674#c34
--- Comment #34 from Anja Stock
participants (1)
-
bugzilla_noreply@novell.com