Subject: Re: IPSEC still fails on BETA2/vax
To: None <itojun@iijlab.net>
From: Olaf Seibert <rhialto@polderland.nl>
List: current-users
Date: 07/09/2002 01:37:30
On Tue 09 Jul 2002 at 07:58:20 +0900, itojun@iijlab.net wrote:
> >I have the console output now, it crashed the very first time this time
> >around. Another difference is that the values as printed seem ok now.
> >Pid 176 would be raccoon, I expect.
> 
> 	my wild guess is that you are running two copies of racoon daemon by
> 	mistake.

Yes, first I thought that this might be a small possibility: for a few
tests I had to stop racoon and re-start it so that on the Alpha side at
least the keys were all set. So I tried it again, very carefully, to
make sure. Now I think the pid must be that of the setkey command
itself, because of the output of ps (see below).

There was a small delay, a few seconds or so, before the machine
crashed. I was starting to type "ps" again to check the pid. It might
have been caused by one of these packets (output from tcpdump):

01:19:25.008193 xzan.falu.nl > azenomei.falu.nl: ESP(spi=166893429,seq=0x12) [tos 0x10]
01:19:25.009171 azenomei.falu.nl > xzan.falu.nl: ESP(spi=101287792,seq=0x12) [tos 0x10]

10.0.0.5 is azenomei, the Alpha
10.0.0.7 is xzan, the VAX.

What I think is somewhat strange: if either the VAX or the Alpha would
fail, I would expect it to be the Alpha. i386, probably the most tested
architecture, is more like the VAX than the Alpha: 32-bits
little-endian. the Alpha is different with its 64 bits (but also
little-endian).

setkey -c <<EOF
add 10.0.0.5 10.0.0.7
        esp 101287792
        -m transport
        -E 3des-cbc   0x7f6c66a5789cdba6dee5279222c129719acd934ba04c0634
        -A hmac-sha1  0x613b0980dd68e65be8940f8871302626fd68d4d1
        ;
dump;
EOF
~
~...
~
~
keysAB: 9 lines, 204 characters.
bash-2.04# ps ax
PID TT STAT    TIME COMMAND
  0 ?? DKs  0:00.04 [swapper]
  1 ?? Ss   0:00.61 init 
  2 ?? DK   0:00.00 [scsibus0]
  3 ?? DK   0:00.00 [scsibus1]
  4 ?? DK   0:00.03 [pagedaemon]
  5 ?? DK   0:04.27 [reaper]
  6 ?? DK   0:27.51 [ioflush]
  7 ?? DK   0:00.31 [aiodoned]
 74 ?? Ss   0:03.34 /usr/sbin/syslogd -s 
 79 ?? Ss   0:01.38 /usr/sbin/rpcbind -l 
 82 ?? Ss   0:00.43 /usr/sbin/ypserv -d 
 85 ?? Ss   0:01.64 /usr/sbin/ypbind 
 88 ?? Ss   0:00.41 /usr/sbin/rpc.yppasswdd 
 94 ?? SK   0:00.03 [nfsio]
 95 ?? SK   0:00.03 [nfsio]
 96 ?? SK   0:00.03 [nfsio]
 97 ?? SK   0:00.03 [nfsio]
107 ?? Ss   0:00.25 /usr/sbin/rpc.statd 
109 ?? Ss   0:00.17 /usr/sbin/rpc.lockd 
124 ?? S<s  0:01.97 /usr/sbin/ntpd 
127 ?? Ss   1:46.23 /usr/sbin/sshd 
129 ?? Ss   0:00.92 sendmail: accepting connections 
132 ?? Ss   0:02.82 /usr/sbin/inetd -l 
133 ?? Ss   0:10.05 bash 
148 ?? S    1:31.62 racoon -d -F 
166 ?? R+   0:00.15 ps ax 
bash-2.04# ./keysAB 
2002-07-09 01:19:17: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey REGISTER message
2002-07-09 01:19:17: DEBUG: pfkey.c:231:pfkey_handler(): not supported command REGISTER
2002-07-09 01:19:17: DEBUG: pfkey.c:192:pfkey_handler(): get pfkey ADD message
2002-07-09 01:19:17: DEBUG: pfkey.c:1297:pk_recvadd(): ADD message is not interesting because pid 168 is not mine.
10.0.0.7 10.0.0.5 
        esp mode=transport spi=166893429(0x09f29775) reqid=0(0x00000000)
        E: 3des-cbc  a8a2b35d c4fe619d 13bd41ad 0f37451b 0570adaa f2b57fca
        A: hmac-sha1  50d66c27 844a19ca fa2d221a 5e6b6234 bf6533e7
        seq=0x00000011 replay=4 flags=0x00000000 state=mature 
        created: Jul  9 01:15:23 2002   current: Jul  9 01:19:17 2002
        diff: 234(s)    hard: 43200(s)  soft: 34560(s)
        last: Jul  9 01:19:04 2002      hard: 0(s)      soft: 0(s)
        current: 1840(bytes)    hard: 0(bytes)  soft: 0(bytes)
        allocated: 17   hard: 0 soft: 0
        sadb_seq=1 pid=168 refcnt=2
10.0.0.5 10.0.0.7 
        esp mode=transport spi=101287792(0x06098770) reqid=0(0x00000000)
        E: 3des-cbc  7f6c66a5 789cdba6 dee52792 22c12971 9acd934b a04c0634
        A: hmac-sha1  613b0980 dd68e65b e8940f88 71302626 fd68d4d1
        seq=0x00000000 replay=0 flags=0x00000040 state=mature 
        created: Jul  9 01:19:17 2002   current: Jul  9 01:19:18 2002
        diff: 1(s)      hard: 0(s)      soft: 0(s)
        last:                           hard: 0(s)      soft: 0(s)
        current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
        allocated: 0    hard: 0 soft: 0
        sadb_seq=0 pid=168 refcnt=1
bash-2.04# 
bash-2.04# pp
 85 RESTART SYS
p84 FAIL

 83 BOOT SYS
-DKB0
>> NetBSD/vax boot [1.11 Sat Jun 15 18:30:21 UTC 2002] <<
>> Press any key to abort autoboot 0


> itojun