Subject: Re: racoon status?
To: None <tech-security@netbsd.org>
From: Greg Troxel <gdt@ir.bbn.com>
List: tech-security
Date: 08/09/2007 11:05:30
My problem: on -current (i386), racoon fails to start complaining that
it doesn't have any addresses. If I add a listen-address directive, it
works fine. I have never before needed a listen-address directive in
all my years of running racoon. This is awkward on a machine that
changes addresses.
On current as of 200-07-19,
racoon -d -F yields:
Foreground mode.
2007-08-09 10:55:27: INFO: @(#)ipsec-tools cvs (http://ipsec-tools.sourceforge.net)
2007-08-09 10:55:27: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
2007-08-09 10:55:27: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2007-08-09 10:55:27: DEBUG: call pfkey_send_register for AH
2007-08-09 10:55:27: DEBUG: call pfkey_send_register for ESP
2007-08-09 10:55:27: DEBUG: call pfkey_send_register for IPCOMP
2007-08-09 10:55:27: INFO: Resize address pool from 0 to 255
2007-08-09 10:55:27: DEBUG: reading config file /etc/racoon/racoon.conf
2007-08-09 10:55:27: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2007-08-09 10:55:27: DEBUG: getsainfo params: loc='ANONYMOUS', rmt='ANONYMOUS', peer='NULL', id=0
2007-08-09 10:55:27: DEBUG: getsainfo pass #2
2007-08-09 10:55:27: DEBUG: open /var/run/racoon.sock as racoon management.
2007-08-09 10:55:27: DEBUG: configuring default isakmp port.
2007-08-09 10:55:27: NOTIFY: NAT-T is enabled, autoconfiguring ports
2007-08-09 10:55:27: DEBUG: 0 addrs are configured successfully
2007-08-09 10:55:27: ERROR: no address could be bound.
This is the only change that looks maybe relevant:
Index: session.c
===================================================================
RCS file: /cvsroot/src/crypto/dist/ipsec-tools/src/racoon/session.c,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -p -u -p -r1.7 -r1.8
--- session.c 30 Sep 2006 16:14:18 -0000 1.7
+++ session.c 6 Jun 2007 09:47:29 -0000 1.8
@@ -1,4 +1,4 @@
-/* $NetBSD: session.c,v 1.7 2006/09/30 16:14:18 manu Exp $ */
+/* $NetBSD: session.c,v 1.8 2007/06/06 09:47:29 vanhu Exp $ */
/* $KAME: session.c,v 1.32 2003/09/24 02:01:17 jinmei Exp $ */
@@ -228,8 +228,9 @@ session(void)
if (lcconf->rtsock >= 0 && FD_ISSET(lcconf->rtsock, &rfds)) {
if (update_myaddrs() && lcconf->autograbaddr)
- sched_new(5, check_rtsock, NULL);
- initfds();
+ check_rtsock(NULL);
+ else
+ initfds();
}
}
}
It looks ok - it may be that something has changed in current and that
this problem isn't really in racoon.