tech-security: Re: racoon status?

Subject: Re: racoon status?
To: VANHULLEBUS Yvan <vanhu@NetBSD.org>
From: Greg Troxel <gdt@ir.bbn.com>
List: tech-security
Date: 08/28/2007 14:32:46
What I haven't done is test the older racoon in netbsd-4 on current, or
the head of racoon on netbsd-4.  I am wondering if this
initfds/check_rtsock is the real issue, or if there's some behavior
change in the kernel.  I tried to update for the other branch but had
trouble.  The stuff manu@ just added to 3RDparty about the other files
will be helpful when I try to do this again.




  Could someone who can reproduce the problem do the test by adding a
  call to initfds() just before the call to check_rtsock() ?

I did that and then get the following.  I also tried a sleep(5) after
initfds before check_rtsock.  But after putting a lot more printfs, it
appears the whole if with the calls we are talking about is not called,
and initfds isn't even called.

Foreground mode.
2007-08-28 13:13:01: INFO: @(#)ipsec-tools cvs (http://ipsec-tools.sourceforge.net)
2007-08-28 13:13:01: INFO: @(#)This product linked OpenSSL 0.9.8e 23 Feb 2007 (http://www.openssl.org/)
2007-08-28 13:13:01: INFO: Reading configuration from "/etc/racoon/racoon.conf"
2007-08-28 13:13:01: DEBUG: call pfkey_send_register for AH
2007-08-28 13:13:01: DEBUG: call pfkey_send_register for ESP
2007-08-28 13:13:01: DEBUG: call pfkey_send_register for IPCOMP
2007-08-28 13:13:01: INFO: Resize address pool from 0 to 255
2007-08-28 13:13:01: DEBUG: reading config file /etc/racoon/racoon.conf
2007-08-28 13:13:01: DEBUG2: lifetime = 600
2007-08-28 13:13:01: DEBUG2: lifebyte = 0
2007-08-28 13:13:01: DEBUG2: encklen=0
2007-08-28 13:13:01: DEBUG2: p:1 t:1
2007-08-28 13:13:01: DEBUG2: 3DES-CBC(5)
2007-08-28 13:13:01: DEBUG2: SHA(2)
2007-08-28 13:13:01: DEBUG2: 1024-bit MODP group(2)
2007-08-28 13:13:01: DEBUG2: RSA signatures(3)
2007-08-28 13:13:01: DEBUG2: 
2007-08-28 13:13:01: DEBUG2: lifetime = 600
2007-08-28 13:13:01: DEBUG2: lifebyte = 0
2007-08-28 13:13:01: DEBUG2: encklen=0
2007-08-28 13:13:01: DEBUG2: p:1 t:2
2007-08-28 13:13:01: DEBUG2: 3DES-CBC(5)
2007-08-28 13:13:01: DEBUG2: SHA(2)
2007-08-28 13:13:01: DEBUG2: 1536-bit MODP group(5)
2007-08-28 13:13:01: DEBUG2: pre-shared key(1)
2007-08-28 13:13:01: DEBUG2: 
2007-08-28 13:13:01: DEBUG2: lifetime = 600
2007-08-28 13:13:01: DEBUG2: lifebyte = 0
2007-08-28 13:13:01: DEBUG2: encklen=0
2007-08-28 13:13:01: DEBUG2: p:1 t:3
2007-08-28 13:13:01: DEBUG2: 3DES-CBC(5)
2007-08-28 13:13:01: DEBUG2: SHA(2)
2007-08-28 13:13:01: DEBUG2: 1024-bit MODP group(2)
2007-08-28 13:13:01: DEBUG2: pre-shared key(1)
2007-08-28 13:13:01: DEBUG2: 
2007-08-28 13:13:01: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2007-08-28 13:13:01: DEBUG: getsainfo params: loc='ANONYMOUS', rmt='ANONYMOUS', peer='NULL', id=0
2007-08-28 13:13:01: DEBUG: getsainfo pass #2
2007-08-28 13:13:01: DEBUG2: parse successed.
2007-08-28 13:13:01: DEBUG: open /var/run/racoon.sock as racoon management.
2007-08-28 13:13:01: DEBUG: configuring default isakmp port.
2007-08-28 13:13:01: NOTIFY: NAT-T is enabled, autoconfiguring ports
2007-08-28 13:13:01: DEBUG: 0 addrs are configured successfully
2007-08-28 13:13:01: ERROR: no address could be bound.