While experimenting with IPsec between NetBSD and FreeBSD, I
ran into this glitch when I migrated to dynamic keys using racoon.
racoon on the NetBSD system would core-dump:

	...
2001-05-03 08:03:39: DEBUG: ipsec_doi.c:380:get_ph1approvalx(): acceptable
proposal found.

Program received signal SIGSEGV, Segmentation fault.
0x8082589 in vdup (src=0x0)
    at
/usr/src/usr.sbin/racoon/racoon/../../../crypto/dist/kame/racoon/vmbuf.c:
108
108             if ((new = vmalloc(src->l)) == NULL)
(gdb)

So for the heck of it, I tweaked the small function containing
this code to return NULL if "src" itself is NULL prior to this line.

Curiously enough this seemed to allow the key assignment to complete
successfully, so I didn't bother investigating what lead to the
original call with a NULL base pointer.

Oh yes, while I'm on the subject, the sample racoon.conf file
includes "twofish" on the "encryption_algorithm" proposal list.

It would seem this encryption method is not in my copy of -current.
racoon seems to feel if one of a half dozen proposed algorithms
is not available, it should punt rather than continue on with a
warning.  So I had to remove it from the list to proceed.

Cheers,

-- Ken Wellsch