Subject: Re: racoon broken by recent changes
To: None <current-users@netbsd.org>
From: Jeff <jeffi@rcn.com>
List: current-users
Date: 06/05/2005 11:04:49
On Fri, Jun 03, 2005 at 03:14:21PM -0400, Jeff wrote:
> On Tue, May 17, 2005 at 08:46:17PM +1000, Daniel Carosone wrote:
> [snip]
> > In the first incarnation, it would negotiate phase 1, and simply time
> > out phase 2, repeating forever. After a second rebuild to -current
> > today, the behaviour has changed.. I now get a phase 2 negotiation
> > reported, and then the following:
> >
> > /netbsd: key_update: no SA index found.
> > racoon: ERROR: pfkey UPDATE failed: No such file or directory
> >
> > Is -current racoon working for anyone else, either with itself or with
> > older peers?
> >
>
> Another reply to this thread suggests that reverting to an older
> racoon binary "works". I tried reverting all of ipsec-tools to
> 20050501 without success.
>
Further testing has indicated that ipsec-tools/src/racoon checked out
20050419 works, however 20050420 does not.
There were a number of changes commited on 20050420.
After testing it appears isakmp_inf.c is related to the issue.
Index: isakmp_inf.c
===================================================================
RCS file:
/export/cvs/netbsd/src/crypto/dist/ipsec-tools/src/racoon/isakmp_inf.c,v
retrieving revision 1.1.1.3
retrieving revision 1.2
diff -u -r1.1.1.3 -r1.2
--- isakmp_inf.c 14 Mar 2005 08:14:30 -0000 1.1.1.3
+++ isakmp_inf.c 19 Apr 2005 19:42:09 -0000 1.2
@@ -1,4 +1,4 @@
-/* $NetBSD$ */
+/* $NetBSD: isakmp_inf.c,v 1.1.1.3 2005/03/14 08:14:30 manu Exp $ */
/* Id: isakmp_inf.c,v 1.14.4.2 2005/03/02 20:00:03 vanhu Exp */
@@ -1028,7 +1028,7 @@
if (iph2) {
/* Delete the SPD entry if we
* generated it
*/
- if (iph2->ph1 && iph2->ph1->rmconf && iph2->ph1->rmconf->gen_policy) {
+ if (iph2->generated_spidx) {
struct policyindex spidx;
struct sockaddr_storage addr;
u_int8_t pref;
However this code is not present in today's racoon code.
I hope that this helps someone more familiar with the code track down
the problem.