current-users: racoon crash/core dump

Subject: racoon crash/core dump
To: None <current-users@netbsd.org>
From: Dave Huang <khym@azeotrope.org>
List: current-users
Date: 11/18/2005 02:02:01
I'm trying to get an IPsec tunnel set up between a D-Link DI-804HV
(firmware 1.41) and a NetBSD-current/i386 box (November 17 sources,
ipsec-tools 0.6.2). The D-Link is behind a NAT, but both it and
ipsec-tools support NAT-T, so it should work, right?

racoon is crashing trying to dereference a null pointer. Running
racoon -F -v under gdb gives:

Foreground mode.
2005-11-18 01:53:49: INFO: @(#)ipsec-tools 0.6.2 (http://ipsec-tools.sourceforge.net)
2005-11-18 01:53:49: INFO: @(#)This product linked OpenSSL 0.9.7g-fips 11 Apr 2005 (http://www.openssl.org/)
2005-11-18 01:53:49: DEBUG: compression algorithm can not be checked because sadb message doesn't support it.
2005-11-18 01:53:49: DEBUG: open /var/run/racoon.sock as racoon management.
2005-11-18 01:53:50: INFO: 69.15.146.26[500] used as isakmp port (fd=9)
2005-11-18 01:53:50: WARNING: setsockopt(UDP_ENCAP_ESPINUDP_NON_IKE): Invalid argument
2005-11-18 01:53:50: DEBUG: get pfkey X_SPDDUMP message
2005-11-18 01:53:50: DEBUG: get pfkey X_SPDDUMP message
2005-11-18 01:53:50: DEBUG: sub:0xbfbfe620: 69.15.146.26/32[0] 10.1.1.0/24[0] proto=any dir=out
2005-11-18 01:53:50: DEBUG: db :0x80c5c08: 10.1.1.0/24[0] 69.15.146.26/32[0] proto=any dir=in
2005-11-18 01:53:52: DEBUG: ===
2005-11-18 01:53:52: DEBUG: 108 bytes message received from 208.180.124.100[53314] to 69.15.146.26[500]
2005-11-18 01:53:52: DEBUG: 
ff7c6bde 5e3ecd02 00000000 00000000 01100200 00000000 0000006c 0d00003c
00000001 00000001 00000030 01010401 01000010 00000024 01010000 80010005
80020002 80030001 80040002 800b0001 000c0004 00000e10 00000014 7d9419a6
5310ca6f 2c179d92 15529d56
2005-11-18 01:53:52: DEBUG: configuration found for 208.180.124.100.
2005-11-18 01:53:52: DEBUG: ===
2005-11-18 01:53:52: INFO: respond new phase 1 negotiation: 69.15.146.26[500]<=>208.180.124.100[53314]
2005-11-18 01:53:52: INFO: begin Identity Protection mode.
2005-11-18 01:53:52: DEBUG: begin.
2005-11-18 01:53:52: DEBUG: seen nptype=1(sa)
2005-11-18 01:53:52: DEBUG: seen nptype=13(vid)
2005-11-18 01:53:52: DEBUG: succeed.
2005-11-18 01:53:52: INFO: received Vendor ID: draft-ietf-ipsec-nat-t-ike-03
2005-11-18 01:53:52: DEBUG: total SA len=56
2005-11-18 01:53:52: DEBUG: 
00000001 00000001 00000030 01010401 01000010 00000024 01010000 80010005
80020002 80030001 80040002 800b0001 000c0004 00000e10
2005-11-18 01:53:52: DEBUG: begin.
2005-11-18 01:53:52: DEBUG: seen nptype=2(prop)
2005-11-18 01:53:52: DEBUG: succeed.
2005-11-18 01:53:52: DEBUG: proposal #1 len=48
2005-11-18 01:53:52: WARNING: SPI size isn't zero, but IKE proposal.
2005-11-18 01:53:52: DEBUG: begin.
2005-11-18 01:53:52: DEBUG: seen nptype=3(trns)
2005-11-18 01:53:52: DEBUG: succeed.
2005-11-18 01:53:52: DEBUG: transform #1 len=36
2005-11-18 01:53:52: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2005-11-18 01:53:52: DEBUG: encryption(3des)
2005-11-18 01:53:52: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2005-11-18 01:53:52: DEBUG: hash(sha1)
2005-11-18 01:53:52: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2005-11-18 01:53:52: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2005-11-18 01:53:52: DEBUG: hmac(modp1024)
2005-11-18 01:53:52: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2005-11-18 01:53:52: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2005-11-18 01:53:52: DEBUG: pair 1:
2005-11-18 01:53:52: DEBUG:  0x80cf650: next=0x0 tnext=0x0
2005-11-18 01:53:52: DEBUG: proposal #1: 1 transform
2005-11-18 01:53:52: DEBUG: prop#=1, prot-id=ISAKMP, spi-size=4, #trns=1
2005-11-18 01:53:52: DEBUG: trns#=1, trns-id=IKE
2005-11-18 01:53:52: DEBUG: type=Encryption Algorithm, flag=0x8000, lorv=3DES-CBC
2005-11-18 01:53:52: DEBUG: type=Hash Algorithm, flag=0x8000, lorv=SHA
2005-11-18 01:53:52: DEBUG: type=Authentication Method, flag=0x8000, lorv=pre-shared key
2005-11-18 01:53:52: DEBUG: type=Group Description, flag=0x8000, lorv=1024-bit MODP group
2005-11-18 01:53:52: DEBUG: type=Life Type, flag=0x8000, lorv=seconds
2005-11-18 01:53:52: DEBUG: type=Life Duration, flag=0x0000, lorv=4
2005-11-18 01:53:52: DEBUG: Compared: DB:Peer
2005-11-18 01:53:52: DEBUG: (lifetime = 28800:3600)
2005-11-18 01:53:52: DEBUG: (lifebyte = 0:0)
2005-11-18 01:53:52: DEBUG: enctype = 3DES-CBC:3DES-CBC
2005-11-18 01:53:52: DEBUG: (encklen = 0:0)
2005-11-18 01:53:52: DEBUG: hashtype = SHA:SHA
2005-11-18 01:53:52: DEBUG: authmethod = pre-shared key:pre-shared key
2005-11-18 01:53:52: DEBUG: dh_group = 1024-bit MODP group:1024-bit MODP group
2005-11-18 01:53:52: DEBUG: an acceptable proposal found.
2005-11-18 01:53:52: DEBUG: hmac(modp1024)
2005-11-18 01:53:52: DEBUG: new cookie:
fc78e928e93da66e 
2005-11-18 01:53:52: DEBUG: add payload of len 56, next type 13
2005-11-18 01:53:52: DEBUG: add payload of len 16, next type 0
2005-11-18 01:53:52: DEBUG: 108 bytes from 69.15.146.26[500] to 208.180.124.100[53314]
2005-11-18 01:53:52: DEBUG: sockname 69.15.146.26[500]
2005-11-18 01:53:52: DEBUG: send packet from 69.15.146.26[500]
2005-11-18 01:53:52: DEBUG: send packet to 208.180.124.100[53314]
2005-11-18 01:53:52: DEBUG: 1 times of 108 bytes message will be sent to 208.180.124.100[53314]
2005-11-18 01:53:52: DEBUG: 
ff7c6bde 5e3ecd02 fc78e928 e93da66e 01100200 00000000 0000006c 0d00003c
00000001 00000001 00000030 01010401 00000000 00000024 01010000 80010005
80020002 80030001 80040002 800b0001 000c0004 00000e10 00000014 afcad713
68a1f1c9 6b8696fc 77570100
2005-11-18 01:53:52: DEBUG: resend phase1 packet ff7c6bde5e3ecd02:fc78e928e93da66e
2005-11-18 01:53:52: DEBUG: ===
2005-11-18 01:53:52: DEBUG: 232 bytes message received from 208.180.124.100[53314] to 69.15.146.26[500]
2005-11-18 01:53:52: DEBUG: 
ff7c6bde 5e3ecd02 fc78e928 e93da66e 04100200 00000000 000000e8 0a000084
143a45d6 b80106bf c0a0f137 8b0cdde7 11407cea f69b738f 867e7705 e855cb71
dd92ab7c 72040954 0c689330 0fac48d1 a3ce485f 758e9728 cabc8aa7 92439b5b
651710b6 5287f774 18f02bf5 f629c84c eeb257f2 367dc962 b73cf86e f8e60c5d
fe6eeca2 d500adf4 bb51ad33 4ca1dacc f3577883 046b0916 9fc27169 d3d7231b
82000018 d8c29d8a d6482275 63035adf f8d45adf ca6dd8f0 82000018 fc1e5443
8964c0f2 7cc23740 26e57adf 866e8ff4 00000018 7a2db399 38685b63 9a8ec909
067e0244 b6e1ddc8
2005-11-18 01:53:52: DEBUG: begin.
2005-11-18 01:53:52: DEBUG: seen nptype=4(ke)
2005-11-18 01:53:52: DEBUG: seen nptype=10(nonce)
2005-11-18 01:53:52: DEBUG: seen nptype=130(nat-d)
2005-11-18 01:53:53: DEBUG: seen nptype=130(nat-d)
2005-11-18 01:53:53: DEBUG: succeed.

Program received signal SIGSEGV, Segmentation fault.
0x08057511 in ident_r2recv (iph1=0x80d0400, msg=0x80cf650)
    at /usr/src/crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c:1066
1066                            if (pa->type == iph1->natt_options->payload_nat_d)
(gdb) print iph1
$1 = (struct ph1handle *) 0x80d0400
(gdb) print iph1->natt_options
$2 = (struct ph1natt_options *) 0x0
(gdb) where
#0  0x08057511 in ident_r2recv (iph1=0x80d0400, msg=0x80cf650)
    at /usr/src/crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c:1066
#1  0x0804efd2 in ph1_main (iph1=0x80d0400, msg=0x80cf650)
    at /usr/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:756
#2  0x0804ea11 in isakmp_main (msg=0x80cf650, remote=0xbfbfe720, 
    local=0xbfbfe6a0)
    at /usr/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:572
#3  0x0804e416 in isakmp_handler (so_isakmp=9)
    at /usr/src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:361
#4  0x0804d3e0 in session ()
    at /usr/src/crypto/dist/ipsec-tools/src/racoon/session.c:180
#5  0x0804cfef in main (ac=3, av=0xbfbfe8c8)
    at /usr/src/crypto/dist/ipsec-tools/src/racoon/main.c:268
#6  0x0804ca06 in ___start ()

Any thoughts on what's wrong?
-- 
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym@azeotrope.org |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 30 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++