tech-net: IPSEC/racoon: double SAs

Subject: IPSEC/racoon: double SAs
To: None <tech-net@netbsd.org>
From: Matthias Drochner <M.Drochner@fz-juelich.de>
List: tech-net
Date: 09/12/2002 13:46:44
Hi -

it just happened for me that an ESP tunnel mode negotiation lead
to two SAs in each direction on one side. Because the SA unknown
to the other end was used, the other side complained a lot:
"IPv4 ESP input: no key association found for spi 111506327"
in its kernel output.

Anyone seen this? The box with the double SAs is -current from a
couple of weeks ago, the other side almost up-to-date.
(After a "setkey -F" on the former one everything went normal.)

retry misbehavior, race condition??? already fixed???

best regards
Matthias


# setkey -D
134.94.206.1 134.94.206.11
        esp mode=tunnel spi=41368665(0x02773c59) reqid=0(0x00000000)
        E: 3des-cbc  8a1f754a 5dedaf54 9e2db65f 752752fb 37a6a4bd 3c17dc17
        A: hmac-sha1  dc393d53 ef2948e2 ab727c38 33970be6 ae4e5848
        seq=0x00000000 replay=4 flags=0x00000000 state=mature
        created: Sep 12 13:17:13 2002   current: Sep 12 13:31:35 2002
        diff: 862(s)    hard: 43200(s)  soft: 34560(s)
        last:                           hard: 0(s)      soft: 0(s)
        current: 0(bytes)       hard: 0(bytes)  soft: 0(bytes)
        allocated: 0    hard: 0 soft: 0
        sadb_seq=3 pid=5345 refcnt=1
134.94.206.1 134.94.206.11
        esp mode=tunnel spi=111506327(0x06a57397) reqid=0(0x00000000)
        E: 3des-cbc  d569e046 8f4e83fc 58cd5286 cbe159d0 2593158e 97a1e3f9
        A: hmac-sha1  deed4883 127cf508 bd1006b4 aff13ec8 ce52eb0f
        seq=0x0000005d replay=4 flags=0x00000000 state=mature
        created: Sep 12 13:17:12 2002   current: Sep 12 13:31:35 2002
        diff: 863(s)    hard: 43200(s)  soft: 34560(s)
        last: Sep 12 13:31:33 2002      hard: 0(s)      soft: 0(s)
        current: 18968(bytes)   hard: 0(bytes)  soft: 0(bytes)
        allocated: 93   hard: 0 soft: 0
        sadb_seq=2 pid=5345 refcnt=2
134.94.206.11 134.94.206.1
        esp mode=tunnel spi=15371803(0x00ea8e1b) reqid=0(0x00000000)
        E: 3des-cbc  989330a5 51d315af 7f3ee00d 72501f71 1c0d318a 244708f9
        A: hmac-sha1  21ccb459 c5c4cb19 b34869c2 2c9f0da3 cce0644e
        seq=0x00000056 replay=4 flags=0x00000000 state=mature
        created: Sep 12 13:17:13 2002   current: Sep 12 13:31:35 2002
        diff: 862(s)    hard: 43200(s)  soft: 34560(s)
        last: Sep 12 13:31:33 2002      hard: 0(s)      soft: 0(s)
        current: 6026(bytes)    hard: 0(bytes)  soft: 0(bytes)
        allocated: 86   hard: 0 soft: 0
        sadb_seq=1 pid=5345 refcnt=1
134.94.206.11 134.94.206.1
        esp mode=tunnel spi=207047846(0x0c574ca6) reqid=0(0x00000000)
        E: 3des-cbc  8d486b8d 88efbded 0cebb29c caaeac43 161c143b 88f35529
        A: hmac-sha1  94ed4eb7 73ad0d5a 7752a73e 2e84c0ad 286ca7f4
        seq=0x00000004 replay=4 flags=0x00000000 state=mature
        created: Sep 12 13:17:12 2002   current: Sep 12 13:31:35 2002
        diff: 863(s)    hard: 43200(s)  soft: 34560(s)
        last: Sep 12 13:17:13 2002      hard: 0(s)      soft: 0(s)
        current: 304(bytes)     hard: 0(bytes)  soft: 0(bytes)
        allocated: 4    hard: 0 soft: 0
        sadb_seq=0 pid=5345 refcnt=1