Package: openswan Version: 1:2.6.28+dfsg-5+squeeze1 Severity: normal Tags: upstream
If OpenSWAN (pluto) manages multiple interfaces and those can get up and down regularly (DSL with PPPoE and automatic 24h disconnect from ISP etc) those devices need to be attached and detached from pluto. In this case, a pluto segfault occurs on trying to detach an interface from pluto by: ip addr flush dev ipsec1 ipsec tncfg --detach --virtual ipsec1 ipsec tncfg --delete ipsec1 ipsec whack --listen Immediately pluto will segfault: Jan 12 06:32:37 rtr-vpn01 kernel: : [93293.818023] pluto[29799]: segfault at 0 ip 08057572 sp bfaf3c00 error 4 in pluto[8048000+ed000] Jan 12 06:32:37 rtr-vpn01 ipsec__plutorun: Segmentation fault Jan 12 06:32:37 rtr-vpn01 ipsec__plutorun: !pluto failure!: exited with error status 139 (signal 11) Jan 12 06:32:37 rtr-vpn01 ipsec__plutorun: restarting IPsec after pause... This problem is reproducable in 2.6.28 and 2.6.38. There is an upstream bugreport at [1]. Paul Wouters from libreswan.org has advised a patch [2] from Redhat that fixes that. And I can confirm that my routers no longer suffer this bug once I have rebuilded 2.6.38 packages with this patch. This patch has already made it into 2.6.39dr3 too. But as there is no 2.6.39 release in sight, this patch should be considered to get into testing too. Cheers, Andreas [1] https://www.openswan.org/issues/1350 [2] https://nazar.karan.org/blob/distro!openswan.git/6d17c5802ca8c630550b645081dcba081c8a2d85/SOURCES!openswan-749605-609343.patch -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/3 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
