Red Hat Bugzilla – Bug 443626
Pluto segfault with host-to-host config and other host down
Last modified: 2009-09-02 07:19:37 EDT
Description of problem:
If I configure simple host-to-host connection while the other host is down,
pluto segfaults within few minutes.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. configure host-to-host IPsec connection (my ipsec.conf attached)
2. turn off one host
3. service ipsec restart
4. pluto will segfault within few minutes
Apr 22 17:45:22 xen15 ipsec__plutorun: /usr/libexec/ipsec/_plutorun: line 250:
fault /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --use-netkey --nat_traversal
I haven't been able to grab a core file - is there anything I might be missing
apart from having ulimit -c unlimited?
Created attachment 303332 [details]
A new openswan package 2.6.12-1 was built recently. Not sure if this was fixed
already in the new package.
(In reply to comment #3)
> A new openswan package 2.6.12-1 was built recently. Not sure if this was
> already in the new package.
Nope, still there with 2.6.12
Adding "ikev2=always" to the tunnel configuration avoids the crash - but
disables automatic downgrade to IKEv1. There might be other side effects as well.
To grab a core file, add e.g. "dumpdir=/tmp" to the "config setup" section.
Created attachment 303661 [details]
pluto core file
Thanks for the pointer, Mirek. Here goes the core file..
Created attachment 305104 [details]
Rewrite ikev2->ikev1 fallback code
The attached patch fixes the crash, but I have only tested it in the provided
configuration, not with any peer.
See http://bugs.xelerance.com/view.php?id=922 for the upstream bug report and
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release. Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products. This request is not yet committed for inclusion in an Update
This patch appears to be included in 2.6.14.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.