Modify

Opened 7 years ago

Last modified 4 years ago

#7976 new defect

Openswan startup breakage (possibly a regression in [22693])

Reported by: Andy Lutomirski <luto@…> Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: openswan Cc:

Description

Openswan (built from latest trunk) fails to start with an error like this:

authpriv.warn pluto[2699]: starting up 1 cryptographic helpers
authpriv.warn pluto[2699]: started helper pid=2700 (fd:6)
authpriv.warn pluto[2699]: Using Linux 2.6 IPsec interface code on 2.6.32.20 (experimental code)
authpriv.err pluto[2700]: FATAL ERROR: read() failed in get_rnd_byte(). Errno 9: Bad file descriptor

After this, ipsec auto can't find pluto.ctl.

In a recent backfire branch (but also with fairly recent packages), everything worked.

Oddly enough, if I start /usr/libexec/ipsec/pluto myself, it works.

The trigger appears to be --stderrlog. Specifically, if I do:

/usr/libexec/ipsec/pluto --nofork --stderrlog --secretsfile /etc/ipsec
.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids

everything works, but if I do:

/usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec
.secrets --ipsecdir /etc/ipsec.d --use-auto --uniqueids

then I get that error and nothing works.

This is 100% reproducible, and I'm mystified as to what's going on.

Attachments (0)

Change History (6)

comment:1 Changed 7 years ago by sisoftrg@…

I confirm the bug for svn head of backfire branch.
However, with IPSECplutostderrlog=/tmp/pluto.log pluto works fine.

comment:2 Changed 7 years ago by Andy Lutomirski <luto@…>

I added

export IPSECplutostderrlog=/dev/null

to the top of /etc/init.d/ipsec and now it works. strace -f isn't working for me, so this is rather difficult to track down for real.

comment:3 Changed 7 years ago by Andy Lutomirski <luto@…>

Filed upstream as https://gsoc.xelerance.com/issues/1140

Maybe they have a clue.

comment:4 Changed 7 years ago by heil

I can confirm this problem too. One workarround is to to have
plutodebug="control parsing" in config setup

Iam running OpenWrt under xen, kvm and esx

comment:5 Changed 7 years ago by heil

you can also add plutostderrlog="/tmp/pluto.log" in the default section. So no init script needs to be changed.

comment:6 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.