IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Pluto terminating with illegal instruction

From: Andreas Haumer (andreas_at_xss.co.at)
Date: Tue May 07 2002 - 21:41:43 CEST

Hi!

I observe a strange problem with FreeS/WAN 1-96 and x509
patch v0.9.9

I have this software running on several Linux gateways and
it works quite well with both PSK and x509 certificates.

But in the past few days I had several setups, where I
couldn't get FreeS/WAN to work: using "strace" I found out
that in the initial startup phase, Pluto just terminates with
"illegal instruction" error.

In the syslog I usually find something like this (with plutodebug=all)
[...]
May 7 12:19:31 server Pluto[11068]: loading secrets from
"/etc/ipsec.secrets"
May 7 12:19:31 server Pluto[11068]: loaded private key file
'/etc/ipsec.d/private/demoKey.pem' (887 bytes)
May 7 12:19:31 server Pluto[11068]: | file content is not binary
ASN.1
May 7 12:19:31 server Pluto[11068]: | -----BEGIN RSA PRIVATE
KEY-----
May 7 12:19:31 server Pluto[11068]: | -----END RSA PRIVATE KEY-----
May 7 12:19:31 server Pluto[11068]: | file coded in PEM format
May 7 12:19:31 server Pluto[11068]: | L0 - RSAPrivateKey:
May 7 12:19:31 server Pluto[11068]: | L1 - version:
May 7 12:19:31 server Pluto[11068]: | L1 - modulus:
May 7 12:19:31 server Pluto[11068]: | L1 - publicExponent:
May 7 12:19:31 server Pluto[11068]: | L1 - privateExponent:
May 7 12:19:31 server Pluto[11068]: | L1 - prime1:
May 7 12:19:31 server Pluto[11068]: | L1 - prime2:
May 7 12:19:31 server Pluto[11068]: | L1 - exponent1:
May 7 12:19:31 server Pluto[11068]: | L1 - exponent2:
May 7 12:19:31 server Pluto[11068]: | L1 - coefficient:
[...]

After the last message, pluto is gone and of course my tunnel
doesn't work.

It looks like it has something to do with the performance
of the system: I observed this error on the following
hardware setups: Pentium-133, Pentium-200, AMD K6-400

I then tried with exactly the same IPsec software and config
files (same IP adresses, same networking configuration) on
a PIII-866 system, and here it works fine!

On the PIII the syslog looks like this:

[...]
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: loading secrets
from "/etc/ipsec.secrets"
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: loaded private
key file '/etc/ipsec.d/private/demoKey.pem' (887 bytes)
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | file content is
not binary ASN.1
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | -----BEGIN RSA
PRIVATE KEY-----
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | -----END RSA
PRIVATE KEY-----
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | file coded in
PEM format
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | L0 -
RSAPrivateKey:
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | L1 - version:
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | L1 - modulus:
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | L1 -
publicExponent:
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | L1 -
privateExponent:
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | L1 - prime1:
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | L1 - prime2:
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | L1 - exponent1:
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | L1 - exponent2:
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | L1 - coefficient:
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | next event
EVENT_SHUNT_SCAN in 119 seconds
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: |
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | *received whack
message
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | route owner of
"xssnet" CK_PERMANENT unrouted: NULL; eroute owner: NULL
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | route owner of
"xssnet" CK_PERMANENT unrouted: NULL; eroute owner: NULL
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | add eroute
192.168.163.0/24 -> 192.168.162.0/24 => %trap
May 7 21:07:36 router.demo.xss.co.at Pluto[1330]: | finish_pfkey_msg:
SADB_X_ADDFLOW message 5 for flow %trap
[...]

And then it goes on configuring the tunnel and everything
works fine...

So far, all the systems, where I have FreeS/WAN successfully
runnig, have processors faster that K6-400: PIII-800, PIII-866,
K6-500, Celeron-400, Athlon-800!

All systems, where pluto is terminating on me have processors
slower that or equal to AMD K6-400: P-133, P-200!

All hardware in question seems to be stable, the AMD K6-400
did survive a complete "make world" of our linux distribution
(complete compile run for about 400 RPM's which takes about
2900 minutes on this machine)

Both userspace utilities and kernel (Linux-2.2.20 and 2.2.21rc3)
were compiled with gcc-2.95.3, pluto is linked against glibc-2.1.3
and libgmp-3.1.1

Does this problem description ring any bell for anyone?

If I find the time I'll try to attach my debugger to Pluto
when it starts up in order to find out where exactly it
stomps over this illegal instruction. It just puzzles me
that it seems to be dependant on the speed of the prozessor!

Regards,

- andreas 

-- 
Andreas Haumer                     | mailto:andreas_at_xss.co.at
*x Software + Systeme              | http://www.xss.co.at/
Karmarschgasse 51/2/20             | Tel: +43-1-6060114-0
A-1100 Vienna, Austria             | Fax: +43-1-6060114-71
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST