[prev in list] [next in list] [prev in thread] [next in thread] 

List:       libreswan-dev
Subject:    [Swan-dev] release_whack() not causing whack fd to be released?
From:       Paul Wouters <paul () nohats ! ca>
Date:       2016-10-12 20:33:31
Message-ID: alpine.LRH.2.20.1610121628010.21397 () bofh ! nohats ! ca
[Download RAW message or body]


While adding tests for nss/ocsp (nss-cert-10-notyetvalid-responder) I
noticed that the whack isn't released in the STF_FAIL case:

west #
  ipsec auto --up nss-cert
002 "nss-cert" #1: initiating Main Mode
104 "nss-cert" #1: STATE_MAIN_I1: initiate
106 "nss-cert" #1: STATE_MAIN_I2: sent MI2, expecting MR2
002 "nss-cert" #1: I am sending my cert
002 "nss-cert" #1: I am sending a certificate request
108 "nss-cert" #1: STATE_MAIN_I3: sent MI3, expecting MR3
002 "nss-cert" #1: Main mode peer ID is ID_DER_ASN1_DN: 'C=CA, ST=Ontario, L=Toronto, \
O=Libreswan, OU=Test Department, CN=notyetvalid.testing.libreswan.org, \
E=testing@libreswan.org' 003 "nss-cert" #1: Certificate \
E=testing@libreswan.org,CN=notyetvalid.testing.libreswan.org,OU=Test \
Department,O=Libreswan,L=Toronto,ST=Ontario,C=CA failed verification 003 "nss-cert" \
#1: ERROR: Peer's Certificate has expired. 003 "nss-cert" #1: no RSA public key known \
for 'C=CA, ST=Ontario, L=Toronto, O=Libreswan, OU=Test Department, \
CN=notyetvalid.testing.libreswan.org, E=testing@libreswan.org' 217 "nss-cert" #1: \
STATE_MAIN_I3: INVALID_KEY_INFORMATION 002 "nss-cert" #1: sending encrypted \
notification INVALID_KEY_INFORMATION to 192.1.2.23:500 #\[root@west ]#  timedout send \
line: ipsec auto --up nss-cert echo done

I checkd with gdb, and release_whack() is called in ikev1.c in \
complete_v1_state_transition()

if (IS_PHASE1_INIT(st->st_state)) {
                         delete_event(st);
                         release_whack(st);
                 }

And release_whack() itself is pretty simple:

void release_whack(struct state *st)
{
         close_any(st->st_whack_sock);
}

with close_any being a macro:

include/constants.h:#define close_any(fd)  { if ((fd) != NULL_FD) { close(fd); (fd) = \
NULL_FD; } }


Anyone have any theories as to what could be going on?

Paul
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic