Some peers seem to defer DELETEs a few seconds after rekeying the IKE_SA, which
is perfectly valid. For short(er) DPD delays, this leads to the situation where
we send a DPD request during set_state(), but the IKE_SA has no hosts set yet.
Avoid that DPD by resetting the INBOUND timestamp during set_state().
The child_updown() function sets up environment variables to the updown
script. Sometimes call to hydra->kernel_interface->get_interface() could
fail and iface variable could be left uninitialized. This patch fixes
this issue by passing "unknown" as interface name.
Here is the stacktrace:
0 0x00007fa90791f445 in raise () from /lib/x86_64-linux-gnu/libc.so.6
1 0x00007fa907922bab in abort () from /lib/x86_64-linux-gnu/libc.so.6
2 0x0000000000401ed7 in segv_handler (signal=11) at charon.c:183
3 <signal handler called>
4 0x00007fa90793221f in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
5 0x00007fa9079f0580 in __vsnprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6
6 0x00007fa9079f04c8 in __snprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6
7 0x00007fa8f9b95b86 in snprintf (
__fmt=0x7fa8f9b961b8 "2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='%s%s%s' PLUTO_CONNECTION='%s' PLUTO_INTERFACE='%s' PLUTO_REQID='%u' PLUTO_ME='%H' PLUTO_MY_ID='%Y' PLUTO_MY_CLIENT='%H/%u' PLUTO_MY_PORT='%u' PLUTO_MY_PROTOCOL='%u"..., __n=1024, __s=0x7fa8f7923440 "2>&1 PLUTO_VERSION='1.1' PLUTO_VERB='up-host' PLUTO_CONNECTION='remote-40.0.0.40' PLUTO_INTERFACE='\367\250\177")
at /usr/include/x86_64-linux-gnu/bits/stdio2.h:65
8 child_updown (this=0x8486b0, ike_sa=0x7fa8e4005f80, child_sa=0x7fa8d4008290, up=true) at updown_listener.c:308
9 0x00007fa907ecc11c in ?? () from /usr/lib/strongswan/libcharon.so.0
10 0x00007fa907ef89bf in ?? () from /usr/lib/strongswan/libcharon.so.0
11 0x00007fa907ef2fc8 in ?? () from /usr/lib/strongswan/libcharon.so.0
12 0x00007fa907ee84ff in ?? () from /usr/lib/strongswan/libcharon.so.0
13 0x00007fa907ee3067 in ?? () from /usr/lib/strongswan/libcharon.so.0
14 0x00007fa90835e8fb in ?? () from /usr/lib/strongswan/libstrongswan.so.0
15 0x00007fa908360d30 in ?? () from /usr/lib/strongswan/libstrongswan.so.0
16 0x00007fa907cade9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
17 0x00007fa9079db4bd in clone () from /lib/x86_64-linux-gnu/libc.so.6
18 0x0000000000000000 in ?? ()
Signed-Off-By: Ansis Atteka <aatteka@nicira.com>
Before this patch all debug symbols were stripped off and simply
discarded. GDB without debug symbols is barely usable, but at
the same time distributing binaries with debug symbols would
drastically increase strongswan/libstrongswan package size.
Instead of discarding debug symbols, it would be better to strip
them off into a dedicated debian package. So that, if needed, one
could still install them and use GDB.
Signed-off-by: Ansis Atteka <aatteka@nicira.com>
Due to the previous negation the high bits of the mask were set, which
at least some versions of the Android build system prevent with a compile-time
check.