Project

General

Profile

Bug #6160

strongswan can start twice in some cases, leading to non-functional IPsec

Added by Chris Buechler almost 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
High
Category:
IPsec
Target version:
Start date:
04/14/2016
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.3
Affected Architecture:

Description

If vpn_ipsec_configure is called twice at almost exactly the same time, 'ipsec start' will run twice and it will start twice. Normally that's not possible because it checks for the PID, but if it's close enough together two instances can start. You end up with logs like:

Apr 13 19:32:38   charon      07[KNL] error sending to PF_KEY socket: No buffer space available
no socket implementation registered, sending failed

This has always been possible in theory, but something in 2.3/strongswan 5.4.0 makes it happen where it doesn't appear to have ever happened previously.

Putting a lock around vpn_ipsec_configure confirmed to fix, commit coming momentarily.

Associated revisions

Revision c520e3e3 (diff)
Added by Chris Buechler almost 3 years ago

Add lock in vpn_ipsec_configure. Ticket #6160

Revision 82ea06cb (diff)
Added by Chris Buechler almost 3 years ago

Add lock in vpn_ipsec_configure. Ticket #6160

Revision 0201d917 (diff)
Added by Chris Buechler almost 3 years ago

Add lock in vpn_ipsec_configure. Ticket #6160

History

#1 Updated by Chris Buechler almost 3 years ago

  • Status changed from Confirmed to Feedback

that change confirmed to work on a customer system hitting the problem.

#2 Updated by Chris Buechler almost 3 years ago

  • Status changed from Feedback to Resolved

multiple people seeing this issue confirmed fixed

Also available in: Atom PDF