Closed AnatoliChe closed 3 years ago
Thank you for the PR @AnatoliChe
I have asked @mcr to review the PR aznd provide feedback.
Your fix seems fine, but it indicates there is a bigger problem. I know that we did some work recently (not yet released), which deals with child SAs getting rekeyed after a parent SA has been replaced. I'm guessing that this is what happened, and why md->pst is NULL. In that case, it should have died earlier and rekeyed the child SA with a new parent SA, or just dropped the child SA as having been replaced already. So I approve the patch, but I'd like to know if you have a way to reproduce this, logs, etc.
Thank you, Michael! I have not way to reproduce it. I have this error when international provider try to do MtM. I believe it related with big and too smart firewall between countries, and corrupted packets. I have some core dumps -rw------- 1 root root 1171456 Jan 18 13:09 core.0.pluto.31038 -rw------- 1 root root 3366912 Jan 19 13:34 core.0.pluto.15812 -rw------- 1 root root 1167360 Jan 17 20:16 core.0.pluto.9389 -rw------- 1 root root 2940928 Dec 28 11:18 core.0.pluto.15151 -rw------- 1 root root 2535424 Dec 22 11:08 core.0.pluto.14148 -rw------- 1 root root 2813952 Dec 22 10:03 core.0.pluto.25961 -rw------- 1 root root 2805760 Dec 18 12:59 core.0.pluto.12403 -rw------- 1 root root 2572288 Dec 16 00:48 core.0.pluto.11515 -rw------- 1 root root 3088384 Dec 16 00:10 core.0.pluto.13068 -rw------- 1 root root 2580480 Dec 10 14:01 core.0.pluto.11569 -rw------- 1 root root 2813952 Dec 10 10:09 core.0.pluto.3209
| Jan 27 14:05:42: complete state transition with STF_IGNORE
| Jan 27 14:05:42: processed 0 messages from cryptographic helpers
| Jan 27 14:05:42: next event EVENT_DPD in 7 seconds for #483 (2021-01-27 14:05:42)
| Jan 27 14:05:42: next event EVENT_DPD in 7 seconds for #483 (2021-01-27 14:05:42)
| Jan 27 14:05:49:
| Jan 27 14:05:49: received 332 bytes from 192.168.1.7:500 on eth0 (port=500) at 2021-01-27 14:05:49
| Jan 27 14:05:49: 8c d3 b0 eb f8 be 49 98 97 00 89 a1 d5 c9 07 56
| Jan 27 14:05:49: 08 10 20 01 35 4b ca b0 00 00 01 4c b3 4a fc 76
| Jan 27 14:05:49: 4e 04 34 78 20 1b 05 de ea f8 62 0f bb 2f 35 65
| Jan 27 14:05:49: ff 0d 03 f5 d8 70 5f 60 ef 06 5f 73 4a 6e 1d 69
| Jan 27 14:05:49: ac 77 61 ce c0 1c d5 5c ae 18 25 fd 06 d3 3b 0b
| Jan 27 14:05:49: e6 26 8d f0 96 ee 6f 88 64 7e b8 a9 f0 15 74 6d
| Jan 27 14:05:49: 30 68 d6 02 6a 6f 90 56 bf c2 3d c3 d9 f9 25 1a
| Jan 27 14:05:49: ed cd be 67 72 1f ad e4 59 9b dc 31 90 9a 47 31
| Jan 27 14:05:49: 70 24 6c 89 84 aa 87 30 3c 3e 2f 27 b4 66 6e 91
| Jan 27 14:05:49: ec 31 eb e3 f7 7b 29 46 6b 10 29 4d ea 8f 66 4a
| Jan 27 14:05:49: cd ed cc c3 63 25 54 3f 1c 72 32 65 fe a5 ca 37
| Jan 27 14:05:49: b0 1e 79 69 c0 f3 fb e0 ef 5b bc cc 5d 19 e9 ce
| Jan 27 14:05:49: 4c 67 0a 84 a7 55 cf 73 6b 4c cb 88 11 f7 22 2e
| Jan 27 14:05:49: 3c a0 a3 e1 cb 12 b2 99 41 db 67 4b 08 6c 42 12
| Jan 27 14:05:49: 95 04 ee 19 52 28 c7 f4 91 bb 3f f2 b5 63 57 d2
| Jan 27 14:05:49: e1 77 ac 36 99 4a f7 74 a1 c9 fb 51 7e c4 f9 29
| Jan 27 14:05:49: f6 58 6c af af 02 65 74 66 f7 bb 72 65 35 41 74
| Jan 27 14:05:49: 67 3c c2 57 35 64 45 7e fa a1 59 21 d0 be 33 2f
| Jan 27 14:05:49: e8 fe a7 a6 01 6e 1a c7 48 59 ce e9 28 60 88 ee
| Jan 27 14:05:49: 1f ac 68 77 7d a9 cf 91 aa 05 9b d0 eb d7 2b 41
| Jan 27 14:05:49: 51 53 8f e1 f6 f9 6a 5e dd 28 8d 32
| Jan 27 14:05:49: parse ISAKMP Message:
| Jan 27 14:05:49: initiator cookie:
| Jan 27 14:05:49: 8c d3 b0 eb f8 be 49 98
| Jan 27 14:05:49: responder cookie:
| Jan 27 14:05:49: 97 00 89 a1 d5 c9 07 56
| Jan 27 14:05:49: ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| Jan 27 14:05:49: exchange type: ISAKMP_XCHG_QUICK
| Jan 27 14:05:49: flags: ISAKMP_FLAG_ENCRYPTION
| Jan 27 14:05:49: message ID: 35 4b ca b0
| Jan 27 14:05:49: length: 332
| Jan 27 14:05:49: processing version=1.0 packet with exchange type=ISAKMP_XCHG_QUICK (32), msgid: 894159536
| Jan 27 14:05:49: ICOOKIE: 8c d3 b0 eb f8 be 49 98
| Jan 27 14:05:49: RCOOKIE: 97 00 89 a1 d5 c9 07 56
| Jan 27 14:05:49: state hash entry 19
| Jan 27 14:05:49: v1 peer and cookies match on #488, provided msgid 354bcab0 vs 354bcab0
| Jan 27 14:05:49: v1 state object #488 found, in STATE_QUICK_I1
| Jan 27 14:05:49: processing connection 192_168_0_7-192_168_1_7
| Jan 27 14:05:49: received encrypted packet from 192.168.1.7:500
| Jan 27 14:05:49: decrypting 304 bytes using algorithm OAKLEY_AES_CBC
| Jan 27 14:05:49: decrypted:
| Jan 27 14:05:49: 01 00 00 18 b1 82 92 63 00 e2 44 82 91 60 f9 a2
| Jan 27 14:05:49: cf d8 7c 14 ca a8 c4 71 0a 00 00 38 00 00 00 01
| Jan 27 14:05:49: 00 00 00 01 00 00 00 2c 00 03 04 01 77 4a 6a 53
| Jan 27 14:05:49: 00 00 00 20 00 0c 00 00 80 03 00 05 80 04 00 02
| Jan 27 14:05:49: 80 01 00 01 80 02 04 b0 80 05 00 02 80 06 00 80
| Jan 27 14:05:49: 04 00 00 14 80 cf 53 35 50 e0 25 7f 1e 97 6d 9e
| Jan 27 14:05:49: ba b8 1d e4 00 00 00 c4 6d 17 6c 25 d7 5b 41 c2
| Jan 27 14:05:49: f2 95 e1 bf 4b 8d ca 75 c6 d7 0a d9 1c fa 0e 0b
| Jan 27 14:05:49: be 80 48 ca 5b cb 35 b2 d0 f6 c0 c4 d3 8a 2d 83
| Jan 27 14:05:49: 1f f4 f6 04 f5 eb e4 60 f1 6d d3 f1 d9 19 d1 f8
| Jan 27 14:05:49: 9f 6b 75 d3 19 e2 8a d9 0e 11 3e 7f 47 05 70 81
| Jan 27 14:05:49: e8 aa 3f 89 20 70 f7 c3 57 f6 bb 49 3b ad 5b 50
| Jan 27 14:05:49: 9e 5c 97 4f 9e da cd 08 82 8f 72 12 41 e6 8d 6b
| Jan 27 14:05:49: e2 2d fd ba 2b c5 84 01 74 fd 87 c8 39 8e 4a 14
| Jan 27 14:05:49: 58 0f e8 4e 3b 8b 73 d3 5f a0 9c 44 c3 31 4e 48
| Jan 27 14:05:49: d1 50 35 0b 28 85 54 07 4c e4 7a f7 24 c7 92 bf
| Jan 27 14:05:49: ff 4c f7 90 56 cd 0e c3 ce 1e b6 ba 9c 2a 4c 38
| Jan 27 14:05:49: 1a cb ce 29 50 b8 47 87 0c 44 c3 a3 0b a8 3a 4b
| Jan 27 14:05:49: 6f c0 cb a7 2e 55 84 44 00 00 00 00 00 00 00 00
| Jan 27 14:05:49: next IV: eb d7 2b 41 51 53 8f e1 f6 f9 6a 5e dd 28 8d 32
| Jan 27 14:05:49: got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x502 opt: 0x200030
| Jan 27 14:05:49: **parse ISAKMP Hash Payload:
| Jan 27 14:05:49: length: 24
| Jan 27 14:05:49: got payload 0x2(ISAKMP_NEXT_SA) needed: 0x402 opt: 0x200030
| Jan 27 14:05:49: parse ISAKMP Security Association Payload:
| Jan 27 14:05:49: length: 56
| Jan 27 14:05:49: DOI: ISAKMP_DOI_IPSEC
| Jan 27 14:05:49: got payload 0x400(ISAKMP_NEXT_NONCE) needed: 0x400 opt: 0x200030
| Jan 27 14:05:49: parse ISAKMP Nonce Payload:
| Jan 27 14:05:49: length: 20
| Jan 27 14:05:49: got payload 0x10(ISAKMP_NEXT_KE) needed: 0x0 opt: 0x200030
| Jan 27 14:05:49: parse ISAKMP Key Exchange Payload:
| Jan 27 14:05:49: length: 196
| Jan 27 14:05:49: removing 8 bytes of padding
| Jan 27 14:05:49: emit ISAKMP Message:
| Jan 27 14:05:49: initiator cookie:
| Jan 27 14:05:49: 8c d3 b0 eb f8 be 49 98
| Jan 27 14:05:49: responder cookie:
| Jan 27 14:05:49: 97 00 89 a1 d5 c9 07 56
| Jan 27 14:05:49: ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| Jan 27 14:05:49: exchange type: ISAKMP_XCHG_QUICK
| Jan 27 14:05:49: flags: ISAKMP_FLAG_ENCRYPTION
| Jan 27 14:05:49: message ID: 35 4b ca b0
| Jan 27 14:05:49: HASH(2) computed:
| Jan 27 14:05:49: b1 82 92 63 00 e2 44 82 91 60 f9 a2 cf d8 7c 14
| Jan 27 14:05:49: ca a8 c4 71
| Jan 27 14:05:49: **parse IPsec DOI SIT:
| Jan 27 14:05:49: IPsec DOI SIT: SIT_IDENTITY_ONLY
| Jan 27 14:05:49: **parse ISAKMP Proposal Payload:
| Jan 27 14:05:49: length: 44
| Jan 27 14:05:49: proposal number: 0
| Jan 27 14:05:49: protocol ID: PROTO_IPSEC_ESP
| Jan 27 14:05:49: SPI size: 4
| Jan 27 14:05:49: number of transforms: 1
| Jan 27 14:05:49: parsing 4 raw bytes of ISAKMP Proposal Payload into SPI
| Jan 27 14:05:49: SPI 77 4a 6a 53
| Jan 27 14:05:49: *parse ISAKMP Transform Payload (ESP):
| Jan 27 14:05:49: length: 32
| Jan 27 14:05:49: transform number: 0
| Jan 27 14:05:49: transform ID: ESP_AES
| Jan 27 14:05:49: **parse ISAKMP IPsec DOI attribute:
| Jan 27 14:05:49: af+type: GROUP_DESCRIPTION
| Jan 27 14:05:49: length/value: 5
| Jan 27 14:05:49: [5 is OAKLEY_GROUP_MODP1536]
| Jan 27 14:05:49: **parse ISAKMP IPsec DOI attribute:
| Jan 27 14:05:49: af+type: ENCAPSULATION_MODE
| Jan 27 14:05:49: length/value: 2
| Jan 27 14:05:49: [2 is ENCAPSULATION_MODE_TRANSPORT]
| Jan 27 14:05:49: **parse ISAKMP IPsec DOI attribute:
| Jan 27 14:05:49: af+type: SA_LIFE_TYPE
| Jan 27 14:05:49: length/value: 1
| Jan 27 14:05:49: [1 is SA_LIFE_TYPE_SECONDS]
| Jan 27 14:05:49: **parse ISAKMP IPsec DOI attribute:
| Jan 27 14:05:49: af+type: SA_LIFE_DURATION
| Jan 27 14:05:49: length/value: 1200
| Jan 27 14:05:49: **parse ISAKMP IPsec DOI attribute:
| Jan 27 14:05:49: af+type: AUTH_ALGORITHM
| Jan 27 14:05:49: length/value: 2
| Jan 27 14:05:49: [2 is AUTH_ALGORITHM_HMAC_SHA1]
| Jan 27 14:05:49: **parse ISAKMP IPsec DOI attribute:
| Jan 27 14:05:49: af+type: KEY_LENGTH
| Jan 27 14:05:49: length/value: 128
| Jan 27 14:05:49: kernel_alg_esp_enc_ok(12,128): alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
| Jan 27 14:05:49: DH public value received:
| Jan 27 14:05:49: 6d 17 6c 25 d7 5b 41 c2 f2 95 e1 bf 4b 8d ca 75
| Jan 27 14:05:49: c6 d7 0a d9 1c fa 0e 0b be 80 48 ca 5b cb 35 b2
| Jan 27 14:05:49: d0 f6 c0 c4 d3 8a 2d 83 1f f4 f6 04 f5 eb e4 60
| Jan 27 14:05:49: f1 6d d3 f1 d9 19 d1 f8 9f 6b 75 d3 19 e2 8a d9
| Jan 27 14:05:49: 0e 11 3e 7f 47 05 70 81 e8 aa 3f 89 20 70 f7 c3
| Jan 27 14:05:49: 57 f6 bb 49 3b ad 5b 50 9e 5c 97 4f 9e da cd 08
| Jan 27 14:05:49: 82 8f 72 12 41 e6 8d 6b e2 2d fd ba 2b c5 84 01
| Jan 27 14:05:49: 74 fd 87 c8 39 8e 4a 14 58 0f e8 4e 3b 8b 73 d3
| Jan 27 14:05:49: 5f a0 9c 44 c3 31 4e 48 d1 50 35 0b 28 85 54 07
| Jan 27 14:05:49: 4c e4 7a f7 24 c7 92 bf ff 4c f7 90 56 cd 0e c3
| Jan 27 14:05:49: ce 1e b6 ba 9c 2a 4c 38 1a cb ce 29 50 b8 47 87
| Jan 27 14:05:49: 0c 44 c3 a3 0b a8 3a 4b 6f c0 cb a7 2e 55 84 44
| Jan 27 14:05:49: started looking for secret for @192_168_0_7->@192_168_1_7 of kind PPK_PSK
| Jan 27 14:05:49: actually looking for secret for @192_168_0_7->@192_168_1_7 of kind PPK_PSK
| Jan 27 14:05:49: line 1: key type PPK_PSK(@192_168_0_7) to type PPK_RSA
| Jan 27 14:05:49: concluding with best_match=0 lineno=-1
| Jan 27 14:05:49: 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 3
| Jan 27 14:05:49: asking helper 0 to do compute dh(p2) op on seq: 990 (len=2760, pcw_work=1)
| Jan 27 14:05:49: crypto helper write of request: cnt=2760<wlen=2760.
| Jan 27 14:05:49: deleting event for #488
| Jan 27 14:05:49: inserting event EVENT_CRYPTO_FAILED, timeout in 300 seconds for #488
| Jan 27 14:05:49: event added after event EVENT_SA_REPLACE for #483
| Jan 27 14:05:49: complete state transition with STF_SUSPEND
| Jan 27 14:05:49: processed 0 messages from cryptographic helpers
| Jan 27 14:05:49: next event EVENT_DPD in 0 seconds for #483 (2021-01-27 14:05:49)
| Jan 27 14:05:49: time to handle event
| Jan 27 14:05:49: at 2021-01-27 14:05:49 handling event EVENT_DPD
| Jan 27 14:05:49: event after this is EVENT_PENDING_DDNS in 7 seconds
| Jan 27 14:05:49: processing connection 10_10_10_7-10.10.11_7
! Jan 27 14:05:49: helper 0 read 2752+4/2760 bytesfd: 8
| Jan 27 14:05:49: find_phase1_state: found SA #474 for conn '10_10_10_7-10.10.11_7' in state STATE_MAIN_I4
| Jan 27 14:05:49: DPD: processing for state #483 ("10_10_10_7-10.10.11_7")
! Jan 27 14:05:49: helper 0 doing compute dh(p2) op id: 990
| Jan 27 14:05:49: get esp.b8654f97@10.10.10.7
! Jan 27 14:05:49: peer's g: 6d 17 6c 25 d7 5b 41 c2 f2 95 e1 bf 4b 8d ca 75
! Jan 27 14:05:49: peer's g: c6 d7 0a d9 1c fa 0e 0b be 80 48 ca 5b cb 35 b2
! Jan 27 14:05:49: peer's g: d0 f6 c0 c4 d3 8a 2d 83 1f f4 f6 04 f5 eb e4 60
! Jan 27 14:05:49: peer's g: f1 6d d3 f1 d9 19 d1 f8 9f 6b 75 d3 19 e2 8a d9
| Jan 27 14:05:49: DPD: out event not sent, phase 2 active
! Jan 27 14:05:49: peer's g: 0e 11 3e 7f 47 05 70 81 e8 aa 3f 89 20 70 f7 c3
! Jan 27 14:05:49: peer's g: 57 f6 bb 49 3b ad 5b 50 9e 5c 97 4f 9e da cd 08
| Jan 27 14:05:49: inserting event EVENT_DPD, timeout in 30 seconds for #483
! Jan 27 14:05:49: peer's g: 82 8f 72 12 41 e6 8d 6b e2 2d fd ba 2b c5 84 01
| Jan 27 14:05:49: event added after event EVENT_DPD for #494
! Jan 27 14:05:49: peer's g: 74 fd 87 c8 39 8e 4a 14 58 0f e8 4e 3b 8b 73 d3
| Jan 27 14:05:49: next event EVENT_PENDING_DDNS in 7 seconds
! Jan 27 14:05:49: peer's g: 5f a0 9c 44 c3 31 4e 48 d1 50 35 0b 28 85 54 07
! Jan 27 14:05:49: peer's g: 4c e4 7a f7 24 c7 92 bf ff 4c f7 90 56 cd 0e c3
! Jan 27 14:05:49: peer's g: ce 1e b6 ba 9c 2a 4c 38 1a cb ce 29 50 b8 47 87
! Jan 27 14:05:49: peer's g: 0c 44 c3 a3 0b a8 3a 4b 6f c0 cb a7 2e 55 84 44
! Jan 27 14:05:49: calc_dh_shared(): time elapsed (OAKLEY_GROUP_MODP1536): 911 usec
! Jan 27 14:05:49: DH shared-secret:
! Jan 27 14:05:49: ca f4 fa 0c f5 c0 64 1f ad 5c 10 08 71 b4 b2 25
! Jan 27 14:05:49: 78 76 18 07 02 e9 01 45 dc 03 79 c0 6e 4a 08 e3
! Jan 27 14:05:49: f8 0b 5a d9 e5 33 11 f7 39 69 0c bc 82 75 d6 8d
! Jan 27 14:05:49: 68 e7 d2 67 a2 65 1d e6 18 55 77 62 1a 0d b9 2c
! Jan 27 14:05:49: 43 d0 c3 08 e8 10 76 be 81 12 b7 71 ee f4 07 09
! Jan 27 14:05:49: ed 45 ce b5 0c 92 b6 0e e1 d9 95 4a 44 64 c4 5e
! Jan 27 14:05:49: 82 da 68 e3 f2 b5 b1 3a d6 a4 10 1f 4e be 54 e5
! Jan 27 14:05:49: bd 24 ef 99 d7 a4 1e b6 56 6e 28 61 6d b8 45 7b
! Jan 27 14:05:49: 6a 8f 2c 7c a8 54 3b b5 ec 7a e4 a1 41 ea bb 64
! Jan 27 14:05:49: 8d 24 e5 39 7d fc 79 2b ea 51 1c 23 6f 7c 57 d9
! Jan 27 14:05:49: 3d b3 78 b7 3f 0f ef 8a 69 85 19 f9 16 5d c1 8e
! Jan 27 14:05:49: bb 95 16 a4 4e 00 c1 03 37 94 f2 c8 af ec 05 fe
| Jan 27 14:05:49:
| Jan 27 14:05:49: helper 0 has finished work (cnt now 1)
| Jan 27 14:05:49: helper 0 replies to id: q#990
| Jan 27 14:05:49: calling callback function 0x564be429c680
| Jan 27 14:05:49: quick inI1_outR1: calculated ke+nonce, calculating DH
| Jan 27 14:05:49: processing connection 192_168_0_7-192_168_1_7
| Jan 27 14:05:49: *emit ISAKMP Hash Payload:
| Jan 27 14:05:49: emitting 20 zero bytes of HASH into ISAKMP Hash Payload
| Jan 27 14:05:49: emitting length of ISAKMP Hash Payload: 24
| Jan 27 14:05:49: HASH(3) computed: a1 d4 bb e4 9b 92 20 59 f3 3a bb 09 5c 74 2d 9a
| Jan 27 14:05:49: HASH(3) computed: 1d 13 b6 cb
| Jan 27 14:05:49: compute_proto_keymat:needed_len (after ESP enc)=16
| Jan 27 14:05:49: compute_proto_keymat:needed_len (after ESP auth)=36
| Jan 27 14:05:49: ESP KEYMAT
| Jan 27 14:05:49: KEYMAT computed:
| Jan 27 14:05:49: 8c 5b 17 ad ed 86 24 04 f7 b7 7f 87 31 d2 74 a2
| Jan 27 14:05:49: a7 f2 52 9e 4f f4 6b fe 42 ac 20 a3 da f4 8a 73
| Jan 27 14:05:49: ce 60 fd d2
| Jan 27 14:05:49: Peer KEYMAT computed:
| Jan 27 14:05:49: 96 9e 54 49 71 eb e0 88 24 f7 d8 20 c9 33 36 21
| Jan 27 14:05:49: 14 0f e2 f3 c0 f9 9a b8 3d 76 fe 13 1e 6d 2f 87
| Jan 27 14:05:49: aa 44 ea 60
| Jan 27 14:05:49: state #488: install_ipsec_sa() for inbound and outbound
| Jan 27 14:05:49: route owner of "192_168_0_7-192_168_1_7" erouted: self; eroute owner: self
| Jan 27 14:05:49: could_route called for 192_168_0_7-192_168_1_7 (kind=CK_PERMANENT)
| Jan 27 14:05:49: state #488: now setting up incoming SA
Jan 27 14:05:49: pluto_crypto_helper: helper [nonnss] (2) is exiting normally
Jan 27 14:05:49: pluto_crypto_helper: helper [nonnss] (1) is exiting normally
Jan 27 14:05:49: pluto_crypto_helper: helper [nonnss] (0) is exiting normally
Segmentation fault (core dumped)
Thank you @AnatoliChe
I have cherry-picked it into the master branch.
We have segfault in setup_half_ipsec_sa if parent st is NULL. Core was generated by `/usr/local/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipse'. Program terminated with signal SIGSEGV, Segmentation fault.
0 setup_half_ipsec_sa (parent_st=parent_st@entry=0x0, st=st@entry=0x55bfdfa00050, sr=sr@entry=0x7ffeaece2d30, inbound=inbound@entry=1) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/kernel.c:1718
1718 const char *inbound_str = inbound ? "inbound" : "outbound"; (gdb) bt
0 setup_half_ipsec_sa (parent_st=parent_st@entry=0x0, st=st@entry=0x55bfdfa00050, sr=sr@entry=0x7ffeaece2d30, inbound=inbound@entry=1) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/kernel.c:1718
1 0x000055bfdf7591a8 in install_ipsec_sa (parent_st=0x0, st=st@entry=0x55bfdfa00050, inbound_also=inbound_also@entry=1) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/kernel.c:3020
2 0x000055bfdf73e6a7 in quick_inR1_outI2_cryptotail (r=r@entry=0x7ffeaece31e0, dh=) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/ikev1_quick.c:2639
3 0x000055bfdf73e96e in quick_inR1_outI2_continue (pcrc=0x55bfdf9c9df0, r=0x7ffeaece31e0, ugh=0x0) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/ikev1_quick.c:2472
4 0x000055bfdf769d2f in handle_helper_comm (w=w@entry=0x55bfdf999440) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/pluto_crypt.c:827
5 0x000055bfdf76ab3b in pluto_crypto_helper_ready (readfds=readfds@entry=0x7ffeaece4890) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/pluto_crypt.c:1101
6 0x000055bfdf72c9e9 in call_server () at /usr/src/staging/openswan-2.6.52.3/programs/pluto/server.c:798
7 0x000055bfdf716faf in main (argc=, argv=) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/plutomain.c:1134
(gdb) frame 0 (gdb) p parent_st $17 = (struct state *) 0x0
(gdb) frame 1
1 0x000055bfdf7591a8 in install_ipsec_sa (parent_st=0x0, st=st@entry=0x55bfdfa00050, inbound_also=inbound_also@entry=1) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/kernel.c:3020
3020 if(!setup_half_ipsec_sa(parent_st, st, sr, TRUE)) {
(gdb) p parent_st $3 = (struct state *) 0x0
(gdb) frame 2
2 0x000055bfdf73e6a7 in quick_inR1_outI2_cryptotail (r=r@entry=0x7ffeaece31e0, dh=) at /usr/src/staging/openswan-2.6.52.3/programs/pluto/ikev1_quick.c:2639
2639 if (!install_ipsec_sa(md->pst, st, TRUE)) (gdb) p md->pst $18 = (struct state *) 0x0