New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
xl2tpd 1.3.1 refuse connection after some period of time #1
Comments
I am also filled bugreport on Debian bugtracker: |
looks this bug have been fixed in http://www.xelerance.com, but now I cannot find xl2tpd project. the bug id is 1305, and I have bug patch for that , if you need contact me, guozhengqian0825@126.com |
Hello, qianguozheng Are this bug id (1305) from Debian BTS? Can you please tell me more about your's patch? |
patches have been sent to you , it was from the opensouce |
What is going on with this? |
I have not received the patch myself, so I cannot integrate it. I have just emailed qianguozheng to request it. |
I just pulled a patch by wxiaoguang into the testing branch I but I seriously doubt it would fix this problem. I will wait for qianguozheng to provide info. Check the testing branch, just in case. |
have mailed to you, please have a check. At 2012-12-26 05:57:07,xelerance notifications@github.com wrote: I just pulled a patch by wxiaoguang into the testing branch I but I seriously doubt it would fix this problem. I will wait for qianguozheng to provide info. Check the testing branch, just in case. — |
I am not sure if this problem is regarding xl2tpd, take a look at this: |
have you tried only restart xl2tpd to see if it works right ? At 2012-12-29 21:16:23,MikeyMike notifications@github.com wrote: I am not sure if this problem is regarding xl2tpd, take a look at this: — |
Ok finally I found some time and it seems that the problem is exactly as it is described here -> https://www.openswan.org/issues/1263, which means it is regarding openswan not xl2tpd. Probably we can close this one down? |
Also apparently via http://www.mentby.com/Group/openswan-users/disconnect-causes-failure.html - "Actual bug causing this was found and fixed. 2.6.29", I will try to upgrade and let you guys know. |
Below is the patch that was sent to me by qianguozheng. No disrespect but I do not like this patch as the same code is present in call.c to handle the same situation. I would prefer if we focused on finding out why xl2tpd.c/magic_lac_dial is not returning proper return codes and why call.c/destroy_call doesn't try looping on error. Anyone want to try handling that ? --- a/xl2tpd.c 2012-06-25 23:53:52.448963426 +0400
|
Any update ? |
We believe it is a Openswan problem. Closing until such time as we get an xl2tpd test case. |
Ok, it seems that this is not openswan problem but rather xl2tpd, currently I have one tunnel up (tunnel #2) and some stalled rules in |
So the story goes like that: Openswan has dpd set to send packets every 5 seconds and timeout to 30 seconds with action clear.
I can see entries regarding this particular tunnel in |
I do believe that this is not an openswan problem too, since I'm using strongswan. I also tried xl2tpd/1.3.6+dfsg-2 from Debian testing, the problem still occurs.
Also I'm using mobile connection, so some packet loss might be involved. |
`dial_no_tmp` should not be freed by close of a single tunnel since it is a global storage for all tunnels both now present and future ones. From the following log we know destroy_tunnel() was called twice and the 2nd one trying to free dial_on_tmp is a double-free. <...> Wed Aug 12 02:12:00 2015 daemon.debug xl2tpd[5711]: trying to send control packet to 60302 Wed Aug 12 02:12:00 2015 daemon.debug xl2tpd[5711]: control_xmit: Scheduling and transmitting packet 0 Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: trying to send control packet to 27590 Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: control_xmit: Scheduling and transmitting packet 1 Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: trying to send control packet to 63807 Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: Unable to deliver closing message for tunnel 63807. Destroying anyway. Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: call_close: Actually closing tunnel 63807 Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: trying to send control packet to 60302 Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: control_xmit: Scheduling and transmitting packet 0 Wed Aug 12 02:12:02 2015 daemon.debug xl2tpd[5711]: trying to send control packet to 27590 Wed Aug 12 02:12:02 2015 daemon.debug xl2tpd[5711]: Unable to deliver closing message for tunnel 27590. Destroying anyway. Wed Aug 12 02:12:02 2015 daemon.debug xl2tpd[5711]: call_close: Actually closing tunnel 27590 <SEGFAULT> This GDB session showed that musl-libc intentionally caused a memory access segment to indicate double-free [1]. (gdb) bt #0 0x7729e9a4 in free () from /lib/ld-musl-mipsel-sf.so.1 xelerance#1 0x00401f26 in destroy_tunnel (t=0x77274840) at xl2tpd.c:695 xelerance#2 0x00407e44 in call_close (c=0xc076a0) at call.c:273 xelerance#3 0x0040873c in control_xmit (b=0x77274cc0) at network.c:260 xelerance#4 0x00409600 in process_schedule (ptv=ptv@entry=0x7feae89c) at scheduler.c:47 xelerance#5 0x004088e8 in network_thread () at network.c:457 xelerance#6 0x00401338 in main (argc=<optimized out>, argv=<optimized out>) at xl2tpd.c:1882 (gdb) info registers zero at v0 v1 a0 a1 a2 a3 R0 00000000 7fead661 00000090 00000001 77274007 00000151 00000032 ffffffee t0 t1 t2 t3 t4 t5 t6 t7 R8 00000000 80c00730 80c00728 32303330 7feae1c8 77322320 2e333031 00000090 s0 s1 s2 s3 s4 s5 s6 s7 R16 772740c8 00c076a0 7731b568 7731d0e0 77315000 77294ffc 7feaeb04 77315000 t8 t9 k0 k1 gp sp s8 ra R24 00422ff8 7729e930 00000000 00000000 77322320 7feae720 00000000 00401f27 status lo hi badvaddr cause pc 0000b713 000d6585 00000673 00000000 0080000c 7729e9a4 fcsr fir restart 00000000 00739300 00000000 (gdb) x/4i 0x7729e9a4 => 0x7729e9a4 <free+116>: sb zero,0(zero) 0x7729e9a8 <free+120>: lw ra,68(sp) 0x7729e9ac <free+124>: lw s8,64(sp) 0x7729e9b0 <free+128>: lw s7,60(sp) [1] simplify and improve double-free check, http://git.musl-libc.org/cgit/musl/commit/?id=ce7c6341d38ecd3af4d1e01032e9ea8b4078aa97 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
`dial_no_tmp` should not be freed by close of a single tunnel since it is a global storage for all tunnels both now present and future ones. From the following log we know destroy_tunnel() was called twice and the 2nd one trying to free dial_on_tmp is a double-free. <...> Wed Aug 12 02:12:00 2015 daemon.debug xl2tpd[5711]: trying to send control packet to 60302 Wed Aug 12 02:12:00 2015 daemon.debug xl2tpd[5711]: control_xmit: Scheduling and transmitting packet 0 Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: trying to send control packet to 27590 Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: control_xmit: Scheduling and transmitting packet 1 Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: trying to send control packet to 63807 Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: Unable to deliver closing message for tunnel 63807. Destroying anyway. Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: call_close: Actually closing tunnel 63807 Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: trying to send control packet to 60302 Wed Aug 12 02:12:01 2015 daemon.debug xl2tpd[5711]: control_xmit: Scheduling and transmitting packet 0 Wed Aug 12 02:12:02 2015 daemon.debug xl2tpd[5711]: trying to send control packet to 27590 Wed Aug 12 02:12:02 2015 daemon.debug xl2tpd[5711]: Unable to deliver closing message for tunnel 27590. Destroying anyway. Wed Aug 12 02:12:02 2015 daemon.debug xl2tpd[5711]: call_close: Actually closing tunnel 27590 <SEGFAULT> This GDB session showed that musl-libc intentionally caused a memory access segfault to indicate double-free error [1]. (gdb) bt #0 0x7729e9a4 in free () from /lib/ld-musl-mipsel-sf.so.1 xelerance#1 0x00401f26 in destroy_tunnel (t=0x77274840) at xl2tpd.c:695 xelerance#2 0x00407e44 in call_close (c=0xc076a0) at call.c:273 xelerance#3 0x0040873c in control_xmit (b=0x77274cc0) at network.c:260 xelerance#4 0x00409600 in process_schedule (ptv=ptv@entry=0x7feae89c) at scheduler.c:47 xelerance#5 0x004088e8 in network_thread () at network.c:457 xelerance#6 0x00401338 in main (argc=<optimized out>, argv=<optimized out>) at xl2tpd.c:1882 (gdb) info registers zero at v0 v1 a0 a1 a2 a3 R0 00000000 7fead661 00000090 00000001 77274007 00000151 00000032 ffffffee t0 t1 t2 t3 t4 t5 t6 t7 R8 00000000 80c00730 80c00728 32303330 7feae1c8 77322320 2e333031 00000090 s0 s1 s2 s3 s4 s5 s6 s7 R16 772740c8 00c076a0 7731b568 7731d0e0 77315000 77294ffc 7feaeb04 77315000 t8 t9 k0 k1 gp sp s8 ra R24 00422ff8 7729e930 00000000 00000000 77322320 7feae720 00000000 00401f27 status lo hi badvaddr cause pc 0000b713 000d6585 00000673 00000000 0080000c 7729e9a4 fcsr fir restart 00000000 00739300 00000000 (gdb) x/4i 0x7729e9a4 => 0x7729e9a4 <free+116>: sb zero,0(zero) 0x7729e9a8 <free+120>: lw ra,68(sp) 0x7729e9ac <free+124>: lw s8,64(sp) 0x7729e9b0 <free+128>: lw s7,60(sp) [1] simplify and improve double-free check, http://git.musl-libc.org/cgit/musl/commit/?id=ce7c6341d38ecd3af4d1e01032e9ea8b4078aa97 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
I'm having the same issue with @fluential. I'm having ec2 ubuntu instance running. The xl2tp connection hangs after couple of seconds after connection. Can anyone out there offer some help? |
Fix #98 by checking if a valid PID is being killed
Package: xl2tpd
Version: 1.3.1+dfsg-1
Severity: normal
Hello,
I configured xl2tdp and it accept connection from Android phone, linux and mac os x. But. after some period of time (for example 1 hour) it just stop accept connections. I run xl2tpd in debug mode from server console: "xl2tpd -D" and catch some log when it refuses connections from mac os x:
root@domU-12-31-39-00-8A-6B:~# xl2tpd -D
xl2tpd[16379]: setsockopt recvref[30]: Protocol not available
xl2tpd[16379]: This binary does not support kernel L2TP.
xl2tpd[16379]: xl2tpd version xl2tpd-1.3.1 started on domU-12-31-39-00-8A-6B PID:16379
xl2tpd[16379]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
xl2tpd[16379]: Forked by Scott Balmos and David Stipp, (C) 2001
xl2tpd[16379]: Inherited by Jeff McAdams, (C) 2002
xl2tpd[16379]: Forked again by Xelerance (www.xelerance.com) (C) 2006
xl2tpd[16379]: Listening on IP address 10.254.141.149, port 1701
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size = 85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204, port 64843.
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size = 85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204, port 64843.
xl2tpd[16379]: control_finish: Peer requested tunnel 13 twice, ignoring second one.
xl2tpd[16379]: build_fdset: closing down tunnel 31268
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size = 85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204, port 64843.
xl2tpd[16379]: control_finish: Peer requested tunnel 13 twice, ignoring second one.
xl2tpd[16379]: build_fdset: closing down tunnel 39311
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size = 85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204, port 64843.
xl2tpd[16379]: control_finish: Peer requested tunnel 13 twice, ignoring second one.
xl2tpd[16379]: build_fdset: closing down tunnel 64416
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: Maximum retries exceeded for tunnel 40270. Closing.
xl2tpd[16379]: Connection 13 closed to 89.252.56.204, port 64843 (Timeout)
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size = 85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204, port 64843.
xl2tpd[16379]: control_finish: Peer requested tunnel 13 twice, ignoring second one.
xl2tpd[16379]: build_fdset: closing down tunnel 44389
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: Unable to deliver closing message for tunnel 40270. Destroying anyway.
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size = 85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204, port 64843.
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: recv packet from 89.252.56.204, size = 85, tunnel = 0, call = 0 ref=0 refhim=0
xl2tpd[16379]: get_call: allocating new tunnel for host 89.252.56.204, port 64843.
xl2tpd[16379]: control_finish: Peer requested tunnel 13 twice, ignoring second one.
xl2tpd[16379]: build_fdset: closing down tunnel 43361
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: Maximum retries exceeded for tunnel 7393. Closing.
xl2tpd[16379]: Connection 13 closed to 89.252.56.204, port 64843 (Timeout)
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: network_thread: select timeout
xl2tpd[16379]: Unable to deliver closing message for tunnel 7393. Destroying anyway.
-- System Information:
Debian Release: wheezy/sid
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-0.bpo.2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.utf8)
Shell: /bin/sh linked to /bin/dash
Versions of packages xl2tpd depends on:
ii libc6 2.13-31 Embedded GNU C Library: Shared lib
ii libpcap0.8 1.2.1-1 system interface for user-level pa
ii ppp 2.4.5-5 Point-to-Point Protocol (PPP) - da
xl2tpd recommends no packages.
xl2tpd suggests no packages.
-- Configuration Files:
/etc/init.d/xl2tpd changed:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/xl2tpd
NAME=xl2tpd
DESC=xl2tpd
test -x $DAEMON || exit 0
if [ -f /etc/default/xl2tpd ] ; then
. /etc/default/xl2tpd
fi
PIDFILE=/var/run/$NAME.pid
set -e
case "$1" in
start)
echo -n "Starting $DESC: "
test -d ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} || mkdir -p ${XL2TPD_RUN_DIR:-/var/run/xl2tpd}
start-stop-daemon --start --quiet --pidfile $PIDFILE
--exec $DAEMON -- $DAEMON_OPTS
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --oknodo --stop --quiet --pidfile $PIDFILE
--exec $DAEMON
echo "$NAME."
;;
force-reload)
test -d ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} || mkdir -p ${XL2TPD_RUN_DIR:-/var/run/xl2tpd}
# check whether $DAEMON is running. If so, restart
start-stop-daemon --stop --test --quiet --pidfile
$PIDFILE --exec $DAEMON
&& $0 restart
|| exit 0
;;
restart)
test -d ${XL2TPD_RUN_DIR:-/var/run/xl2tpd} || mkdir -p ${XL2TPD_RUN_DIR:-/var/run/xl2tpd}
#rm -fv /var/log/xl2tpd//
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile
$PIDFILE --exec $DAEMON
sleep 1
start-stop-daemon --start --quiet --pidfile
$PIDFILE --exec $DAEMON -- $DAEMON_OPTS
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0
/etc/xl2tpd/xl2tpd.conf changed:
[global] ; Global parameters:
debug network = yes
debug tunnel = yes
port = 1701 ; * Bind to port 1701
listen-addr = 176.9.1.119
auth file = /etc/xl2tpd/l2tp-secrets ; * Where our challenge secrets are
access control = no ; * Refuse connections without IP match
rand source = dev ; Source for entropy for random
[lns default] ; Our fallthrough LNS definition
exclusive = no ; * Only permit one tunnel per host
ip range = 10.3.1.2-10.3.2.255
local ip = 10.3.1.1
refuse authentication = yes ; * Refuse authentication altogether
refuse pap = yes ; * Refuse PAP authentication
refuse chap = yes
ppp debug = yes ; * Turn on PPP debugging
pppoptfile = /etc/ppp/options.l2tpd ; * ppp options file
name = granite.stidia.com
length bit = yes
-- no debconf information
I will provide any info to help fix this problem.
The text was updated successfully, but these errors were encountered: