From: 陈琳涛 <chenlt@iceflow.cn>
To: u-boot@lists.denx.de
Subject: [U-Boot] Pluto not work after log message : Errno 28: No space left on device
Date: Mon, 15 Dec 2008 13:40:50 +0800 [thread overview]
Message-ID: <016801c95e77$b04faaa0$10eeffe0$@cn> (raw)
Hi , all :
Linux kernel 2.6.19 , klips nat-t patched
Openswan 2.4.9
pluto not work after message
2008/12/14 16:36:10 INTERNET pluto[1415]: ERROR: "PROFILE_1"[676]
60.166.215.36 #21071: pfkey write() of SADB_ADD message 63711 for Add SA
tun.4593 at 60.166.215.36 failed. Errno 28: No space left on device
I defined only on roadwarrior connection , It worked well for quit a long
time under 500 peers (Linksys box).
Now clients increased to 700 and Pluto refused to work with lots of ERROR
messages below . I ?GREPED? only the first error connection for short .
It happens at rekeying period . SADB buffer overflow ? ? memory leak ??
Any suggestions , Thx
/etc/ipsec.conf
version 2
config setup
interfaces=?ipsec0=eth0?
pluto=yes
plutowait=no
plutodebug=none
klipsdebug=none
uniqueids=yes
nat_traversal=no
nhelpers=0
conn %default
type=tunnel
keyingtries=0
keyexchange=ike
auto=start
authby=secret
auth=esp
ikelifetime=1h
rekeymargin=10m
rekeyfuzz=20%
keylife=8h
compress=no
conn PROFILE_1
pfs=yes
keylife=3600s
ikelifetime=86400s
ike=des-md5-modp768,des-sha1-modp768,3des-md5,3des-sha1,3des-md5
esp=3des-md5
compress=no
left=218.xx.xx.xx
leftnexthop=218.xx.xx.xx
leftsubnet=129.100.248.0/21
leftsourceip=129.100.253.50
auto=add
right=%any
rightsubnetwithin=0.0.0.0/0
#Disable Opportunistic Encryption
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
Log ?
2008/12/14 15:45:26 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#18338: initiating Main Mode to replace #15846
2008/12/14 15:45:26 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#18338: You should NOT use insecure IKE algorithms (OAKLEY_DES_CBC)!
2008/12/14 15:45:26 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#18338: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
2008/12/14 15:45:26 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#18338: STATE_MAIN_I2: sent MI2, expecting MR2
2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#18338: I did not send a certificate because I do not have one.
2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#18338: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#18338: STATE_MAIN_I3: sent MI3, expecting MR3
2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#18338: Main mode peer ID is ID_IPV4_ADDR: '60.166.215.36'
2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#18338: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#18338: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_des_cbc_64 prf=oakley_md5 group=modp768}
2008/12/14 15:45:27 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#18340: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS to replace #15848
{using isakmp#18338}
2008/12/14 15:45:28 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#18340: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
2008/12/14 15:45:28 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#18340: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xbbe29168
<0x9c158064 xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
2008/12/14 15:50:18 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#15846: received Delete SA(0xf432d9a4) payload: deleting IPSEC State #15848
2008/12/14 15:50:18 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#15846: received and ignored informational message
2008/12/14 16:33:43 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20930: initiating Main Mode to replace #18338
2008/12/14 16:33:44 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20930: You should NOT use insecure IKE algorithms (OAKLEY_DES_CBC)!
2008/12/14 16:33:44 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20930: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
2008/12/14 16:33:44 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20930: STATE_MAIN_I2: sent MI2, expecting MR2
2008/12/14 16:33:44 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20930: I did not send a certificate because I do not have one.
2008/12/14 16:33:44 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20930: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
2008/12/14 16:33:44 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20930: STATE_MAIN_I3: sent MI3, expecting MR3
2008/12/14 16:33:45 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20930: Main mode peer ID is ID_IPV4_ADDR: '60.166.215.36'
2008/12/14 16:33:45 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20930: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
2008/12/14 16:33:45 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20930: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_des_cbc_64 prf=oakley_md5 group=modp768}
2008/12/14 16:34:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20946: responding to Main Mode from unknown peer 60.166.215.36
2008/12/14 16:34:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20946: You should NOT use insecure IKE algorithms (OAKLEY_DES_CBC)!
2008/12/14 16:34:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20946: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
2008/12/14 16:34:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20946: STATE_MAIN_R1: sent MR1, expecting MI2
2008/12/14 16:34:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20946: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
2008/12/14 16:34:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20946: STATE_MAIN_R2: sent MR2, expecting MI3
2008/12/14 16:34:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20946: Main mode peer ID is ID_IPV4_ADDR: '60.166.215.36'
2008/12/14 16:34:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20946: I did not send a certificate because I do not have one.
2008/12/14 16:34:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20946: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
2008/12/14 16:34:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20946: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_des_cbc_64 prf=oakley_sha
group=modp768}
2008/12/14 16:34:11 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20947: responding to Quick Mode {msgid:fcd27e1e}
2008/12/14 16:34:11 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20947: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
2008/12/14 16:34:11 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#20947: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
2008/12/14 16:34:11 INTERNET pluto[1415]: ERROR: "PROFILE_1"[676]
60.166.215.36 #20947: pfkey write() of SADB_ADD message 63627 for Add SA
esp.d3719364 at 60.166.215.36 failed. Errno 28: No space left on device
2008/12/14 16:36:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21069: responding to Main Mode from unknown peer 60.166.215.36
2008/12/14 16:36:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21069: You should NOT use insecure IKE algorithms (OAKLEY_DES_CBC)!
2008/12/14 16:36:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21069: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
2008/12/14 16:36:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21069: STATE_MAIN_R1: sent MR1, expecting MI2
2008/12/14 16:36:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21069: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
2008/12/14 16:36:09 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21069: STATE_MAIN_R2: sent MR2, expecting MI3
2008/12/14 16:36:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21069: Main mode peer ID is ID_IPV4_ADDR: '60.166.215.36'
2008/12/14 16:36:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21069: I did not send a certificate because I do not have one.
2008/12/14 16:36:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21069: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
2008/12/14 16:36:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21069: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_des_cbc_64 prf=oakley_sha
group=modp768}
2008/12/14 16:36:10 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21071: responding to Quick Mode {msgid:fdc82638}
2008/12/14 16:36:10 INTERNET pluto[1415]: ERROR: "PROFILE_1"[676]
60.166.215.36 #21071: pfkey write() of SADB_ADD message 63711 for Add SA
tun.4593@60.166.215.36 failed. Errno 28: No space left on device
2008/12/14 16:36:38 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21113: responding to Main Mode from unknown peer 60.166.215.36
2008/12/14 16:36:38 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21113: You should NOT use insecure IKE algorithms (OAKLEY_DES_CBC)!
2008/12/14 16:36:38 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21113: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
2008/12/14 16:36:39 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21113: STATE_MAIN_R1: sent MR1, expecting MI2
2008/12/14 16:36:39 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21113: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
2008/12/14 16:36:39 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21113: STATE_MAIN_R2: sent MR2, expecting MI3
2008/12/14 16:36:40 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21113: Main mode peer ID is ID_IPV4_ADDR: '60.166.215.36'
2008/12/14 16:36:40 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21113: I did not send a certificate because I do not have one.
2008/12/14 16:36:40 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21113: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
2008/12/14 16:36:40 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21113: STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_des_cbc_64 prf=oakley_sha
group=modp768}
2008/12/14 16:36:40 INTERNET pluto[1415]: "PROFILE_1"[676] 60.166.215.36
#21118: responding to Quick Mode {msgid:04712648}
reply other threads:[~2008-12-15 5:40 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='016801c95e77$b04faaa0$10eeffe0$@cn' \
--to=chenlt@iceflow.cn \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.