CSTP reconnect segfault on HEAD

Jack Miller jack at codezen.org
Wed Jun 27 18:07:16 EDT 2012 

On Wed, Jun 27, 2012 at 09:16:10PM +0100, David Woodhouse wrote:
> On Wed, 2012-06-27 at 12:09 -0500, Jack Miller wrote:
> > Recently, I noticed that it's been segfaulting about every hour, so I
> > built from git and fired it up in GDB. I got this backtrace:
> 
> Secondary concern: why in hell are you seeing a CSTP reconnect every
> hour anyway? Is this happening even while the connection is in use?

Yes, I've had it disconnect me quite a bit while in the middle of long-ish
transfers.

> 
> Can you show the output of openconnect with the '-v' option as you
> connect, and also as the disconnect/reconnect happens?

I've appended the relevant sections of the log and redacted some of the
network topology stuff - better safe than sorry. It appears that it's just
configured that way (DTLS-Rekey-Time = 3600). As I mentioned before, I can't
comment on the validity of the setup =).

- Jack

--------------------------------------------------------------------------
Attempting to connect to []:443
SSL negotiation with []
Matched DNS altname '[]'
Connected to HTTPS on []
GET https://[]/
Got HTTP response: HTTP/1.0 302 Object Moved
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Cache-Control: no-cache
Pragma: no-cache
Connection: Close
Date: Wed, 27 Jun 2012 20:44:33 GMT
Location: /+webvpn+/index.html
Set-Cookie: tg=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
HTTP body length:  (0)
SSL negotiation with []
Matched DNS altname '[]'
Connected to HTTPS on []
GET https://[]/+webvpn+/index.html
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpn=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnc=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpnlogin=1; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
Fixed options give 
POST https://[]/+webvpn+/index.html
Got HTTP response: HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: text/xml
Cache-Control: max-age=0
Set-Cookie: webvpnlogin=; expires=Thu, 01 Jan 1970 22:00:00 GMT; path=/; secure
Set-Cookie: webvpn=<elided>; path=/; secure
Set-Cookie: webvpnc=bu:/CACHE/stc/&p:t&iu:1/&sh:CB201E91F1BA1E094A5648B92EF6B7BE121DCF94&lu:/+CSCOT+/translation-table?textdomain%3DAnyConnect%26type%3Dmanifest&fu:profiles%2FWatsonProfile.xml&fh:BC1A54FB5A8DDAF76F18FF9E9D5474CCAB8663B1; path=/; secure
Set-Cookie: webvpnx=
Set-Cookie: webvpnaac=1; path=/; secure
X-Transcend-Version: 1
HTTP body chunked (-2)
TCP_INFO rcv mss 1368, snd mss 1368, adv mss 1448, pmtu 1500
Got CONNECT response: HTTP/1.1 200 OK
...
X-DTLS-Rekey-Time: 3600
X-CSTP-MTU: 1355
X-DTLS-CipherSuite: AES256-SHA
X-CSTP-Routing-Filtering-Ignore: false
X-CSTP-Quarantine: false
X-CSTP-Disable-Always-On-VPN: false
X-CSTP-TCP-Keepalive: true
CSTP connected. DPD 30, Keepalive 20
DTLS option X-DTLS-Session-ID : 245CBA11166427EAB403833741BFF884BC02781F1B4BBE384408843CD1BDD914
DTLS option X-DTLS-Port : 443
DTLS option X-DTLS-Keepalive : 20
DTLS option X-DTLS-DPD : 30
DTLS option X-DTLS-Rekey-Time : 3600
DTLS option X-DTLS-CipherSuite : AES256-SHA
DTLS connected. DPD 30, Keepalive 20
Connected tun0 as [], using SSL
--------------------------------------------------------------------------

Then, it's pretty much identical chatter for the rekey. This is running the
patch from your previous mail, so it didn't crash.

--------------------------------------------------------------------------
DTLS rekey due
SSL negotiation with []
Matched DNS altname '[]'
Connected to HTTPS on []
TCP_INFO rcv mss 1368, snd mss 1368, adv mss 1448, pmtu 1500
Got CONNECT response: HTTP/1.1 200 OK
X-CSTP-Version: 1
...
X-CSTP-Keep: true
X-CSTP-Rekey-Time: 3600
X-CSTP-Rekey-Method: new-tunnel
X-CSTP-DPD: 30
X-CSTP-Keepalive: 20
X-CSTP-MSIE-Proxy-Lockdown: true
X-CSTP-Smartcard-Removal-Disconnect: true
X-DTLS-Session-ID: 25030952259265BACC034C81E78C596268E4C09863D72B9070617F96D5905796
X-DTLS-Port: 443
X-DTLS-Keepalive: 20
X-DTLS-DPD: 30
X-DTLS-Rekey-Time: 3600
X-CSTP-MTU: 1355
X-DTLS-CipherSuite: AES256-SHA
X-CSTP-Routing-Filtering-Ignore: false
X-CSTP-Quarantine: false
X-CSTP-Disable-Always-On-VPN: false
X-CSTP-TCP-Keepalive: true
CSTP connected. DPD 30, Keepalive 20
No work to do; sleeping for 20000 ms...
No work to do; sleeping for 20000 ms...
Established DTLS connection (using OpenSSL)
--------------------------------------------------------------------------

More information about the openconnect-devel mailing list