Fixed
Created: Nov 9, 2014
Updated: Dec 3, 2018
Resolved Date: Nov 16, 2014
Previous ID: LIN4-31924
Found In Version: 6.0
Fix Version: 6.0.0.15
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace
Codenomicon ISAKMP robustness test is causing 100% CPU usage from racoon.
One IPSec tunnel is configured between Target (2a00:8a00:4000:11b1::5) and Codenomicon machine(2a00:8a00:4000:10f4:21d:60ff:feb9:91f1).
IPSec rule at both ends:
2a00:8a00:4000:11b1::5/128 <-> 2a00:8a00:4000:10f4:21d:60ff:feb9:91f1/128
Two other ipsec tunnels are configured for LI(Lawful Interception) traffic between Target and VPNGW
a. 10.33.237.205 <-> 10.33.152.235
b. 2a00:8a00:4000:11b1::5 <-> 2a00:8a00:4000:11f9::3
IPSec rules at both ends:
a. 2a00:8a00:4000:11b4::/64 <-> 2a00:8a00:4000:11b6::5/128
b. 10.1.2.0/24 <-> 10.33.237.245/32
During test execution, CPU usage by racoon increases to 100% over the duration of 3-4 hours.
strace on racoon reveals that raccoon is stuck in an indefinite loop doing recvfrom() call at socket descriptor 0.
This socket descriptor 0 is the pfkey descriptor - as found out from /proc entries.
After racoon enters busy loop, it becomes dormant and do not respond to any other messages leading to failures in Codenomicon testcases.
