*** This bug is a duplicate of bug 695328 *** https://bugs.launchpad.net/bugs/695328 Moving the hldb initialization before the initializations of the fw extensions fixes the seg fault. Not sure how this affects BUG ID 695328. -- You received this bug notification because you are a member of HIPL core team, which is subscribed to HIPL. https://bugs.launchpad.net/bugs/700959 Title: hipfw segfaults when started with -Aid Status in Host Identity Protocol for Linux: New Bug description: Start in order: hipfw -Aid hipd and the result is: debug(firewall/firewall.c:1916@hip_fw_wait_for_hipd): Sleeping until hipd is running... debug(lib/core/message.c:312@hip_sendto_hipd): Sending user message 16 to HIPD on socket 4 debug(lib/core/message.c:316@hip_sendto_hipd): Sent 40 bytes debug(lib/core/message.c:376@hip_send_recv_daemon_info_internal: Waiting to receive daemon info. error(lib/core/message.c:149@hip_peek_recv_total_len): recv() peek error (is hipd running?) error(firewall/firewall.c:617@hip_query_default_local_hit_from_: send/recv daemon info debug(firewall/firewall.c:1916@hip_fw_wait_for_hipd): Sleeping until hipd is running... debug(lib/core/message.c:312@hip_sendto_hipd): Sending user message 16 to HIPD on socket 4 debug(lib/core/message.c:316@hip_sendto_hipd): Sent 40 bytes debug(lib/core/message.c:376@hip_send_recv_daemon_info_internal: Waiting to receive daemon info. error(lib/core/message.c:149@hip_peek_recv_total_len): recv() peek error (is hipd running?) error(firewall/firewall.c:617@hip_query_default_local_hit_from_: send/recv daemon info debug(firewall/firewall.c:1916@hip_fw_wait_for_hipd): Sleeping until hipd is running... debug(lib/core/message.c:312@hip_sendto_hipd): Sending user message 16 to HIPD on socket 4 debug(lib/core/message.c:316@hip_sendto_hipd): Sent 40 bytes debug(lib/core/message.c:376@hip_send_recv_daemon_info_internal: Waiting to receive daemon info. error(lib/core/message.c:149@hip_peek_recv_total_len): recv() peek error (is hipd running?) error(firewall/firewall.c:617@hip_query_default_local_hit_from_: send/recv daemon info debug(firewall/firewall.c:1916@hip_fw_wait_for_hipd): Sleeping until hipd is running... debug(lib/core/message.c:312@hip_sendto_hipd): Sending user message 16 to HIPD on socket 4 debug(lib/core/message.c:316@hip_sendto_hipd): Sent 40 bytes debug(lib/core/message.c:376@hip_send_recv_daemon_info_internal: Waiting to receive daemon info. debug(lib/core/message.c:391@hip_send_recv_daemon_info_internal: 72 bytes received from HIP daemon info(firewall/firewall.c:2118@main): firewall pid=7812 starting debug(firewall/firewall.c:2121@main): Using ipv4 and ipv6 debug(firewall/rule_management.c:850@read_rule_file): read_file: file /usr/local/etc/hip/firewall_conf debug(firewall/rule_management.c:861@read_rule_file): line read: # format: HOOK [match] TARGET debug(firewall/rule_management.c:861@read_rule_file): line read: # HOOK = INPUT, OUTPUT or FORWARD debug(firewall/rule_management.c:861@read_rule_file): line read: # TARGET = ACCEPT or DROP debug(firewall/rule_management.c:861@read_rule_file): line read: # match = -src_hit [!] <hit value> --hi <file name> debug(firewall/rule_management.c:861@read_rule_file): line read: # -dst_hit [!] <hit> debug(firewall/rule_management.c:861@read_rule_file): line read: # -type [!] <hip packet type> debug(firewall/rule_management.c:861@read_rule_file): line read: # -i [!] <incoming interface> debug(firewall/rule_management.c:861@read_rule_file): line read: # -o [!] <outgoing interface> debug(firewall/rule_management.c:861@read_rule_file): line read: # -state [!] <state> --verify_responder --accept_mobile --decrypt_contents debug(firewall/rule_management.c:861@read_rule_file): line read: # debug(firewall/rule_management.c:861@read_rule_file): line read: debug(firewall/firewall.c:2124@main): starting up with rule_file: (null) debug(firewall/firewall.c:2125@main): Firewall rule table: debug(firewall/firewall.c:732@firewall_increase_netlink_buffers: Increasing the netlink buffers debug(firewall/firewall.c:753@firewall_probe_kernel_modules): Probing for 4 modules. When the modules are built-in, the errors can be ignored debug(firewall/firewall.c:758@firewall_probe_kernel_modules): /sbin/modprobe ip_queue debug(firewall/firewall.c:758@firewall_probe_kernel_modules): /sbin/modprobe ip6_queue debug(firewall/firewall.c:758@firewall_probe_kernel_modules): /sbin/modprobe iptable_filter debug(firewall/firewall.c:758@firewall_probe_kernel_modules): /sbin/modprobe ip6table_filter debug(firewall/firewall.c:773@firewall_probe_kernel_modules): Probing completed debug(firewall/firewall.c:2136@main): IPv4 handle created (mode COPY_PACKET) debug(firewall/firewall.c:2143@main): IPv6 handle created (mode COPY_PACKET) debug(firewall/firewall.c:1425@firewall_init): Initializing firewall debug(firewall/firewall.c:1428@firewall_init): in=1 out=3 for=2 debug(firewall/firewall.c:1447@firewall_init): Enabling forwarding for IPv4 and IPv6 debug(firewall/firewall.c:638@hip_fw_flush_iptables): Firewall flush; may cause warnings on hipfw init debug(firewall/firewall.c:639@hip_fw_flush_iptables): Deleting hipfw subchains from main chains debug(firewall/firewall.c:649@hip_fw_flush_iptables): Flushing hipfw chains debug(firewall/firewall.c:659@hip_fw_flush_iptables): Deleting hipfw chains info(firewall/firewall.c:228@hip_fw_init_userspace_ipsec): You are using kernel version 2.6.32-27-generic. Userspace ipsec is not necessary with version 2.6.27 or higher. debug(firewall/user_ipsec_api.c:144@userspace_ipsec_init): debug(firewall/user_ipsec_sadb.c:701@hip_sadb_init): sadb initialized debug(firewall/user_ipsec_api.c:150@userspace_ipsec_init): ESP_PACKET_SIZE is 4513 debug(firewall/user_ipsec_api.c:162@userspace_ipsec_init): switching hipd to userspace ipsec... debug(firewall/user_ipsec_fw_msg.c:80@send_userspace_ipsec_to_h: sending userspace ipsec (de-)activation to hipd... debug(firewall/user_ipsec_fw_msg.c:88@send_userspace_ipsec_to_h: dump: debug(lib/core/builder.c:1294@hip_dump_msg): --------------- MSG START ------------------ debug(lib/core/builder.c:1298@hip_dump_msg): Msg type : HIP_MSG_USERSPACE_IPSEC (145) debug(lib/core/builder.c:1299@hip_dump_msg): Msg length: 48 debug(lib/core/builder.c:1300@hip_dump_msg): Msg err: 0 debug(lib/core/builder.c:1301@hip_dump_msg): Msg controls: 0x0000 debug(lib/core/builder.c:1316@hip_dump_msg): Parameter type:HIP_PARAM_INT (140). Total length: 8 (4 type+length, 4 content, 0 padding). debug(lib/core/builder.c:1317@hip_dump_msg): Contents:0x01000000 debug(lib/core/builder.c:1320@hip_dump_msg): ---------------- MSG END -------------------- debug(firewall/user_ipsec_fw_msg.c:96@send_userspace_ipsec_to_h: send_recv msg succeeded debug(firewall/user_ipsec_fw_msg.c:98@send_userspace_ipsec_to_h: userspace ipsec activated debug(firewall/user_ipsec_api.c:92@hip_fw_userspace_ipsec_init_: hipd userspace ipsec activated debug(firewall/user_ipsec_api.c:167@userspace_ipsec_init): userspace IPsec successfully initialised error(firewall/firewall.c:306@hip_fw_init_esp_prot): userspace ipsec needs to be turned on for this to work error(firewall/firewall.c:518@firewall_init_extensions): failed to load extension error(firewall/firewall.c:1464@firewall_init): failed to start requested extensionserror(firewall/firewall.c:2146@main): Firewall init failed debug(firewall/firewall.c:677@firewall_exit): Firewall exit error(lib/core/message.c:466@hip_send_recv_daemon_info): Could not send message to daemon: Bad file descriptor debug(firewall/firewall.c:682@firewall_exit): Failed to notify hipd of firewall shutdown. debug(firewall/cache.c:313@hip_firewall_cache_delete_hldb): Start hldb delete Segmentation fault