From owner-freebsd-net@FreeBSD.ORG  Thu Mar  1 04:40:12 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4CEE01065672
	for <freebsd-net@hub.freebsd.org>; Thu,  1 Mar 2012 04:40:12 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 3BEB28FC13
	for <freebsd-net@hub.freebsd.org>; Thu,  1 Mar 2012 04:40:12 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q214eBnv020854
	for <freebsd-net@freefall.freebsd.org>; Thu, 1 Mar 2012 04:40:11 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q214eBXm020853;
	Thu, 1 Mar 2012 04:40:11 GMT (envelope-from gnats)
Date: Thu, 1 Mar 2012 04:40:11 GMT
Message-Id: <201203010440.q214eBXm020853@freefall.freebsd.org>
To: freebsd-net@FreeBSD.org
From: "Eugene M. Zheganin" <emz@norma.perm.ru>
Cc: 
Subject: Re: kern/164400: [ipsec] immediate crash after the start of ipsec
 processing
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "Eugene M. Zheganin" <emz@norma.perm.ru>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Mar 2012 04:40:12 -0000

The following reply was made to PR kern/164400; it has been noted by GNATS.

From: "Eugene M. Zheganin" <emz@norma.perm.ru>
To: bug-followup@FreeBSD.org, eugene@zhegan.in
Cc:  
Subject: Re: kern/164400: [ipsec] immediate crash after the start of ipsec
 processing
Date: Thu, 01 Mar 2012 10:38:38 +0600

 yeah, I'm working on it. will do today.
 
 Right now I localized this crash to a minimal configuration. And it 
 looks like ipsec is simply broken, don't know if this is ah or esp or 
 only when both, but it crashes with this config:
 
 ipsec.conf
 ===Cut===
 spdflush;
 
 #
 # HQ, Wizard, Test
 #
 
 spdadd 192.168.3.134 192.168.3.24 gre -P out ipsec 
 esp/transport/192.168.3.134-192.168.3.24/require 
 ah/transport/192.168.3.134-192.168.3.24/require;
 spdadd 192.168.3.24 192.168.3.134 gre -P in ipsec 
 esp/transport/192.168.3.24-192.168.3.134/require 
 ah/transport/192.168.3.24-192.168.3.134/require;
 
 add 192.168.3.134 192.168.3.24 esp 0x10001 -m transport -E des-cbc 
 0xffffffffffffffff;
 add 192.168.3.24 192.168.3.134 esp 0x10002 -m transport -E des-cbc 
 0xffffffffffffffff;
 
 add 192.168.3.134 192.168.3.24 ah 0x10003 -m transport -A keyed-md5 
 "xxxxxxxxxxxxxxxx";
 add 192.168.3.24 192.168.3.134 ah 0x10004 -m transport -A keyed-md5 
 "xxxxxxxxxxxxxxxx";
 ===Cut===
 
 Tunnel:
 
 gre0: flags=b051<UP,POINTOPOINT,RUNNING,LINK0,LINK1,MULTICAST> metric 0 
 mtu 1476
          tunnel inet 192.168.3.134 --> 192.168.3.24
          inet 172.16.3.63 --> 172.16.3.62 netmask 0xffffffff
          inet6 fe80::20d:b9ff:fe20:d980%gre0 prefixlen 64 tentative 
 scopeid 0x9
          nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
 
 192.168.3.134 is a panicbox IP. 192.168.3.24 is a real IP existing on 
 the network, but it has no SA installed (I guess this can be any 
 address, even nonexisting, because this is static IPSEC, as you can see).
 
 First packet is sent and system crashes.