Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Mar 2012 04:40:11 GMT
From:      "Eugene M. Zheganin" <emz@norma.perm.ru>
To:        freebsd-net@FreeBSD.org
Subject:   Re: kern/164400: [ipsec] immediate crash after the start of ipsec processing
Message-ID:  <201203010440.q214eBXm020853@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR kern/164400; it has been noted by GNATS.

From: "Eugene M. Zheganin" <emz@norma.perm.ru>
To: bug-followup@FreeBSD.org, eugene@zhegan.in
Cc:  
Subject: Re: kern/164400: [ipsec] immediate crash after the start of ipsec
 processing
Date: Thu, 01 Mar 2012 10:38:38 +0600

 yeah, I'm working on it. will do today.
 
 Right now I localized this crash to a minimal configuration. And it 
 looks like ipsec is simply broken, don't know if this is ah or esp or 
 only when both, but it crashes with this config:
 
 ipsec.conf
 ===Cut===
 spdflush;
 
 #
 # HQ, Wizard, Test
 #
 
 spdadd 192.168.3.134 192.168.3.24 gre -P out ipsec 
 esp/transport/192.168.3.134-192.168.3.24/require 
 ah/transport/192.168.3.134-192.168.3.24/require;
 spdadd 192.168.3.24 192.168.3.134 gre -P in ipsec 
 esp/transport/192.168.3.24-192.168.3.134/require 
 ah/transport/192.168.3.24-192.168.3.134/require;
 
 add 192.168.3.134 192.168.3.24 esp 0x10001 -m transport -E des-cbc 
 0xffffffffffffffff;
 add 192.168.3.24 192.168.3.134 esp 0x10002 -m transport -E des-cbc 
 0xffffffffffffffff;
 
 add 192.168.3.134 192.168.3.24 ah 0x10003 -m transport -A keyed-md5 
 "xxxxxxxxxxxxxxxx";
 add 192.168.3.24 192.168.3.134 ah 0x10004 -m transport -A keyed-md5 
 "xxxxxxxxxxxxxxxx";
 ===Cut===
 
 Tunnel:
 
 gre0: flags=b051<UP,POINTOPOINT,RUNNING,LINK0,LINK1,MULTICAST> metric 0 
 mtu 1476
          tunnel inet 192.168.3.134 --> 192.168.3.24
          inet 172.16.3.63 --> 172.16.3.62 netmask 0xffffffff
          inet6 fe80::20d:b9ff:fe20:d980%gre0 prefixlen 64 tentative 
 scopeid 0x9
          nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
 
 192.168.3.134 is a panicbox IP. 192.168.3.24 is a real IP existing on 
 the network, but it has no SA installed (I guess this can be any 
 address, even nonexisting, because this is static IPSEC, as you can see).
 
 First packet is sent and system crashes.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203010440.q214eBXm020853>