Date: Mon, 22 Dec 2003 06:28:15 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: "Crist J. Clark" <cjc@freebsd.org> Cc: current@freebsd.org Subject: Re: Possible IPsec Trouble in 5.2RC? Message-ID: <Pine.BSF.4.53.0312220615580.74127@e0-0.zab2.int.zabbadoz.net> In-Reply-To: <20031222041801.GA18856@blossom.cjclark.org> References: <20031219064932.GA94971@blossom.cjclark.org> <20031219143232.GA91798@numenor.net> <20031222041801.GA18856@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 21 Dec 2003, Crist J. Clark wrote: Hi, > > > I think the problem is that the IKE traffic, 500/udp, is not bypassing > > > the IPsec processing like it should. > > > > That's what looked like was going on in my setup as well. > > A few others have seen the same problems with KAME IPsec in 5.2RC. One > person mentioned that the FAST_IPSEC implementation does not share the > bug. I switched over and things work fine with the same racoon > executable and configuration. This does look like a bug in the FreeBSD > KAME IPsec. yes it is. I have reduced crashes here but have been away the whole sunday and thus have not yet finished my patching. I have not been able to test the BYPASS problem up to now. This had been the last uptime I could reach here: 5:48AM up 1 day, 1 min, 2 users, load averages: 0.02, 0.02, 0.00 After that some dynamic IPs changed including one on my ipsec interface and then it crashed. I already know the problem for that one. So if you might wait another few days I will hopefully be able to come up with a patch that fixes all the 0xdeadc0de access I am seeing here. -- Greetings Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.53.0312220615580.74127>