From owner-freebsd-current@FreeBSD.ORG Fri Dec 19 00:00:12 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 928A916A4CE; Fri, 19 Dec 2003 00:00:12 -0800 (PST) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id BC58743D41; Fri, 19 Dec 2003 00:00:10 -0800 (PST) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id DF7A01FF91D; Fri, 19 Dec 2003 09:00:08 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 356A51FF90C; Fri, 19 Dec 2003 09:00:07 +0100 (CET) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id C646C1538F; Fri, 19 Dec 2003 07:58:06 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id BC07615380; Fri, 19 Dec 2003 07:58:06 +0000 (UTC) Date: Fri, 19 Dec 2003 07:58:06 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: "Crist J. Clark" In-Reply-To: <20031219064932.GA94971@blossom.cjclark.org> Message-ID: References: <20031219064932.GA94971@blossom.cjclark.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: current@freebsd.org Subject: Re: Possible IPsec Trouble in 5.2RC? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Dec 2003 08:00:12 -0000 On Thu, 18 Dec 2003, Crist J. Clark wrote: Hi, > I just upgraded a ThinkPad 600E from RELENG_5_1 to RELENG_5_2. I seem > to be having trouble with my IKE deamon, racoon(8), but I don't think > the problem is with racoon(8), but it may be the FreeBSD KAME IPsec > implementation. .... > Anyone else seeing this? I am seeing a lot of other trouble with IPSEC implementation at the moment. Multiple 0xdeadc0de accesses and I have successfully been able to panic my router test box by at least 3 different ways. Last sunday evening I have been able to prevent this by some patch (unusable in any productive setup). I am currently trying to narrow the problem down and cleanup all my debugging from kernel but had no time last evenings. Hopefully I will find the time on weekend. In the meantime there are two things you can do: a) if you do not need IPv6 you may use FAST_IPSEC which worked for me b) re-enable all debugging and perhaps let me know if you can see messages like: Invalid policy for PCB -559038242 (0xdeadc0de) or crashes/panic reated to ipsec. Any backtrace will of course not show the real problem but give some idea when the access to 0xdeadc0de happens (I have seen three possible paths here). -- Greetings Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/