From owner-freebsd-current@FreeBSD.ORG Thu Jan 15 22:40:12 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D66916A4CE; Thu, 15 Jan 2004 22:40:12 -0800 (PST) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9580743D60; Thu, 15 Jan 2004 22:40:10 -0800 (PST) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 051871FF91D; Fri, 16 Jan 2004 07:40:09 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id 4BC121FF90C; Fri, 16 Jan 2004 07:40:07 +0100 (CET) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id D6301155E3; Fri, 16 Jan 2004 06:32:21 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id CB0B5155AE; Fri, 16 Jan 2004 06:32:21 +0000 (UTC) Date: Fri, 16 Jan 2004 06:32:21 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: Jun-ichiro itojun Hagino In-Reply-To: <20040116041023.4B54EB9@coconut.itojun.org> Message-ID: References: <20040116041023.4B54EB9@coconut.itojun.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: core@kame.net cc: ume@freebsd.org cc: bzeeb+freebsd@zabbadoz.net cc: current@freebsd.org Subject: Re: [PATCH] IPSec fixes X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jan 2004 06:40:12 -0000 On Fri, 16 Jan 2004, Jun-ichiro itojun Hagino wrote: Hi, > the problem i have with the patch is, i have never experienced the > symptom with NetBSD. no panic at all, no funny "SPD entry go away > when it has to stay" issue nor no "dangling pointer" issue. > could you show me your script which panics your FreeBSD box? i will > try that on NetBSD-current box here. don't have a shell script but do it on command line by hand. This gives better logging to serial console when debugging what events occured when. The basic idea is: 1. have racoon startup at boot time 2. run setkey -f an_ipsec.conf an_ipsec.conf: spdflush; spdadd ... spdadd ... spdadd ... spdadd ... ... 3. wait some short time (0-2 minutes) and perhaps do some traffic I usually open a a ssh connection (no ipsec in that path) to my directly connected syslog server, reattach a screen with some tail -f on logfiles 4. repeat step 2 5. do s.th. like check netstat -s -p ipsec or just wait some seconds 6. kill 7. count to ten and wait for the panic to come step 1-3 are done automatically when booting, when I come back to my workstation I open the ssh connection through the ipsec router. killing racoon has turned out to be a good thing to crash the box. Soemtimes I will see some "ipsec4_getpolicybysock: Invalid policy for PCB N" with N any number , be it 0 oder p.ex. 4657 oder 0xdeadcode and I will know that a panic is ahead anyway. > there could be some difference in NetBSD kernel code and FreeBSD due > to KAME->*BSD merge timing, and FreeBSD could have pull in some source > of instability (just my guess). So I should diff between NetBSD and FreeBSD and not KAME to FreeBSD ? -- Greetings Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/