From owner-freebsd-current@FreeBSD.ORG Thu Jan 15 22:44:41 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 484D716A4CE; Thu, 15 Jan 2004 22:44:41 -0800 (PST) Received: from coconut.itojun.org (coconut.itojun.org [219.101.47.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4B4143D1F; Thu, 15 Jan 2004 22:44:37 -0800 (PST) (envelope-from itojun@itojun.org) Received: from itojun.org (localhost [127.0.0.1]) by coconut.itojun.org (Postfix) with ESMTP id 22DF98C; Fri, 16 Jan 2004 15:44:34 +0900 (JST) To: "Bjoern A. Zeeb" In-reply-to: bzeeb-lists's message of Fri, 16 Jan 2004 06:32:21 GMT. X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 From: itojun@iijlab.net Date: Fri, 16 Jan 2004 15:44:34 +0900 Sender: itojun@itojun.org Message-Id: <20040116064434.22DF98C@coconut.itojun.org> X-Mailman-Approved-At: Fri, 16 Jan 2004 05:11:22 -0800 cc: core@kame.net cc: ume@freebsd.org cc: bzeeb+freebsd@zabbadoz.net cc: current@freebsd.org Subject: Re: [PATCH] IPSec fixes X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jan 2004 06:44:41 -0000 >On Fri, 16 Jan 2004, Jun-ichiro itojun Hagino wrote: > >Hi, > >> the problem i have with the patch is, i have never experienced the >> symptom with NetBSD. no panic at all, no funny "SPD entry go away >> when it has to stay" issue nor no "dangling pointer" issue. >> could you show me your script which panics your FreeBSD box? i will >> try that on NetBSD-current box here. > >don't have a shell script but do it on command line by hand. This gives >better logging to serial console when debugging what events occured >when. The basic idea is: > >1. have racoon startup at boot time >2. run setkey -f an_ipsec.conf > an_ipsec.conf: > spdflush; > spdadd ... > spdadd ... > spdadd ... > spdadd ... > ... >3. wait some short time (0-2 minutes) and perhaps do some traffic > I usually open a a ssh connection (no ipsec in that path) to my > directly connected syslog server, reattach a screen with some > tail -f on logfiles >4. repeat step 2 >5. do s.th. like check netstat -s -p ipsec or just wait some seconds >6. kill >7. count to ten and wait for the panic to come this does not help me repeat the symptom. could you cook up a shell script which panics your box? (if possible, only with setkey) itojun