Date: Tue, 06 Mar 2012 22:54:06 +0100 From: Nikos Vassiliadis <nvass@gmx.com> To: freebsd-net@freebsd.org Subject: panic using ipsec Message-ID: <4F56877E.5000608@gmx.com>
next in thread | raw e-mail | index | archive | help
Hi,
I got this kernel panic while playing around with IPsec:
> Unread portion of the kernel message buffer:
> 0x26
> kdb_backtrace(c0a5da40,1,ffffffff,c124f67c,c4bc15a4,...) at kdb_backtrace+0x2a
> _witness_debugger(c0f7c8d0,c4bc15b8,4,1,0,...) at _witness_debugger+0x25
> witness_warn(5,0,c0fcd403,c4bc15dc,c78e2b30,...) at witness_warn+0x1fe
> trap(c4bc1644) at trap+0x1a4
> calltrap() at calltrap+0x6
> --- trap 0xc, eip = 0xc0c06985, esp = 0xc4bc1684, ebp = 0xc4bc16ac ---
> ipsec_process_done(c76e2800,c4f43c80,399,8,8,...) at ipsec_process_done+0x195
> esp_output_cb(c7b24000,c76e2800,c7386d40,c4bc1714,c0c2500e,...) at esp_output_cb+0x1aa
> crypto_done(c7b24000,c76e2800,6c,c,c4bc1880,...) at crypto_done+0xb7
> swcr_process(c4d48700,c7b24000,0,2,c7378840,...) at swcr_process+0x12ce
> crypto_invoke(101,0,c10b52e0,c7413500,c7b28000,...) at crypto_invoke+0x141
> crypto_dispatch(c7b24000,c0fa6385,367,c4bc198b,c73c2e00,...) at crypto_dispatch+0x64
> esp_output(c76e2800,c4f43c80,0,14,9,...) at esp_output+0x5a6
> ipsec4_process_packet(c76e2800,c4f43c80,20,0,c78f6000,...) at ipsec4_process_packet+0x29f
> ip_ipsec_output(c4bc1a94,c78f6000,c4bc1ae4,c4bc1a9c,4,...) at ip_ipsec_output+0x1e0
> ip_output(c76e2800,0,0,20,0,...) at ip_output+0x804
> rip_output(c76e2800,c7ab9b60,6400000a,c4bc1b78,c0a9714d,...) at rip_output+0x2ff
> rip_send(c7ab9b60,0,c76e2800,c743d170,0,...) at rip_send+0x76
> sosend_generic(c7ab9b60,c743d170,c4bc1bd0,0,0,...) at sosend_generic+0x50d
> sosend(c7ab9b60,c743d170,c4bc1bd0,0,0,...) at sosend+0x3f
> kern_sendit(c7471000,3,c4bc1c44,0,0,...) at kern_sendit+0x1d4
> sendit(0,c743d170,10,c4bc1c60,1,...) at sendit+0xce
> sys_sendto(c7471000,c4bc1cec,c0fcd336,c0f7df79,246,...) at sys_sendto+0x48
> syscall(c4bc1d28) at syscall+0x2a3
> Xint0x80_syscall() at Xint0x80_syscall+0x21
> --- syscall (133, FreeBSD ELF32, sys_sendto), eip = 0x28199003, esp = 0xbfbee71c, ebp = 0xbfbee758 ---
>
>
> Fatal trap 12: page fault while in kernel mode
> cpuid = 1; apic id = 01
> fault virtual address = 0x60
> fault code = supervisor read, page not present
> instruction pointer = 0x20:0xc0c06985
> stack pointer = 0x28:0xc4bc1684
> frame pointer = 0x28:0xc4bc16ac
> code segment = base 0x0, limit 0xfffff, type 0x1b
> = DPL 0, pres 1, def32 1, gran 1
> processor eflags = interrupt enabled, resume, IOPL = 0
> current process = 1264 (ping)
I was using the following configuration files and did
a ping to initiate the IPsec SA.
> lab# cat setkey_router.conf
> flush;
> spdflush;
>
> spdadd 10.0.0.0/24 10.0.0.0/24 any -P out ipsec
> esp/transport//require
> ah/transport//require;
>
> spdadd 10.0.0.0/24 10.0.0.0/24 any -P in ipsec
> esp/transport//require
> ah/transport//require;
> lab#
> lab# cat router_psk.txt
> 10.0.0.10 beef
> 10.0.0.100 beef
> 10.0.0.1 beef
> 10.0.0.2 beef
> 10.0.0.3 beef
> lab# cat racoon_router.conf
> path pre_shared_key "/root/router_psk.txt";
>
> remote anonymous {
> exchange_mode main;
> proposal {
> encryption_algorithm 3des;
> hash_algorithm md5;
> authentication_method pre_shared_key;
> dh_group modp1024;
> }
> }
>
> sainfo anonymous {
> pfs_group modp768;
> encryption_algorithm 3des;
> authentication_algorithm hmac_md5;
> compression_algorithm deflate;
> }
> lab#
Should I better file a PR?
Thanks in advance, Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F56877E.5000608>