Date: Tue, 06 Mar 2012 22:54:06 +0100 From: Nikos Vassiliadis <nvass@gmx.com> To: freebsd-net@freebsd.org Subject: panic using ipsec Message-ID: <4F56877E.5000608@gmx.com>
next in thread | raw e-mail | index | archive | help
Hi, I got this kernel panic while playing around with IPsec: > Unread portion of the kernel message buffer: > 0x26 > kdb_backtrace(c0a5da40,1,ffffffff,c124f67c,c4bc15a4,...) at kdb_backtrace+0x2a > _witness_debugger(c0f7c8d0,c4bc15b8,4,1,0,...) at _witness_debugger+0x25 > witness_warn(5,0,c0fcd403,c4bc15dc,c78e2b30,...) at witness_warn+0x1fe > trap(c4bc1644) at trap+0x1a4 > calltrap() at calltrap+0x6 > --- trap 0xc, eip = 0xc0c06985, esp = 0xc4bc1684, ebp = 0xc4bc16ac --- > ipsec_process_done(c76e2800,c4f43c80,399,8,8,...) at ipsec_process_done+0x195 > esp_output_cb(c7b24000,c76e2800,c7386d40,c4bc1714,c0c2500e,...) at esp_output_cb+0x1aa > crypto_done(c7b24000,c76e2800,6c,c,c4bc1880,...) at crypto_done+0xb7 > swcr_process(c4d48700,c7b24000,0,2,c7378840,...) at swcr_process+0x12ce > crypto_invoke(101,0,c10b52e0,c7413500,c7b28000,...) at crypto_invoke+0x141 > crypto_dispatch(c7b24000,c0fa6385,367,c4bc198b,c73c2e00,...) at crypto_dispatch+0x64 > esp_output(c76e2800,c4f43c80,0,14,9,...) at esp_output+0x5a6 > ipsec4_process_packet(c76e2800,c4f43c80,20,0,c78f6000,...) at ipsec4_process_packet+0x29f > ip_ipsec_output(c4bc1a94,c78f6000,c4bc1ae4,c4bc1a9c,4,...) at ip_ipsec_output+0x1e0 > ip_output(c76e2800,0,0,20,0,...) at ip_output+0x804 > rip_output(c76e2800,c7ab9b60,6400000a,c4bc1b78,c0a9714d,...) at rip_output+0x2ff > rip_send(c7ab9b60,0,c76e2800,c743d170,0,...) at rip_send+0x76 > sosend_generic(c7ab9b60,c743d170,c4bc1bd0,0,0,...) at sosend_generic+0x50d > sosend(c7ab9b60,c743d170,c4bc1bd0,0,0,...) at sosend+0x3f > kern_sendit(c7471000,3,c4bc1c44,0,0,...) at kern_sendit+0x1d4 > sendit(0,c743d170,10,c4bc1c60,1,...) at sendit+0xce > sys_sendto(c7471000,c4bc1cec,c0fcd336,c0f7df79,246,...) at sys_sendto+0x48 > syscall(c4bc1d28) at syscall+0x2a3 > Xint0x80_syscall() at Xint0x80_syscall+0x21 > --- syscall (133, FreeBSD ELF32, sys_sendto), eip = 0x28199003, esp = 0xbfbee71c, ebp = 0xbfbee758 --- > > > Fatal trap 12: page fault while in kernel mode > cpuid = 1; apic id = 01 > fault virtual address = 0x60 > fault code = supervisor read, page not present > instruction pointer = 0x20:0xc0c06985 > stack pointer = 0x28:0xc4bc1684 > frame pointer = 0x28:0xc4bc16ac > code segment = base 0x0, limit 0xfffff, type 0x1b > = DPL 0, pres 1, def32 1, gran 1 > processor eflags = interrupt enabled, resume, IOPL = 0 > current process = 1264 (ping) I was using the following configuration files and did a ping to initiate the IPsec SA. > lab# cat setkey_router.conf > flush; > spdflush; > > spdadd 10.0.0.0/24 10.0.0.0/24 any -P out ipsec > esp/transport//require > ah/transport//require; > > spdadd 10.0.0.0/24 10.0.0.0/24 any -P in ipsec > esp/transport//require > ah/transport//require; > lab# > lab# cat router_psk.txt > 10.0.0.10 beef > 10.0.0.100 beef > 10.0.0.1 beef > 10.0.0.2 beef > 10.0.0.3 beef > lab# cat racoon_router.conf > path pre_shared_key "/root/router_psk.txt"; > > remote anonymous { > exchange_mode main; > proposal { > encryption_algorithm 3des; > hash_algorithm md5; > authentication_method pre_shared_key; > dh_group modp1024; > } > } > > sainfo anonymous { > pfs_group modp768; > encryption_algorithm 3des; > authentication_algorithm hmac_md5; > compression_algorithm deflate; > } > lab# Should I better file a PR? Thanks in advance, Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F56877E.5000608>