From owner-freebsd-net Mon Apr 23 13:33:42 2001 Delivered-To: freebsd-net@freebsd.org Received: from rgmail.regenstrief.org (rgmail.regenstrief.org [134.68.31.197]) by hub.freebsd.org (Postfix) with ESMTP id 3B37937B424 for ; Mon, 23 Apr 2001 13:33:39 -0700 (PDT) (envelope-from gunther@aurora.regenstrief.org) Received: from aurora.regenstrief.org (rgnout.regenstrief.org [134.68.31.38]) by rgmail.regenstrief.org (8.11.0/8.8.7) with ESMTP id f3NKXvA08627; Mon, 23 Apr 2001 15:33:58 -0500 Message-ID: <3AE49198.3447C8F2@aurora.regenstrief.org> Date: Mon, 23 Apr 2001 20:33:28 +0000 From: Gunther Schadow Organization: Regenstrief Institute for Health Care X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Shoichi Sakane Cc: snap-users@kame.net, freebsd-net@freebsd.org Subject: Re: (KAME-snap 4519) Re: KAME SPD bug, please try and confirm ... References: <20010424040539N.sakane@ydc.co.jp> <20010424041925C.sakane@ydc.co.jp> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Shoichi Sakane wrote: > I have tested, but I couldn't have any error. I made the following network. > And I executed flooding ping to A from both B and C. All of hosts seemed > quite stable. Of course, these ICMP packet were encapsulated by ESP. > > Actually, I couldn't prepare three FreeBSD machine. > A and C are FreeBSD4.2-RELEASE, and B is NetBSD1.5. > All of them are *WITHOUT* KAME patch. > > A ---+--- B > | > +--- C This is O.K. you really only need one machine, A, to screw with, the others can be NetBSD, OpenBSD, or any other IPsec agent. > Host A is powerless machine which is pentium 100MHz. > just in case, I attach these configuration and results into this mail. (I have seen some kind of repost of your mail, so none of the attachments made it thorugh. But I believe you.) > > > is the following description correct? > > > - FreeBSD 4.2-RELEASE is not affected > > yes, it is affected with kernel panic (under high loads only ...) > > How was "high loads" ? I did flooding ping invoked "-f -s 1000" > from both B and C. But kernel panic didn't happened. Well, "high load" means conveying a certain video conferencing application. BUT THIS IS NOT the problem. Let us NOT worry about those kernel panics which only occurred in the now obsolete 4.2 RELEASE. What worries me more is that the 20010326 KAME snap does not work with more than one tunnel. > I haven't checked the following case. But I think the issue exists in > a other place. > > > > - FreeBDS 4.2-RELEASE + KAME SNAP 200103xx has problem, but no kernel > > > panic > > right, shows the described problems but has no such kernel panics > > > > - FreeBSD 4.2-RELEASE + KAME SNAP 200104xx has problem, with kernel > > > panic > > actually I should test that. Will do tomorrow. Thanks Shoichi for testing this. Sorry I probably misled you in thinking this kernel panic issue is more important. If you have an easy way to do it, you might want to test this against KAME SNAP 20010326, but if not, don't worry for now, I will first try the 20010417 SNAP to see whether it's on there. If I do find it, I will be back! regards -Gunther PS: BTW, now that fbsd 4.3-RELEASE is out, when are you planning to put the SNAP kit on the basis of 4.3? KAME has precedence for me right now, so I won't move to 4.3 before the first SNAP kit is based on 4.3. -- Gunther Schadow, M.D., Ph.D. gschadow@regenstrief.org Medical Information Scientist Regenstrief Institute for Health Care Adjunct Assistent Professor Indiana University School of Medicine tel:1(317)630-7960 http://aurora.regenstrief.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message