From owner-freebsd-current@FreeBSD.ORG Fri Nov 14 13:29:07 2014 Return-Path: Delivered-To: current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9EBC4C35; Fri, 14 Nov 2014 13:29:07 +0000 (UTC) Received: from forward6l.mail.yandex.net (forward6l.mail.yandex.net [IPv6:2a02:6b8:0:1819::6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Certum Level IV CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 31508693; Fri, 14 Nov 2014 13:29:07 +0000 (UTC) Received: from smtp11.mail.yandex.net (smtp11.mail.yandex.net [95.108.130.67]) by forward6l.mail.yandex.net (Yandex) with ESMTP id 76CAF14E12B0; Fri, 14 Nov 2014 16:29:03 +0300 (MSK) Received: from smtp11.mail.yandex.net (localhost [127.0.0.1]) by smtp11.mail.yandex.net (Yandex) with ESMTP id E1B8B7E0A61; Fri, 14 Nov 2014 16:29:02 +0300 (MSK) Received: from 84.201.167.97-vpn.dhcp.yndx.net (84.201.167.97-vpn.dhcp.yndx.net [84.201.167.97]) by smtp11.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id J3REum5P3h-T2IuvCLl; Fri, 14 Nov 2014 16:29:02 +0300 (using TLSv1.2 with cipher AES128-SHA (128/128 bits)) (Client certificate not present) X-Yandex-Uniq: 5b7dc64c-f415-4133-84fc-460847e6c6a6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1415971742; bh=ggonNKHdkQhTMtFZBTq756Rut8VHredgrFzfnRVVeDg=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:Subject: References:In-Reply-To:Content-Type; b=HUEZ7DCDYExpy7pT99vsise5MPdN2oAhO7xz7YQhjJIJcd0D2Al/Jm1QaOv3TEWWE opG011iWQFWqJ/5mm9kWzCuiQZs5vnLT21+Fa4zK1tmSvjNc57mEykawrI5a8LrKwX m4iL3N0Mo3/vK6renb+sD5GP4AHqR7w259JnBvNA= Authentication-Results: smtp11.mail.yandex.net; dkim=pass header.i=@yandex.ru Message-ID: <54660389.9060409@yandex.ru> Date: Fri, 14 Nov 2014 16:28:41 +0300 From: "Andrey V. Elsukov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: freebsd-security@FreeBSD.org, current@FreeBSD.org, John-Mark Gurney Subject: Re: CFR: AES-GCM and OpenCrypto work review References: <20141108042300.GA24601@funkthat.com> <54655257.8080705@yandex.ru> In-Reply-To: <54655257.8080705@yandex.ru> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="tfN0oppBAS2no0GJKJEj0DM2SNr8NICgn" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Nov 2014 13:29:07 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --tfN0oppBAS2no0GJKJEj0DM2SNr8NICgn Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 14.11.2014 03:52, Andrey V. Elsukov wrote: > I tried your patch with my IPv4 forwarding test. When aesni module is > loaded and aes-cbc is used I see growing of `invalid outbound packets` > counter in `netstat -sp ipsec` output. And no packets are forwarded. > Also while testing I got a panic in aesni_encrypt_cbc(). >=20 > atal trap 9: general protection fault while in kernel mode > cpuid =3D 4; apic id =3D 04 > instruction pointer =3D 0x20:0xffffffff80d05c43 > stack pointer =3D 0x28:0xfffffe00003f7e70 > frame pointer =3D 0x28:0xfffffe00003f7eb0 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 12 (irq286: ix0:que 4) >=20 The full backtrace is here: http://paste.org.ru/?a3f8pw Screenshot from ddb: http://i.imgur.com/H5mbVi8.png?1 Also I noticed that on higher packet rate sometimes kernel reports about wrong source route attempts: kernel: attempted source route from 244.116.138.102 to 225.51.107.139 kernel: attempted source route from 19.120.181.94 to 238.17.74.139 kernel: attempted source route from 186.217.142.184 to 233.165.4.102 kernel: attempted source route from 134.41.78.248 to 231.122.242.144 probably there is mbuf's memory corruption somewhere. --=20 WBR, Andrey V. Elsukov --tfN0oppBAS2no0GJKJEj0DM2SNr8NICgn Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJUZgONAAoJEAHF6gQQyKF67yYIAISKqHBxmAfFipC3BBq97KkE hS+UanK9G9UTYh+4BOcxUs35eRV/gOtB1oVPe3OnlTHyvtLmDE0intWuDHLNQYlG fzhxPi3kREAE9K/EINBHguaWLq0PePtWj9HUyx4vhRcvEwjg1sBKgfdLGOILDDQY /1TyyMTa7B4Jnh6/8hfmjlRzbXGhAO2clhAA8S93oBSafyNsxs6hTn7M3UAzdrcp dcJbVjFMgmADwWLdHoIGDXz06fGN+BttdprTXKELg5iMsI8n5su2tipNfKpXUWF0 yYIWjw++MqjXCfURjTExdp6W8eDMgo9KWZKXWllVSciFQzc3erjRbVS/oieUzSE= =kMbH -----END PGP SIGNATURE----- --tfN0oppBAS2no0GJKJEj0DM2SNr8NICgn--