From owner-freebsd-bugs@FreeBSD.ORG Fri Jan 13 17:10:06 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAC3516A41F for ; Fri, 13 Jan 2006 17:10:05 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5599843D4C for ; Fri, 13 Jan 2006 17:10:04 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k0DHA45Q096677 for ; Fri, 13 Jan 2006 17:10:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k0DHA4SC096676; Fri, 13 Jan 2006 17:10:04 GMT (envelope-from gnats) Resent-Date: Fri, 13 Jan 2006 17:10:04 GMT Resent-Message-Id: <200601131710.k0DHA4SC096676@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Andrey Simonenko Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 01A1516A422 for ; Fri, 13 Jan 2006 17:00:20 +0000 (GMT) (envelope-from simon@comsys.ntu-kpi.kiev.ua) Received: from comsys.ntu-kpi.kiev.ua (comsys.ntu-kpi.kiev.ua [195.245.194.142]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF96C43D48 for ; Fri, 13 Jan 2006 17:00:05 +0000 (GMT) (envelope-from simon@comsys.ntu-kpi.kiev.ua) Received: from pm513-1.comsys.ntu-kpi.kiev.ua (pm513-1.comsys.ntu-kpi.kiev.ua [10.18.52.101]) (authenticated bits=0) by comsys.ntu-kpi.kiev.ua (8.12.10/8.12.10) with ESMTP id k0DHBbVO060911 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Fri, 13 Jan 2006 19:11:39 +0200 (EET) Received: by pm513-1.comsys.ntu-kpi.kiev.ua (Postfix, from userid 1001) id B8BE95C021; Fri, 13 Jan 2006 19:00:08 +0200 (EET) Message-Id: <20060113170008.GA883@pm513-1.comsys.ntu-kpi.kiev.ua> Date: Fri, 13 Jan 2006 19:00:08 +0200 From: Andrey Simonenko To: FreeBSD-gnats-submit@FreeBSD.org Cc: Subject: kern/91760: FAST_IPSEC stops system under high traffic X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jan 2006 17:10:06 -0000 >Number: 91760 >Category: kern >Synopsis: FAST_IPSEC stops system under high traffic >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jan 13 17:10:03 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Andrey Simonenko >Release: FreeBSD 6.0-STABLE i386 >Organization: >Environment: FreeBSD 6.0-STABLE i386, CVSup'ed today >Description: I have two FreeBSD 6.0-STABLE systems: one is gateway another one is my computer (both are in the same 100M LAN and gateway is connected to another 100M LAN). On both systems FAST_IPSEC is used with manual keys and with few SPD AH-transport and AH-tunnel. IPsec policy is used in transport mode between my computer and gateway and in tunnel mode between my computer and gateway, when packet is not for gateway (for the rest of the world). I removed IP Firewall from the kernel to make my tests more clear. If I download something big from gateway to my computer or when I download something big from another LAN via gateway to my computer, then gateway or my computer stops and does not responds (ping does not work and console also does not work). I got the same result if I run something which outputs a lot to stdout via ssh. There is no panic, the system simply does not respond (via ping or via console). Without FAST_IPSEC everything work without problems. Also with IPSEC, IPSEC_ESP and the same configuration my systems do not have any problems. Having done some tests I'm almost sure that FAST_IPSEC causes this problem. >How-To-Repeat: In my environment I can reproduce this problem. >Fix: >Release-Note: >Audit-Trail: >Unformatted: