FreeBSD Mail Archives

Date:      Wed, 20 Jun 2001 17:04:30 -0500 (CDT)
From:      mike@vailsys.com
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   ports/28301: isakmpd port hogs cpu
Message-ID:  <200106202204.f5KM4Up15201@dfrfbd02.vail>

next in thread | raw e-mail | index | archive | help


>Number:         28301
>Category:       ports
>Synopsis:       Isakmpd port hogs 99% of cpu capacity.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Jun 20 15:10:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Mike Bruening
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
Vail Systems, Inc. 
>Environment:
System: FreeBSD dfrfbd02.vail 4.3-STABLE FreeBSD 4.3-STABLE #0: Wed Jun 13 12:21:57 CDT 2001 root@dfrfbd02.vail:/usr/src/sys/compile/IPSECKERN i386

dmesg:
Copyright (c) 1992-2001 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD 4.3-STABLE #0: Wed Jun 13 12:21:57 CDT 2001
    root@dfrfbd02.vail:/usr/src/sys/compile/IPSECKERN
Timecounter "i8254"  frequency 1193182 Hz
CPU: Pentium II/Pentium II Xeon/Celeron (350.80-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x652  Stepping = 2
  Features=0x183fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR>
real memory  = 134217728 (131072K bytes)
avail memory = 125943808 (122992K bytes)
Preloaded elf kernel "kernel" at 0xc0494000.
Pentium Pro MTRR support enabled
md0: Malloc disk
npx0: <math processor> on motherboard
npx0: INT 16 interface
pcib0: <Intel 82443BX (440 BX) host to PCI bridge> on motherboard
pci0: <PCI bus> on pcib0
pcib1: <Intel 82443BX (440 BX) PCI-PCI (AGP) bridge> at device 1.0 on pci0
pci1: <PCI bus> on pcib1
pci1: <Trident model 9750 VGA-compatible display device> at 0.0 irq 10
isab0: <Intel 82371AB PCI to ISA bridge> at device 7.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel PIIX4 ATA33 controller> port 0xffa0-0xffaf at device 7.1 on pci0
ata0: at 0x1f0 irq 14 on atapci0
ata1: at 0x170 irq 15 on atapci0
uhci0: <Intel 82371AB/EB (PIIX4) USB controller> at device 7.2 on pci0
uhci0: Invalid irq 255
uhci0: Please switch on USB support and switch PNP-OS to 'No' in BIOS
device_probe_and_attach: uhci0 attach returned 6
chip1: <Intel 82371AB Power management controller> port 0x440-0x44f at device 7.3 on pci0
pcib2: <DEC 21152 PCI-PCI bridge> at device 17.0 on pci0
pci2: <PCI bus> on pcib2
fxp0: <Intel Pro 10/100B/100+ Ethernet> port 0xcf80-0xcf9f mem 0xfe100000-0xfe1fffff,0xf45ff000-0xf45fffff irq 9 at device
 4.0 on pci2
fxp0: Ethernet address 00:90:27:b0:0f:b7
inphy0: <i82555 10/100 media interface> on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp1: <Intel Pro 10/100B/100+ Ethernet> port 0xcf40-0xcf5f mem 0xfdf00000-0xfdffffff,0xf45fe000-0xf45fefff irq 5 at device
 5.0 on pci2
fxp1: Ethernet address 00:90:27:b0:0f:b8
inphy1: <i82555 10/100 media interface> on miibus1
inphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pcib3: <DEC 21152 PCI-PCI bridge> at device 18.0 on pci0
pci3: <PCI bus> on pcib3
fxp2: <Intel Pro 10/100B/100+ Ethernet> port 0xdf80-0xdf9f mem 0xfea00000-0xfeafffff,0xf46ff000-0xf46fffff irq 5 at device
 4.0 on pci3
fxp2: Ethernet address 00:90:27:b0:0e:ad
inphy2: <i82555 10/100 media interface> on miibus2
inphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp3: <Intel Pro 10/100B/100+ Ethernet> port 0xdf40-0xdf5f mem 0xfe800000-0xfe8fffff,0xf46fe000-0xf46fefff irq 11 at devic
e 5.0 on pci3
fxp3: Ethernet address 00:90:27:b0:0e:ae
inphy3: <i82555 10/100 media interface> on miibus3
inphy3:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pci0: <unknown card> (vendor=0x1011, dev=0x0009) at 19.0 irq 11
pci0: <unknown card> (vendor=0x494f, dev=0x22c0) at 20.0 irq 10
fdc0: <NEC 72065B or clone> at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: FIFO enabled, 8 bytes threshold
fd0: <1440-KB 3.5" drive> on fdc0 drive 0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> flags 0x1 irq 1 on atkbdc0
kbd0 at atkbd0
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
ppc0: <Parallel port> at port 0x378-0x37f irq 7 on isa0
ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode
plip0: <PLIP network interface> on ppbus0
lpt0: <Printer> on ppbus0
lpt0: Interrupt-driven port
ppi0: <Parallel I/O> on ppbus0
IPsec: Initialized Security Association Processing.
ad0: 10299MB <DupliDisk IDE RAID-1 Adapter> [20925/16/63] at ata0-master PIO3
no devsw (majdev=0 bootdev=0xa0200000)
Mounting root from ufs:/dev/ad0s1a
WARNING: / was not properly dismounted


	
>Description:
Installed the isakmpd port isakmpd-20010403 on a 4.3-STABLE FreeBSD system from the FreeBSD CVS tree on 6-18-2001.
Starting isakmpd to establish a host-to-host isakmpd tunnel with an OpenBSD box was successful, however, a top
revealed that the isakmpd daemon on the FreeBSD box was using 99% of CPU capacity. Patches to the port included
the following: patch-aa, patch-ab, patch-ac, patch-ba, patch-ca. 

>How-To-Repeat:
Install the port and start isakmpd. It hogs cpu even without establishing a connnection to another computer.
Sample isakmpd config and policy files follow.

#
# /etc/isakmpd/isakmpd.conf for FreeBSD system
#

[General]
Retransmits=            5
Exchange-max-time=      120
Listen-on=              1.2.3.4

[Phase 1]
5.6.7.8=                OpenBSD

[Phase 2]
Connections=            FreeBSD-OpenBSD


### Phase 1 peers ###
[OpenBSD]
Phase=                  1
Transport=              udp
Local-address=          1.2.3.4
Address=                5.6.7.8
Authentication=         password
Configuration=          Default-main-mode


### Phase 2 connections ###
[FreeBSD-OpenBSD]
Phase=                  2
ISAKMP-peer=            OpenBSD
Configuration=          Default-quick-mode
Remote-ID=              gw-OpenBSD
Local-ID=               gw-FreeBSD


### ID Section ###
[gw-FreeBSD]
ID-type=                IPV4_ADDR
Address=                1.2.3.4

[gw-OpenBSD]
ID-type=                IPV4_ADDR
Address=                5.6.7.8


### Mode Descriptions ### 
[Default-main-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          ID_PROT
Transforms=             3DES-SHA

[Default-quick-mode]
DOI=                    IPSEC
EXCHANGE_TYPE=          QUICK_MODE
Suites=                 QM-ESP-3DES-SHA-PFS-SUITE

----- cut here -----

#
# /etc/isakmpd/isakmpd.policy for the FreeBSD system
#

KeyNote-Version:        2
Authorizer:             "POLICY"
Licenseese              "passphrase:password"
#Conditions:     app_domain == "IPsec policy" && 
#                esp_present == "yes" && 
#                esp_enc_alg != "null" -> "true";   

----- cut here -----

	<precise description of the problem (multiple lines)>
>Fix:

	
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106202204.f5KM4Up15201>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation