From owner-freebsd-ports Wed Jun 20 15:10:13 2001 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C5EF937B406 for ; Wed, 20 Jun 2001 15:10:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.3/8.11.3) id f5KMA1G73569; Wed, 20 Jun 2001 15:10:01 -0700 (PDT) (envelope-from gnats) Received: from area51.vail (chrobd01.vailsys.com [63.210.102.138]) by hub.freebsd.org (Postfix) with ESMTP id 416A137B407 for ; Wed, 20 Jun 2001 15:04:45 -0700 (PDT) (envelope-from mike@vailsys.com) Received: from dfrfbd02.vail (dfrfbd02.vail [192.168.128.16]) by area51.vail (8.9.3/8.9.3) with ESMTP id RAA91641 for ; Wed, 20 Jun 2001 17:04:44 -0500 (CDT) (envelope-from mike@dfrfbd02.vail) Received: (from mike@localhost) by dfrfbd02.vail (8.11.3/8.11.3) id f5KM4Up15201; Wed, 20 Jun 2001 17:04:30 -0500 (CDT) (envelope-from mike) Message-Id: <200106202204.f5KM4Up15201@dfrfbd02.vail> Date: Wed, 20 Jun 2001 17:04:30 -0500 (CDT) From: mike@vailsys.com Reply-To: mike@vailsys.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: ports/28301: isakmpd port hogs cpu Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 28301 >Category: ports >Synopsis: Isakmpd port hogs 99% of cpu capacity. >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jun 20 15:10:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Mike Bruening >Release: FreeBSD 4.3-STABLE i386 >Organization: Vail Systems, Inc. >Environment: System: FreeBSD dfrfbd02.vail 4.3-STABLE FreeBSD 4.3-STABLE #0: Wed Jun 13 12:21:57 CDT 2001 root@dfrfbd02.vail:/usr/src/sys/compile/IPSECKERN i386 dmesg: Copyright (c) 1992-2001 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 4.3-STABLE #0: Wed Jun 13 12:21:57 CDT 2001 root@dfrfbd02.vail:/usr/src/sys/compile/IPSECKERN Timecounter "i8254" frequency 1193182 Hz CPU: Pentium II/Pentium II Xeon/Celeron (350.80-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x652 Stepping = 2 Features=0x183fbff real memory = 134217728 (131072K bytes) avail memory = 125943808 (122992K bytes) Preloaded elf kernel "kernel" at 0xc0494000. Pentium Pro MTRR support enabled md0: Malloc disk npx0: on motherboard npx0: INT 16 interface pcib0: on motherboard pci0: on pcib0 pcib1: at device 1.0 on pci0 pci1: on pcib1 pci1: at 0.0 irq 10 isab0: at device 7.0 on pci0 isa0: on isab0 atapci0: port 0xffa0-0xffaf at device 7.1 on pci0 ata0: at 0x1f0 irq 14 on atapci0 ata1: at 0x170 irq 15 on atapci0 uhci0: at device 7.2 on pci0 uhci0: Invalid irq 255 uhci0: Please switch on USB support and switch PNP-OS to 'No' in BIOS device_probe_and_attach: uhci0 attach returned 6 chip1: port 0x440-0x44f at device 7.3 on pci0 pcib2: at device 17.0 on pci0 pci2: on pcib2 fxp0: port 0xcf80-0xcf9f mem 0xfe100000-0xfe1fffff,0xf45ff000-0xf45fffff irq 9 at device 4.0 on pci2 fxp0: Ethernet address 00:90:27:b0:0f:b7 inphy0: on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp1: port 0xcf40-0xcf5f mem 0xfdf00000-0xfdffffff,0xf45fe000-0xf45fefff irq 5 at device 5.0 on pci2 fxp1: Ethernet address 00:90:27:b0:0f:b8 inphy1: on miibus1 inphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto pcib3: at device 18.0 on pci0 pci3: on pcib3 fxp2: port 0xdf80-0xdf9f mem 0xfea00000-0xfeafffff,0xf46ff000-0xf46fffff irq 5 at device 4.0 on pci3 fxp2: Ethernet address 00:90:27:b0:0e:ad inphy2: on miibus2 inphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp3: port 0xdf40-0xdf5f mem 0xfe800000-0xfe8fffff,0xf46fe000-0xf46fefff irq 11 at devic e 5.0 on pci3 fxp3: Ethernet address 00:90:27:b0:0e:ae inphy3: on miibus3 inphy3: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto pci0: (vendor=0x1011, dev=0x0009) at 19.0 irq 11 pci0: (vendor=0x494f, dev=0x22c0) at 20.0 irq 10 fdc0: at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0 fdc0: FIFO enabled, 8 bytes threshold fd0: <1440-KB 3.5" drive> on fdc0 drive 0 atkbdc0: at port 0x60,0x64 on isa0 atkbd0: flags 0x1 irq 1 on atkbdc0 kbd0 at atkbd0 vga0: at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 16550A sio1 at port 0x2f8-0x2ff irq 3 on isa0 sio1: type 16550A ppc0: at port 0x378-0x37f irq 7 on isa0 ppc0: Generic chipset (NIBBLE-only) in COMPATIBLE mode plip0: on ppbus0 lpt0: on ppbus0 lpt0: Interrupt-driven port ppi0: on ppbus0 IPsec: Initialized Security Association Processing. ad0: 10299MB [20925/16/63] at ata0-master PIO3 no devsw (majdev=0 bootdev=0xa0200000) Mounting root from ufs:/dev/ad0s1a WARNING: / was not properly dismounted >Description: Installed the isakmpd port isakmpd-20010403 on a 4.3-STABLE FreeBSD system from the FreeBSD CVS tree on 6-18-2001. Starting isakmpd to establish a host-to-host isakmpd tunnel with an OpenBSD box was successful, however, a top revealed that the isakmpd daemon on the FreeBSD box was using 99% of CPU capacity. Patches to the port included the following: patch-aa, patch-ab, patch-ac, patch-ba, patch-ca. >How-To-Repeat: Install the port and start isakmpd. It hogs cpu even without establishing a connnection to another computer. Sample isakmpd config and policy files follow. # # /etc/isakmpd/isakmpd.conf for FreeBSD system # [General] Retransmits= 5 Exchange-max-time= 120 Listen-on= 1.2.3.4 [Phase 1] 5.6.7.8= OpenBSD [Phase 2] Connections= FreeBSD-OpenBSD ### Phase 1 peers ### [OpenBSD] Phase= 1 Transport= udp Local-address= 1.2.3.4 Address= 5.6.7.8 Authentication= password Configuration= Default-main-mode ### Phase 2 connections ### [FreeBSD-OpenBSD] Phase= 2 ISAKMP-peer= OpenBSD Configuration= Default-quick-mode Remote-ID= gw-OpenBSD Local-ID= gw-FreeBSD ### ID Section ### [gw-FreeBSD] ID-type= IPV4_ADDR Address= 1.2.3.4 [gw-OpenBSD] ID-type= IPV4_ADDR Address= 5.6.7.8 ### Mode Descriptions ### [Default-main-mode] DOI= IPSEC EXCHANGE_TYPE= ID_PROT Transforms= 3DES-SHA [Default-quick-mode] DOI= IPSEC EXCHANGE_TYPE= QUICK_MODE Suites= QM-ESP-3DES-SHA-PFS-SUITE ----- cut here ----- # # /etc/isakmpd/isakmpd.policy for the FreeBSD system # KeyNote-Version: 2 Authorizer: "POLICY" Licenseese "passphrase:password" #Conditions: app_domain == "IPsec policy" && # esp_present == "yes" && # esp_enc_alg != "null" -> "true"; ----- cut here ----- >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message