Date: Mon, 20 Aug 2007 10:27:28 +0200 From: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> To: freebsd-net@freebsd.org Cc: Scott Ullrich <sullrich@gmail.com> Subject: Re: Racoon(ipsec-tools) enters sbwait state or 100% CPU utilization quite often on RELENG_1_2 Message-ID: <20070820082728.GA28863@zen.inc> In-Reply-To: <m27ins2pby.wl%gnn@neville-neil.com> References: <d5992baf0708171353j7e7563a8y8dca4475779bc410@mail.gmail.com> <20070818102803.GA1319@jayce.zen.inc> <d5992baf0708181258t501e5842y6b8bdee8a5c2e07c@mail.gmail.com> <m27ins2pby.wl%gnn@neville-neil.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 19, 2007 at 12:08:49PM +0900, George V. Neville-Neil wrote: [....] > Please file a PR and assign it to me. > > I read your kernel config, and it seems you were using FAST_IPSEC, and > not Kame IPsec, so I'm wondering how relevant Yvan's comment might > be. I think we should look a bit more deeply at this. I tracked down the problem a few years ago, on FreeBSD 4.11, with KAME's IPSec stack. But the problem was not really in the stack itself, but rather in socket processing (in other words: not in netkey/*, but in kern/uipc_socket2.c). And as both IPSec stacks shares some PFKey constraints (for example one message per entry when dumping SADB / SPD), I guess the same problem existed in FAST_IPSEC. But when I had some time a few months ago to start filling a PR for the problem, I had a look at FreeBSD6 source code, and I noticed that sbspace macro (which was a quite important part of the problem) has changed, and I didn't have the required setup to do the test again, so I just can't be really sure the problem still exists... But the reported problem really has similar symptoms..... Yvan. -- NETASQ http://www.netasq.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070820082728.GA28863>