Shoichi Sakane wrote:
> I have tested, but I couldn't have any error. I made the following network.
> And I executed flooding ping to A from both B and C. All of hosts seemed
> quite stable. Of course, these ICMP packet were encapsulated by ESP.
>
> Actually, I couldn't prepare three FreeBSD machine.
> A and C are FreeBSD4.2-RELEASE, and B is NetBSD1.5.
> All of them are *WITHOUT* KAME patch.
>
> A ---+--- B
> |
> +--- C
This is O.K. you really only need one machine, A, to screw with, the
others can be NetBSD, OpenBSD, or any other IPsec agent.
> Host A is powerless machine which is pentium 100MHz.
> just in case, I attach these configuration and results into this mail.
(I have seen some kind of repost of your mail, so none of the
attachments made it thorugh. But I believe you.)
> > > is the following description correct?
> > > - FreeBSD 4.2-RELEASE is not affected
> > yes, it is affected with kernel panic (under high loads only ...)
>
> How was "high loads" ? I did flooding ping invoked "-f -s 1000"
> from both B and C. But kernel panic didn't happened.
Well, "high load" means conveying a certain video conferencing
application. BUT THIS IS NOT the problem. Let us NOT worry about
those kernel panics which only occurred in the now obsolete 4.2
RELEASE. What worries me more is that the 20010326 KAME snap does
not work with more than one tunnel.
> I haven't checked the following case. But I think the issue exists in
> a other place.
>
> > > - FreeBDS 4.2-RELEASE + KAME SNAP 200103xx has problem, but no kernel
> > > panic
> > right, shows the described problems but has no such kernel panics
>
> > > - FreeBSD 4.2-RELEASE + KAME SNAP 200104xx has problem, with kernel
> > > panic
> > actually I should test that. Will do tomorrow.
Thanks Shoichi for testing this. Sorry I probably misled you in
thinking this kernel panic issue is more important. If you
have an easy way to do it, you might want to test this against
KAME SNAP 20010326, but if not, don't worry for now, I will
first try the 20010417 SNAP to see whether it's on there. If
I do find it, I will be back!
regards
-Gunther
PS: BTW, now that fbsd 4.3-RELEASE is out, when are you planning to
put the SNAP kit on the basis of 4.3? KAME has precedence for me
right now, so I won't move to 4.3 before the first SNAP kit is
based on 4.3.
--
Gunther Schadow, M.D., Ph.D. [EMAIL PROTECTED]
Medical Information Scientist Regenstrief Institute for Health Care
Adjunct Assistent Professor Indiana University School of Medicine
tel:1(317)630-7960 http://aurora.regenstrief.org
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
