The following reply was made to PR kern/164400; it has been noted by GNATS.
From: "Eugene M. Zheganin" <e...@norma.perm.ru>
To: bug-follo...@freebsd.org, eug...@zhegan.in
Cc:
Subject: Re: kern/164400: [ipsec] immediate crash after the start of ipsec
processing
Date: Thu, 01 Mar 2012 10:38:38 +0600
yeah, I'm working on it. will do today.
Right now I localized this crash to a minimal configuration. And it
looks like ipsec is simply broken, don't know if this is ah or esp or
only when both, but it crashes with this config:
ipsec.conf
===Cut===
spdflush;
#
# HQ, Wizard, Test
#
spdadd 192.168.3.134 192.168.3.24 gre -P out ipsec
esp/transport/192.168.3.134-192.168.3.24/require
ah/transport/192.168.3.134-192.168.3.24/require;
spdadd 192.168.3.24 192.168.3.134 gre -P in ipsec
esp/transport/192.168.3.24-192.168.3.134/require
ah/transport/192.168.3.24-192.168.3.134/require;
add 192.168.3.134 192.168.3.24 esp 0x10001 -m transport -E des-cbc
0xffffffffffffffff;
add 192.168.3.24 192.168.3.134 esp 0x10002 -m transport -E des-cbc
0xffffffffffffffff;
add 192.168.3.134 192.168.3.24 ah 0x10003 -m transport -A keyed-md5
"xxxxxxxxxxxxxxxx";
add 192.168.3.24 192.168.3.134 ah 0x10004 -m transport -A keyed-md5
"xxxxxxxxxxxxxxxx";
===Cut===
Tunnel:
gre0: flags=b051<UP,POINTOPOINT,RUNNING,LINK0,LINK1,MULTICAST> metric 0
mtu 1476
tunnel inet 192.168.3.134 --> 192.168.3.24
inet 172.16.3.63 --> 172.16.3.62 netmask 0xffffffff
inet6 fe80::20d:b9ff:fe20:d980%gre0 prefixlen 64 tentative
scopeid 0x9
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
192.168.3.134 is a panicbox IP. 192.168.3.24 is a real IP existing on
the network, but it has no SA installed (I guess this can be any
address, even nonexisting, because this is static IPSEC, as you can see).
First packet is sent and system crashes.
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
