Hi list!
After upgrading from 4.7 to 5.0, i started to have problems with SHA1 when
using Broadcom 5862 crypto accelerator with IPSec.
I am using a IPSec tunnel between two machines, where one end has a crypto
accelerator and other doesn't.
Machine with CA(host0) is running 5.0-current i386 from 20. December,
second machine(host1) is running 4.9 release i386 patched to latest errata.
When using SHA1 or MD5, there is packet loss on the link and i see netstat
"packets that failed verification received" counter increasing on host1.
There are no packet verification errors on host0. I have tested it with CA
on both ends and the result is similar(packet verification fail on both
ends).
I have tested host0 also with 4.9 and 5.0 release - problem is the same.
Before upgrade, when host0 was running 4.7 release, same configuration
worked without any problem.
There were also no problems when host0 was running 4.7 and host1 4.9.
Problem occurs with SHA1 and MD5, which are both supported by CA. When
using SHA2(that is not supported by CA) everything
works. Problem exist with tunnel and transport mode.
Any debugging hints and ideas to get sha1 working are welcome,
Joosep
CA in question is:
ubsec0 at pci5 dev 0 function 0 "Broadcom 5862" rev 0x01: 3DES MD5 SHA1 AES
PK, apic 9 int 0
ipsec.conf:
ike esp transport proto ipencap from $host0_ip to $host1_ip \
local $host0_ip peer $host1_ip quick auth hmac-sha1 enc aes \
srcid $host0_id dstid $host1_id
dmseg of host0:
OpenBSD 5.0-current (GENERIC) #118: Tue Dec 20 11:09:21 MST 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Dual-Core AMD Opteron(tm) Processor 2210 ("AuthenticAMD" 686-class,
1024KB L2 cache) 1.81 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,SSE3,CX16,LAHF,SVM
real mem = 1071501312 (1021MB)
avail mem = 1043890176 (995MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf0000,
SMBIOS rev. 2.4 @ 0xee000 (64 entries)
bios0: vendor HP version "A10" date 07/17/2009
bios0: HP ProLiant DL365 G1
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC SRAT FFFF BERT HEST
acpi0: wakeup devices PPXB(S4) PXS2(S4) EXB0(S4) EXB1(S4) EXB2(S4) EXB3(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimcfg0 at acpi0 addr 0xd0000000, bus 64-255
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 200MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 8 pa 0xfec00000, version 11, 16 pins
ioapic1 at mainbus0: apid 9 pa 0xfec01000, version 11, 16 pins
acpiprt0 at acpi0: bus 2 (PPXB)
acpiprt1 at acpi0: bus 0 (PCI0)
acpiprt2 at acpi0: bus 75 (EXB0)
acpiprt3 at acpi0: bus 72 (EXB1)
acpiprt4 at acpi0: bus 66 (NB01)
acpiprt5 at acpi0: bus 68 (NB02)
acpiprt6 at acpi0: bus 69 (EXB4)
acpiprt7 at acpi0: bus 64 (PCI1)
acpicpu0 at acpi0: PSS
bios0: ROM list: 0xc0000/0xb000 0xcb000/0x4000! 0xcf000/0x1800
0xe5000/0x2000!
ipmi at mainbus0 not configured
cpu0: PowerNow! K8 1801 MHz: speeds: 1800 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
vga1 at pci0 dev 3 function 0 "ATI ES1000" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
radeondrm0 at vga1: apic 9 int 11
drm0 at radeondrm0
"Compaq iLO" rev 0x03 at pci0 dev 4 function 0 not configured
"Compaq iLO" rev 0x03 at pci0 dev 4 function 2 not configured
uhci0 at pci0 dev 4 function 4 "Hewlett-Packard USB" rev 0x00: apic 9 int 10
"Hewlett-Packard IPMI" rev 0x00 at pci0 dev 4 function 6 not configured
ppb0 at pci0 dev 5 function 0 "ServerWorks HT-1000 PCI" rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci1 dev 13 function 0 "ServerWorks HT-1000 PCIX" rev 0xc0
pci2 at ppb1 bus 2
piixpm0 at pci0 dev 6 function 0 "ServerWorks HT-1000" rev 0x00: polling
iic0 at piixpm0
pciide0 at pci0 dev 6 function 1 "ServerWorks HT-1000 IDE" rev 0x00: DMA
pcib0 at pci0 dev 6 function 2 "ServerWorks HT-1000 LPC" rev 0x00
ohci0 at pci0 dev 7 function 0 "ServerWorks HT-1000 USB" rev 0x01: apic 8
int 5, version 1.0, legacy support
ohci1 at pci0 dev 7 function 1 "ServerWorks HT-1000 USB" rev 0x01: apic 8
int 5, version 1.0, legacy support
ehci0 at pci0 dev 7 function 2 "ServerWorks HT-1000 USB" rev 0x01: apic 8
int 5
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "ServerWorks EHCI root hub" rev 2.00/1.00 addr 1
pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00
pci3 at pchb0 bus 64
ppb2 at pci3 dev 15 function 0 "ServerWorks HT-2100 PCIE" rev 0xa2
pci4 at ppb2 bus 75
ppb3 at pci4 dev 0 function 0 "ServerWorks PCIE-PCIX" rev 0xc1
pci5 at ppb3 bus 76
ubsec0 at pci5 dev 0 function 0 "Broadcom 5862" rev 0x01: 3DES MD5 SHA1 AES
PK, apic 9 int 0
ppb4 at pci3 dev 16 function 0 "ServerWorks HT-2100 PCIE" rev 0xa2
pci6 at ppb4 bus 72
ppb5 at pci3 dev 17 function 0 "ServerWorks HT-2100 PCIE" rev 0xa2
pci7 at ppb5 bus 65
ppb6 at pci7 dev 0 function 0 "ServerWorks PCIE-PCIX" rev 0xc2
pci8 at ppb6 bus 66
bnx0 at pci8 dev 0 function 0 "Broadcom BCM5708" rev 0x11: apic 9 int 3
ppb7 at pci3 dev 18 function 0 "ServerWorks HT-2100 PCIE" rev 0xa2
pci9 at ppb7 bus 67
ppb8 at pci9 dev 0 function 0 "ServerWorks PCIE-PCIX" rev 0xc2
pci10 at ppb8 bus 68
bnx1 at pci10 dev 0 function 0 "Broadcom BCM5708" rev 0x11: apic 9 int 12
ppb9 at pci3 dev 19 function 0 "ServerWorks HT-2100 PCIE" rev 0xa2
pci11 at ppb9 bus 69
ppb10 at pci11 dev 0 function 0 "ServerWorks PCIE-PCIX" rev 0xb4
pci12 at ppb10 bus 70
ppb11 at pci12 dev 4 function 0 "ServerWorks HT-1000 PCIX" rev 0xb2
pci13 at ppb11 bus 71
ciss0 at pci12 dev 8 function 0 "Hewlett-Packard Smart Array" rev 0x00:
apic 9 int 1
ciss0: 1 LD, HW rev 0, FW 1.84/1.84
scsibus0 at ciss0: 1 targets
sd0 at scsibus0 targ 0 lun 0: <HP, LOGICAL VOLUME, 1.84> SCSI3 0/direct
fixed
sd0: 69973MB, 512 bytes/sector, 143305920 sectors
pchb1 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00
pchb2 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00
kate0 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00: core rev
JH-F2
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Hewlett-Packard UHCI root hub" rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
com1: probed fifo depth: 0 bytes
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb2 at ohci0: USB revision 1.0
uhub2 at usb2 "ServerWorks OHCI root hub" rev 1.00/1.00 addr 1
usb3 at ohci1: USB revision 1.0
uhub3 at usb3 "ServerWorks OHCI root hub" rev 1.00/1.00 addr 1
mtrr: Pentium Pro MTRR support
uhidev0 at uhub1 port 1 configuration 1 interface 0 "HP Virtual Keyboard"
rev 1.10/0.02 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes, country code 33
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub1 port 1 configuration 1 interface 1 "HP Virtual Keyboard"
rev 1.10/0.02 addr 2
uhidev1: iclass 3/1
ums0 at uhidev1: 3 buttons
wsmouse0 at ums0 mux 0
uhub4 at uhub3 port 1 "Cypress Semiconductor USB2 Hub" rev 2.00/0.07 addr 2
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on sd0a (337832b5b8c03c27.a) swap on sd0b dump on sd0b
bnx0: address 00:1a:4b:a6:3f:20
brgphy0 at bnx0 phy 1: BCM5708C 10/100/1000baseT PHY, rev. 5
bnx1: address 00:1a:4b:a6:3f:18
brgphy1 at bnx1 phy 1: BCM5708C 10/100/1000baseT PHY, rev. 5
