[PATCH] IPSec fixes
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Thu Jan 15 22:40:12 PST 2004
On Fri, 16 Jan 2004, Jun-ichiro itojun Hagino wrote:
Hi,
> the problem i have with the patch is, i have never experienced the
> symptom with NetBSD. no panic at all, no funny "SPD entry go away
> when it has to stay" issue nor no "dangling pointer" issue.
> could you show me your script which panics your FreeBSD box? i will
> try that on NetBSD-current box here.
don't have a shell script but do it on command line by hand. This gives
better logging to serial console when debugging what events occured
when. The basic idea is:
1. have racoon startup at boot time
2. run setkey -f an_ipsec.conf
an_ipsec.conf:
spdflush;
spdadd ...
spdadd ...
spdadd ...
spdadd ...
...
3. wait some short time (0-2 minutes) and perhaps do some traffic
I usually open a a ssh connection (no ipsec in that path) to my
directly connected syslog server, reattach a screen with some
tail -f on logfiles
4. repeat step 2
5. do s.th. like check netstat -s -p ipsec or just wait some seconds
6. kill <pid of racoon>
7. count to ten and wait for the panic to come
step 1-3 are done automatically when booting, when I come back to my
workstation I open the ssh connection through the ipsec router.
killing racoon has turned out to be a good thing to crash the box.
Soemtimes I will see some
"ipsec4_getpolicybysock: Invalid policy for PCB N"
with N any number , be it 0 oder p.ex. 4657 oder 0xdeadcode and I will know
that a panic is ahead anyway.
> there could be some difference in NetBSD kernel code and FreeBSD due
> to KAME->*BSD merge timing, and FreeBSD could have pull in some source
> of instability (just my guess).
So I should diff between NetBSD and FreeBSD and not KAME to FreeBSD ?
--
Greetings
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
56 69 73 69 74 http://www.zabbadoz.net/
More information about the freebsd-current
mailing list