kern/133060: Kernel panic with ipsec + pfsync + gif on FreeBSD 7
áÎÄÒÅÊ
dron at kubstu.ru
Wed Mar 25 06:10:07 PDT 2009
>Number: 133060
>Category: kern
>Synopsis: Kernel panic with ipsec + pfsync + gif on FreeBSD 7
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Mar 25 13:10:06 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: áÎÄÒÅÊ
>Release: FreeBSD 7.1-RELEASE-p4
>Organization:
kubstu
>Environment:
FreeBSD proxy2.kdr.vtb.ru 7.1-RELEASE-p4 FreeBSD 7.1-RELEASE-p4 #9: Wed Mar 25 11:59:49 MSK 2009 dron at proxy2.kubstu.ru:/usr/obj/usr/src-7/src/sys/new amd64
>Description:
éÍÅÅÔÓÑ Ä×Á ËÏÍÐØÀÔÅÒÁ Ó FreeBSD 7.1-RELEASE-p4, i386 É amd64. ëÏÍÐØÀÔÅÒÙ ÉÚÐÏÌØÚÕÀÔÓÑ × ËÁÞÅÓÔ×Å ÛÌÀÚÏ× Ó ÎÁÔ, ÒÅÁÌÉÚÏ×ÁÎÙÈ ÎÁ ÏÓÎÏ×Å pf.
ðÅÒ×ÙÊ ÉÓÐÏÌØÚÕÅÔÓÑ ËÁË ÏÓÎÏ×ÎÏÊ, ×ÔÏÒÏÊ ËÁË ÒÅÚÅÒ×ÎÙÊ.
äÌÑ ÓÉÎÈÒÏÎÉÚÁÃÉÉ ÔÁÂÌÉÃÙ ÓÏÓÔÏÑÎÉÊ ÉÓÐÏÌØÚÕÅÔÓÑ pfsync. þÔÏÂÙ ÎÅ Ó×ÅÔÉÔØ ÍÕÌØÔÉËÁÓÔ ÐÁËÅÔÙ É ÉÓËÌÀÞÉÔØ ×ÏÚÍÏÖÎÏÓÔØ ÓÐÕÆÉÎÇÁ pf, ÂÙÌÏ ÒÅÛÅÎÏ ÐÏÄÎÑÔØ ÍÅÖÄÕ ÈÏÓÔÁÍÉ ÔÕÎÅÌØ É ÚÁÛÉÆÒÏ×ÁÔØ ÅÇÏ Ó ÐÏÍÏÝØÀ ipsec+ipsec-tools (Ô.Ë. ÆÉÚÉÞÅÓËÉ ÉÈ Ó×ÑÚÁÔØ ÎÅÔ ×ÏÚÍÏÖÎÏÓÔÉ).
÷ ÜÔÏÔ ÔÕÎÅÌØ É ÐÏÓÙÌÁÅÔÓÑ ÔÒÁÆÉË pfsync. ðÒÉ ÜÔÏÍ ÏÂÅ ÓÉÓÔÅÍÙ ÐÁÄÁÀÔ × panic ÐÏÓÌÅ 10-20 ÐÁËÅÔÏ×.
ðÒÉ ÏÔËÌÀÞÅÎÉÉ × rc.conf ipsec ×ÓÑ ËÏÎÆÉÇÕÒÁÃÉÑ ÒÁÂÏÔÁÅÔ ÐÒÅ×ÏÓÈÏÄÎÏ.
ðÒÉ ÏÔËÌÀÞÅÎÉÉ pfsync É ×ËÌÀÞÅÎÎÏÍ ipsec, ÔÁËÖÅ ×ÓÅ ÒÁÂÏÔÁÅÔ, Ô.Å. ÞÅÒÅÚ ÔÕÎÅÌØ ÔÒÁÆÉË ÇÏÎÉÔÓÑ É tcpdump ÐÏËÁÚÙ×ÁÅÔ ÞÔÏ ÍÅÖÄÕ ÈÏÓÔÁÍÉ ÏÎ ÛÉÆÒÏ×ÁÎ.
÷ ×ÅÒÓÉÉ FreeBSD 6.4-RELEASE-p10 ÒÁÂÏÔÁ ÓÉÔÅÍÙ ÂÙÌÁ ÓÔÁÂÉÌØÎÏÊ.
îÁÓÔÒÏÊËÉ ÓÌÅÄÕÀÝÉÅ:
cat /etc/rc.conf (Master)
hostname="proxy"
defaultrouter="172.20.23.238"
gateway_enable="YES"
#Phisical ifaces.
ifconfig_xl0="inet 172.20.23.236 netmask 255.255.255.240"
ifconfig_re0="inet 192.168.1.253 netmask 255.255.255.0"
#Virtual ifaces.
cloned_interfaces="gif0"
gif_interfaces="gif0"
gifconfig_gif0="192.168.1.253 192.168.1.254"
ifconfig_gif0="inet 10.254.254.253 10.254.254.254"
pf_enable="YES"
pflog_enable="YES"
pfsync_enable="YES"
pfsync_syncdev="gif0"
ipsec_enable="YES"
racoon_enable="YES"
pftpx_enable="YES"
sshd_enable="YES"
cat /etc/rc.conf (Backup)
hostname="proxy2"
defaultrouter="172.20.23.238"
gateway_enable="YES"
#Phisical ifaces.
ifconfig_xl0="inet 172.20.23.237 netmask 255.255.255.240"
ifconfig_re0="inet 192.168.1.254 netmask 255.255.255.0"
#Virtual ifaces.
cloned_interfaces="gif0"
gif_interfaces="gif0"
gifconfig_gif0="192.168.1.254 192.168.1.253"
ifconfig_gif0="inet 10.254.254.254 10.254.254.253"
pf_enable="YES"
pflog_enable="YES"
pfsync_enable="YES"
pfsync_syncdev="gif0"
ipsec_enable="YES"
racoon_enable="YES"
pftpx_enable="YES"
sshd_enable="YES"
cat /etc/pf.conf (Master)
#<ifconfig
ext_if="xl0"
int_if="re0"
lo_if="lo0"
#ifconfig>
#<networks
ext_ip="172.20.23.236"
nat_ip="172.20.23.236"
int_ip="192.168.1.254"
int_net="192.168.1.0/24"
my_ip="192.168.1.250"
wsus_srv="192.168.1.20"
av_srv="172.20.23.225"
#networks>
#<services
net_svc_tcp="{25, 53, 80, 110}"
net_svc_udp="{53, 123}"
#services>
#<variables
set fingerprints "/etc/pf.os"
set block-policy drop
#variables>
#<nat ports
nat_ports="{80, 110, 143, 208, 443, 993, 995, 2041, 3128, 5190, 10000}"
#nat ports>
#<normalise
scrub in all
#normalise>
#<ftp-proxy rules
no rdr on $int_if proto tcp from any to self port 21
nat-anchor "pftpx/*"
rdr-anchor "pftpx/*"
rdr pass on $int_if proto tcp from $int_net to any port 21 -> $lo_if port 8021
#ftp-proxy rules>
#<NAT
nat pass on $ext_if proto tcp from $int_net to any port $nat_ports -> $nat_ip
#NAT>
#<AV
nat on $ext_if from any to $av_srv port 8080 -> $nat_ip
#AV>
#<NTP
rdr on $int_if proto udp from any to any port 123 -> $lo_if port 123
#NTP>
#<WSUS
rdr pass on $ext_if proto tcp from any to $ext_ip port 8530 -> $wsus_srv port 8530
#WSUS>
#<RDP
rdr on $ext_if proto tcp from any to $ext_ip port 3389 -> $my_ip port 3389
#RDP>
antispoof for $ext_if
anchor "pftpx/*"
#<Local if
pass quick on $lo_if all
#Local if>
#<me
pass quick from self to any keep state
#me>
#<CARP
pass quick on gif0
pass quick proto carp
#CARP>
#<inet svcs
pass in quick proto tcp from any to self port $net_svc_tcp
pass in quick proto udp from any to self port $net_svc_udp
#inet svcs>
#<RDP
pass in quick proto tcp from any to self port 3389
pass quick proto tcp from any to $my_ip port 3389
#RDP>
#<FTP
pass quick proto tcp from $int_net to self port {20, 21}
#FTP>
#<SRV
pass quick proto tcp from any to $wsus_srv port 8530 keep state
pass quick proto tcp from any to $av_srv port 8080 keep state
#SRV>
block log all
cat /etc/pf.conf (Slave)
#<ifconfig
ext_if="xl0"
int_if="re0"
lo_if="lo0"
#ifconfig>
#<networks
ext_ip="172.20.23.237"
nat_ip="172.20.23.237"
int_ip="192.168.1.253"
int_net="192.168.1.0/24"
my_ip="192.168.1.250"
wsus_srv="192.168.1.20"
av_srv="172.20.23.225"
#networks>
#<services
net_svc_tcp="{25, 53, 80, 110}"
net_svc_udp="{53, 123}"
#services>
#<variables
set fingerprints "/etc/pf.os"
set block-policy drop
#variables>
#<nat ports
nat_ports="{80, 110, 143, 208, 443, 993, 995, 2041, 3128, 5190, 10000}"
#nat ports>
#<normalise
scrub in all
#normalise>
#<ftp-proxy rules
no rdr on $int_if proto tcp from any to self port 21
nat-anchor "pftpx/*"
rdr-anchor "pftpx/*"
rdr pass on $int_if proto tcp from $int_net to any port 21 -> $lo_if port 8021
#ftp-proxy rules>
#<NAT
nat pass on $ext_if proto tcp from $int_net to any port $nat_ports -> $nat_ip
#NAT>
#<AV
nat on $ext_if from any to $av_srv port 8080 -> $nat_ip
#AV>
#<NTP
rdr on $int_if proto udp from any to any port 123 -> $lo_if port 123
#NTP>
#<WSUS
rdr pass on $ext_if proto tcp from any to $ext_ip port 8530 -> $wsus_srv port 8530
#WSUS>
#<RDP
rdr on $ext_if proto tcp from any to $ext_ip port 3389 -> $my_ip port 3389
#RDP>
antispoof for $ext_if
anchor "pftpx/*"
#<Local if
pass quick on $lo_if all
#Local if>
#<me
pass quick from self to any keep state
#me>
#<CARP
pass quick on gif0
pass quick proto carp
#CARP>
#<inet svcs
pass in quick proto tcp from any to self port $net_svc_tcp
pass in quick proto udp from any to self port $net_svc_udp
#inet svcs>
#<RDP
pass in quick proto tcp from any to self port 3389
pass quick proto tcp from any to $my_ip port 3389
#RDP>
#<FTP
pass quick proto tcp from $int_net to self port {20, 21}
#FTP>
#<SRV
pass quick proto tcp from any to $wsus_srv port 8530 keep state
pass quick proto tcp from any to $av_srv port 8080 keep state
#SRV>
block log all
cat /etc/ipsec.conf (Master)
flush;
spdflush;
spdadd 192.168.1.254/32 192.168.1.253/32 any -P out ipsec esp/transport//require;
spdadd 192.168.1.253/32 192.168.1.254/32 any -P in ipsec esp/transport//require;
cat /etc/ipsec.conf (Backup)
flush;
spdflush;
spdadd 192.168.1.253/32 192.168.1.254/32 any -P out ipsec esp/transport//require;
spdadd 192.168.1.254/32 192.168.1.253/32 any -P in ipsec esp/transport//require;
cat /usr/local/etc/racoon/racoon.conf
path include "/usr/local/etc/racoon" ;
path pre_shared_key "/usr/local/etc/racoon/psk.txt" ;
path certificate "/usr/local/etc/racoon/cert" ;
log debug;
padding
{
maximum_length 20; # maximum padding length.
randomize off; # enable randomize length.
strict_check off; # enable strict check.
exclusive_tail off; # extract last one octet.
}
listen
{
#isakmp ::1 [7000];
#isakmp 202.249.11.124 [500];
#admin [7002]; # administrative's port by kmpstat.
#strict_address; # required all addresses must be bound.
}
timer
{
# These value can be changed per remote node.
counter 5; # maximum trying count to send.
interval 20 sec; # maximum interval to resend.
persend 1; # the number of packets per a send.
phase1 30 sec;
phase2 15 sec;
}
remote anonymous
{
exchange_mode aggressive,main,base;
doi ipsec_doi;
situation identity_only;
nonce_size 16;
lifetime time 24 hour; # sec,min,hour
initial_contact on;
proposal_check obey; # obey, strict or claim
proposal {
encryption_algorithm 3des;
hash_algorithm sha1;
authentication_method pre_shared_key ;
dh_group 2 ;
}
}
sainfo anonymous
{
pfs_group 1;
lifetime time 24 hour;
encryption_algorithm 3des ;
authentication_algorithm hmac_sha1;
compression_algorithm deflate ;
}
cat /usr/local/etc/racoon/psk.txt
192.168.1.254 PF_SYNC_PASS
192.168.1.253 PF_SYNC_PASS
cat /sys/i386/conf/new
include GENERIC
ident "Kernel with PF, POOLING, pflog, pfsync, ipsec"
nooptions INET6
nooptions SCTP
options IPSEC
options IPSEC_DEBUG
options IPSEC_FILTERTUNNEL
device crypto
options DEVICE_POLLING
options HZ=3000
device pf
option ALTQ
device pflog
device pfsync
options PANIC_REBOOT_WAIT_TIME=5
cat /sys/amd64/conf/new
include GENERIC
ident "Kernel with PF, POOLING, pflog, pfsync, ipsec"
nooptions INET6
nooptions SCTP
options IPSEC
options IPSEC_DEBUG
options IPSEC_FILTERTUNNEL
device crypto
options DEVICE_POLLING
options HZ=3000
device pf
option ALTQ
device pflog
device pfsync
options PANIC_REBOOT_WAIT_TIME=5
cat /etc/sysctl.conf
# $FreeBSD: src/etc/sysctl.conf,v 1.8 2003/03/13 18:43:50 mux Exp $
#
# This file is read when going to multi-user and its contents piped thru
# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
#
# Uncomment this to prevent users from seeing information about processes that
# are being run under another UID.
#security.bsd.see_other_uids=0
#net.link.ether.inet.log_arp_wrong_iface=0
kern.maxfilesperproc=20000
kern.maxfiles=25000
net.inet.tcp.blackhole=1
net.inet.udp.blackhole=1
machdep.hyperthreading_allowed=1
kern.polling.enable=1
net.inet.tcp.delayed_ack=0
net.inet.tcp.always_keepalive=0
kern.fallback_elf_brand=3
kern.sync_on_panic=1
äÁÍÐ ÕÄÁÌÏÓØ ÐÏÌÕÞÉÔØ ÔÏÌØËÏ ÄÌÑ amd64
[root at proxy2 /usr/obj/usr/src-7/src/sys/new]# kgdb kernel.debug /var/crash/vmco
re.0
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Unread portion of the kernel message buffer:
Fatal trap 9: general protection fault while in kernel mode
cpuid = 1; apic id = 01
instruction pointer = 0x8:0xffffffff805e7f00
stack pointer = 0x10:0xffffffffabfdc230
frame pointer = 0x10:0xffffff00016eb300
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 23 (thread taskq)
trap number = 9
panic: general protection fault
cpuid = 1
Syncing disks, vnodes remaining...17 Syncing disks, buffers remaining... 712 712
712 712 712 712 712 712 712 1 1 712 712 712 0 712 0 712 712 0 712 0 712 0 712 7
12 0 712 0
Giving up on 712 buffers
0 0 0 0 0 Uptime: 2m16s
Physical memory: 2023 MB
Dumping 107 MB:0 92 76 60 44 280 12
#0 doadump () at pcpu.h:195
195 __asm __volatile("movq %%gs:0,%0" : "=r" (td));
(kgdb) bt
#0 doadump () at pcpu.h:195
#1 0x0000000000000004 in ?? ()
#2 0xffffffff804ea279 in boot (howto=256)
at /usr/src-7/src/sys/kern/kern_shutdown.c:418
#3 0xffffffff804ea682 in panic (fmt=0x104 <Address 0x104 out of bounds>)
at /usr/src-7/src/sys/kern/kern_shutdown.c:574
#4 0xffffffff80765913 in trap_fatal (frame=0xffffff0001249370, eva=Variable "ev
a" is not available.
)
at /usr/src-7/src/sys/amd64/amd64/trap.c:764
#5 0xffffffff80766465 in trap (frame=0xffffffffabfdc180)
at /usr/src-7/src/sys/amd64/amd64/trap.c:565
#6 0xffffffff8074be1e in calltrap ()
at /usr/src-7/src/sys/amd64/amd64/exception.S:209
#7 0xffffffff805e7f00 in ipsec_setspidx (m=0xffffff00016eb300,
spidx=0xffffffffabfdc2e0, needport=1)
at /usr/src-7/src/sys/netipsec/ipsec.c:578
#8 0xffffffff805e8336 in ipsec_getpolicybyaddr (m=0xffffff00016eb300, dir=2,
flag=2, error=0xffffffffabfdc458)
at /usr/src-7/src/sys/netipsec/ipsec.c:425
#9 0xffffffff805e89d9 in ipsec4_checkpolicy (m=Variable "m" is not available.
)
at /usr/src-7/src/sys/netipsec/ipsec.c:453
#10 0xffffffff805d0959 in ip_ipsec_output (m=0xffffffffabfdc418, inp=0x0,
flags=0xffffffffabfdc40c, error=0xffffffffabfdc458, ro=Variable "ro" is not
available.
)
at /usr/src-7/src/sys/netinet/ip_ipsec.c:272
#11 0xffffffff805d20bd in ip_output (m=0xffffff00016eb300, opt=Variable "opt" is
not available.
)
at /usr/src-7/src/sys/netinet/ip_output.c:423
#12 0xffffffff805e9a0f in ipsec_process_done (m=0xffffff00016eb300,
isr=0xffffff0001528600) at /usr/src-7/src/sys/netipsec/ipsec_output.c:182
#13 0xffffffff805f7c22 in esp_output_cb (crp=0xffffff0001b63898)
at /usr/src-7/src/sys/netipsec/xform_esp.c:965
#14 0xffffffff8063c300 in crypto_done (crp=0xffffff0001b63898)
at /usr/src-7/src/sys/opencrypto/crypto.c:1148
#15 0xffffffff8063e700 in swcr_process (dev=Variable "dev" is not available.
)
at /usr/src-7/src/sys/opencrypto/cryptosoft.c:975
#16 0xffffffff8063d15a in crypto_invoke (cap=0xffffff000124c000,
crp=0xffffff0001b63898, hint=0) at cryptodev_if.h:53
#17 0xffffffff8063dc7b in crypto_dispatch (crp=0xffffff0001b63898)
at /usr/src-7/src/sys/opencrypto/crypto.c:798
#18 0xffffffff805f830b in esp_output (m=0xa0, isr=0xffffff0001528600, mp=Variabl
e "mp" is not available.
)
at /usr/src-7/src/sys/netipsec/xform_esp.c:875
#19 0xffffffff805e9e05 in ipsec4_process_packet (m=0xffffff00016eb300,
isr=0xffffff0001528600, flags=Variable "flags" is not available.
)
at /usr/src-7/src/sys/netipsec/ipsec_output.c:504
#20 0xffffffff805d08ec in ip_ipsec_output (m=0xffffffffabfdc978, inp=0x0,
flags=0xffffffffabfdc96c, error=0xffffffffabfdc9b8, ro=Variable "ro" is not
available.
)
at /usr/src-7/src/sys/netinet/ip_ipsec.c:331
#21 0xffffffff805d20bd in ip_output (m=0xffffff00016eb300, opt=Variable "opt" is
not available.
)
at /usr/src-7/src/sys/netinet/ip_output.c:423
#22 0xffffffff805c7685 in in_gif_output (ifp=0xffffff000160c800, family=Variable
"family" is not available.
)
at /usr/src-7/src/sys/netinet/in_gif.c:230
#23 0xffffffff80587acf in gif_output (ifp=0xffffff000160c800,
m=0xffffff00016eb300, dst=0xffffffffabfdcb28, rt=Variable "rt" is not availa
ble.
)
at /usr/src-7/src/sys/net/if_gif.c:455
#24 0xffffffff805d2370 in ip_output (m=0xffffff00016eb300, opt=Variable "opt" is
not available.
)
at /usr/src-7/src/sys/netinet/ip_output.c:554
#25 0xffffffff801bef5d in pfsync_senddef (arg=Variable "arg" is not available.
)
at /usr/src-7/src/sys/contrib/pf/net/if_pfsync.c:2293
#26 0xffffffff8051f3bd in taskqueue_run (queue=0xffffff0001212b00)
at /usr/src-7/src/sys/kern/subr_taskqueue.c:282
#27 0xffffffff8051f666 in taskqueue_thread_loop (arg=Variable "arg" is not avail
able.
)
at /usr/src-7/src/sys/kern/subr_taskqueue.c:401
#28 0xffffffff804c6c63 in fork_exit (
callout=0xffffffff8051f600 <taskqueue_thread_loop>,
arg=0xffffffff80aa6a70, frame=0xffffffffabfdcc80)
at /usr/src-7/src/sys/kern/kern_fork.c:804
#29 0xffffffff8074c1ee in fork_trampoline ()
at /usr/src-7/src/sys/amd64/amd64/exception.S:455
#30 0x0000000000000000 in ?? ()
#31 0x0000000000000000 in ?? ()
#32 0x0000000000000001 in ?? ()
#33 0x0000000000000000 in ?? ()
#34 0x0000000000000000 in ?? ()
#35 0x0000000000000000 in ?? ()
#36 0x0000000000000000 in ?? ()
#37 0x0000000000000000 in ?? ()
#38 0x0000000000000000 in ?? ()
#39 0x0000000000000000 in ?? ()
#40 0x0000000000000000 in ?? ()
#41 0x0000000000000000 in ?? ()
#42 0x0000000000000000 in ?? ()
#43 0x0000000000000000 in ?? ()
#44 0x0000000000000000 in ?? ()
#45 0x0000000000000000 in ?? ()
#46 0x0000000000000000 in ?? ()
#47 0x0000000000000000 in ?? ()
#48 0x0000000000000000 in ?? ()
#49 0x0000000000000000 in ?? ()
#50 0x0000000000000000 in ?? ()
#51 0x0000000000000000 in ?? ()
#52 0x0000000000000000 in ?? ()
#53 0x0000000000000000 in ?? ()
#54 0x0000000000d27000 in ?? ()
#55 0xffffffff80a96bc0 in tdg_maxid ()
#56 0xffffffff80aa33c0 in tdq_cpu ()
#57 0xffffffff80aa5bc0 in sleepq_chains ()
#58 0xffffff0001249370 in ?? ()
#59 0xffffff00012496a0 in ?? ()
#60 0xffffffffabfdbc98 in ?? ()
#61 0xffffff0001249370 in ?? ()
#62 0xffffffff8050aea8 in sched_switch (td=0xffffffff8051f600,
newtd=0x8006a43d0, flags=Variable "flags" is not available.
) at /usr/src-7/src/sys/kern/sched_ule.c:1938
#63 0x0000000000000000 in ?? ()
#64 0x0000000000000000 in ?? ()
#65 0x0000000000000000 in ?? ()
#66 0x0000000000000000 in ?? ()
#67 0x0000000000000000 in ?? ()
#68 0x0000000000000000 in ?? ()
#69 0x0000000000000000 in ?? ()
#70 0x0000000000000000 in ?? ()
#71 0x0000000000000000 in ?? ()
#72 0x0000000000000000 in ?? ()
#73 0x0000000000000000 in ?? ()
#74 0x0000000000000000 in ?? ()
#75 0x0000000000000000 in ?? ()
#76 0x0000000000000000 in ?? ()
#77 0x0000000000000000 in ?? ()
#78 0x0000000000000000 in ?? ()
#79 0x0000000000000000 in ?? ()
#80 0x0000000000000000 in ?? ()
#81 0x0000000000000000 in ?? ()
#82 0x0000000000000000 in ?? ()
#83 0x0000000000000000 in ?? ()
#84 0x0000000000000000 in ?? ()
#85 0x0000000000000000 in ?? ()
#86 0x0000000000000000 in ?? ()
#87 0x0000000000000000 in ?? ()
#88 0x0000000000000000 in ?? ()
#89 0x0000000000000000 in ?? ()
#90 0x0000000000000000 in ?? ()
#91 0x0000000000000000 in ?? ()
#92 0x0000000000000000 in ?? ()
#93 0x0000000000000000 in ?? ()
#94 0x0000000000000000 in ?? ()
#95 0x0000000000000000 in ?? ()
#96 0x0000000000000000 in ?? ()
#97 0x0000000000000000 in ?? ()
#98 0x0000000000000000 in ?? ()
#99 0x0000000000000000 in ?? ()
#100 0x0000000000000000 in ?? ()
#101 0x0000000000000000 in ?? ()
#102 0x0000000000000000 in ?? ()
#103 0x0000000000000000 in ?? ()
#104 0x0000000000000000 in ?? ()
#105 0x0000000000000000 in ?? ()
#106 0x0000000000000000 in ?? ()
#107 0x0000000000000000 in ?? ()
#108 0x0000000000000000 in ?? ()
#109 0x0000000000000000 in ?? ()
#110 0x0000000000000000 in ?? ()
#111 0x0000000000000000 in ?? ()
#112 0x0000000000000000 in ?? ()
#113 0x0000000000000000 in ?? ()
#114 0x0000000000000000 in ?? ()
#115 0x0000000000000000 in ?? ()
#116 0x0000000000000000 in ?? ()
#117 0x0000000000000000 in ?? ()
#118 0x0000000000000000 in ?? ()
#119 0x0000000000000000 in ?? ()
#120 0x0000000000000000 in ?? ()
#121 0x0000000000000000 in ?? ()
#122 0x0000000000000000 in ?? ()
#123 0x0000000000000000 in ?? ()
#124 0x0000000000000000 in ?? ()
#125 0x0000000000000000 in ?? ()
#126 0x0000000000000000 in ?? ()
#127 0x0000000000000000 in ?? ()
#128 0x0000000000000000 in ?? ()
#129 0x0000000000000000 in ?? ()
#130 0x0000000000000000 in ?? ()
Cannot access memory at address 0xffffffffabfdd000
(kgdb)
>How-To-Repeat:
1. õÓÔÁÎÏ×ÉÔØ ÓÉÓÔÅÍÕ.
2. õÓÔÁÎÏ×ÉÔØ ÐÏÒÔ /usr/ports/security/ipsec-tools
Options for ipsec-tools 0.7.1
‚€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€ƒ
[X] DEBUG enable Debug support
[ ] IPV6 enable IPV6 support
[ ] ADMINPORT enable Admin port
[ ] STATS enable Statistics logging function
[X] DPD enable Dead Peer Detection
[ ] NATT enable NAT-Traversal (kernel-patch required)
[ ] NATTF require NAT-Traversal (fail without kernel-patch)
[X] FRAG enable IKE fragmentation payload support
[X] HYBRID enable Hybrid, Xauth and Mode-cfg support
[ ] PAM enable PAM authentication (Xauth server)
[ ] RADIUS enable Radius authentication (Xauth server)
[ ] LDAP enable LDAP authentication (Xauth server)
[ ] GSSAPI enable GSS-API authentication
[ ] SAUNSPEC enable Unspecified SA mode
[ ] RC5 enable RC5 encryption (patented)
„€€€€v(+)€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€…
[ OK ] Cancel
3. îÁÓÔÒÏÉÔØ racoon + ipsec
4. ðÏÓÌÅ ÏÂÍÅÎÁ ËÌÀÞÁÍÉ ÞÅÒÅÚ ÎÅËÏÔÏÒÏÅ ×ÒÅÍÑ (ÚÁ×ÉÓÉÔ ÏÔ ÓÅÔÅ×ÏÊ ÁËÔÉ×ÎÏÓÔÉ) ÐÒÏÉÓÈÏÄÉÔ kernel panic.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list