[Bug 219356] Using AES-GCM with IPSEC with aesni module loaded panics FreeBSD 11 stable

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed May 17 14:39:37 UTC 2017 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=219356

            Bug ID: 219356
           Summary: Using AES-GCM with IPSEC with aesni module loaded
                    panics FreeBSD 11 stable
           Product: Base System
           Version: 11.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: lab at gta.com

Created attachment 182666
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=182666&action=edit
Core text file from panic

Using iperf to pass data between two hosts behind two FreeBSD gateways that
have an IPSec tunnel between them will panic gateway. The gateway that panics
os the one doing most of the decryption (gateway in front of iperf running in
server mode). I used iperf in UDP mode. Not sure if that is needed. If I use
11.0-RELEASE-p9 I do not see this issue. 

I used strongswan to create IPSec tunnel between gateways. If duplicating, make
sure GCM option is turned on for strongswan.

Setkey -D shows:
172.16.72.71 172.16.73.67
        esp mode=tunnel spi=3420721730(0xcbe41242) reqid=1(0x00000001)
        E: aes-gcm-16  83cc9338 e415ad69 340ecec3 1e698f52 c2b2dc8e 19687c70
192200ca 9c7564a8
 27bba7d2
        seq=0x00000001 replay=0 flags=0x00000000 state=mature
        created: May 17 10:37:56 2017   current: May 17 10:38:01 2017
        diff: 5(s)      hard: 3600(s)   soft: 2935(s)
        last: May 17 10:37:57 2017      hard: 0(s)      soft: 0(s)
        current: 140(bytes)     hard: 0(bytes)  soft: 0(bytes)
        allocated: 1    hard: 0 soft: 0
        sadb_seq=1 pid=808 refcnt=1
172.16.73.67 172.16.72.71
        esp mode=tunnel spi=3464455471(0xce7f652f) reqid=1(0x00000001)
        E: aes-gcm-16  032a2b86 1f878f00 b7b09d0e f95233e1 14af88a4 f5e3ad11
380a9fa7 8afc3a01
 c72438bc
        seq=0x00000000 replay=4 flags=0x00000000 state=mature
        created: May 17 10:37:56 2017   current: May 17 10:38:01 2017
        diff: 5(s)      hard: 3600(s)   soft: 2530(s)
        last: May 17 10:37:57 2017      hard: 0(s)      soft: 0(s)
        current: 84(bytes)      hard: 0(bytes)  soft: 0(bytes)
        allocated: 1    hard: 0 soft: 0
        sadb_seq=0 pid=808 refcnt=1

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list