[PATCH] IPSec fixes

itojun at iijlab.net itojun at iijlab.net
Thu Jan 15 22:44:41 PST 2004

>On Fri, 16 Jan 2004, Jun-ichiro itojun Hagino wrote:
>> 	the problem i have with the patch is, i have never experienced the
>> 	symptom with NetBSD.  no panic at all, no funny "SPD entry go away
>> 	when it has to stay" issue nor no "dangling pointer" issue.
>> 	could you show me your script which panics your FreeBSD box?  i will
>> 	try that on NetBSD-current box here.
>don't have a shell script but do it on command line by hand. This gives
>better logging to serial console when debugging what events occured
>when. The basic idea is:
>1. have racoon startup at boot time
>2. run setkey -f an_ipsec.conf
>	an_ipsec.conf:
>		spdflush;
>		spdadd ...
>		spdadd ...
>		spdadd ...
>		spdadd ...
>		...
>3. wait some short time (0-2 minutes) and perhaps do some traffic
>   I usually open a a ssh connection (no ipsec in that path) to my
>   directly connected syslog server, reattach a screen with some
>   tail -f on logfiles
>4. repeat step 2
>5. do s.th. like check netstat -s -p ipsec or just wait some seconds
>6. kill <pid of racoon>
>7. count to ten and wait for the panic to come

	this does not help me repeat the symptom.  could you cook up a shell
	script which panics your box? (if possible, only with setkey)


More information about the freebsd-current mailing list