Can not boot 7.0-BETA3 with IPSEC
Frank Behrens
frank at pinky.sax.de
Thu Nov 22 01:14:19 PST 2007
Hi,
I tried to use the new 7.0 version, but have some trouble. The PC has been running 5.x/6.x
for years without problems, but my new kernel does not boot. A self compiled GENERIC 7.0-
BETA3 kernel runs without problems.
When I use the following kernel configuration
-----------
include GENERIC
ident GENIPSEC
makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols
options INVARIANTS # Enable calls of extra sanity checking
options INVARIANT_SUPPORT # Extra sanity checks of internal structures, required by INVARIANTS
options WITNESS # Enable checks to detect deadlocks and cycles
options WITNESS_SKIPSPIN # Don't run witness on spinlocks for speed
options IPSEC #IP security
device crypto
#options IPSEC_DEBUG #debug for IP security
options IPSEC_FILTERTUNNEL #filter ipsec packets from a tunnel
device puc
nodevice uart
options COM_MULTIPORT
----------
the kernel boots until
FreeBSD 7.0-BETA3-200711220702 #1: Thu Nov 22 08:10:52 CET 2007
frank at moon.behrens:/data3/sys/obj/data3/sources/fbsd7/sys/GENIPSEC
WARNING: WITNESS option enabled, expect reduced performance.
...
cryptosoft0: <software crypto> on motherboard
crypto: assign cryptosoft0 driver id 0, flags 100663296
...
Fast IPsec: Initialized Security Association Processing.
...
SMP: AP CPU #1 Launched!
cpu1 AP:
ID: 0x01000000 VER: 0x00050014 LDR: 0x00000000 DFR: 0xffffffff
lint0: 0x00010700 lint1: 0x00000400 TPR: 0x00000000 SVR: 0x000001ff
timer: 0x000200ef therm: 0x00010000 err: 0x00010000 pcm: 0x00010000
WARNING: WITNESS option enabled, expect reduced performance.
Trying to mount root from ufs:/dev/ad6s1a
start_init: trying /sbin/init
Then the system seems to hang, no messages, no reaction on serial console.
With an different kernel including DDB I was not able to enter the kernel debugger, although I
must admit that I never used DDB so maybe I made a mistake in this part.
To repeat: A self compiled GENERIC kernel boots fine, I tried single user 6.2 world and multi
user 7.0 world. But I was never able to boot a 7.0 kernel with IPSEC.
Is my IPSEC kernel configuration ok?
How should I debug the problem, additional debug prints in IPSEC code?
Best regards,
Frank
--
Frank Behrens, Osterwieck, Germany
PGP-key 0x5B7C47ED on public servers available.
More information about the freebsd-current
mailing list