Can not boot 7.0-BETA3 with IPSEC

Frank Behrens frank at
Thu Nov 22 01:14:19 PST 2007


I tried to use the new 7.0 version, but have some trouble. The PC has been running 5.x/6.x 
for years without problems, but my new kernel does not boot. A self compiled GENERIC 7.0-
BETA3 kernel runs without problems.

When I use the following kernel configuration
include         GENERIC

ident           GENIPSEC

makeoptions     DEBUG=-g                # Build kernel with gdb(1) debug symbols

options         INVARIANTS              # Enable calls of extra sanity checking
options         INVARIANT_SUPPORT       # Extra sanity checks of internal structures, required by INVARIANTS
options         WITNESS                 # Enable checks to detect deadlocks and cycles
options         WITNESS_SKIPSPIN        # Don't run witness on spinlocks for speed

options         IPSEC                   #IP security
device          crypto
#options         IPSEC_DEBUG             #debug for IP security
options         IPSEC_FILTERTUNNEL         #filter ipsec packets from a tunnel

device          puc
nodevice        uart
options         COM_MULTIPORT

the kernel boots until

FreeBSD 7.0-BETA3-200711220702 #1: Thu Nov 22 08:10:52 CET 2007
    frank at moon.behrens:/data3/sys/obj/data3/sources/fbsd7/sys/GENIPSEC
WARNING: WITNESS option enabled, expect reduced performance.
cryptosoft0: <software crypto> on motherboard
crypto: assign cryptosoft0 driver id 0, flags 100663296
Fast IPsec: Initialized Security Association Processing.
SMP: AP CPU #1 Launched!
cpu1 AP:
     ID: 0x01000000   VER: 0x00050014 LDR: 0x00000000 DFR: 0xffffffff
  lint0: 0x00010700 lint1: 0x00000400 TPR: 0x00000000 SVR: 0x000001ff
  timer: 0x000200ef therm: 0x00010000 err: 0x00010000 pcm: 0x00010000
WARNING: WITNESS option enabled, expect reduced performance.
Trying to mount root from ufs:/dev/ad6s1a
start_init: trying /sbin/init

Then the system seems to hang, no messages, no reaction on serial console.
With an different kernel including DDB I was not able to enter the kernel debugger, although I 
must admit that I never used DDB so maybe I made a mistake in this part.
To repeat: A self compiled GENERIC kernel boots fine, I tried single user 6.2 world and multi 
user 7.0 world. But I was never able to boot a 7.0 kernel with IPSEC.

Is my IPSEC kernel configuration ok?

How should I debug the problem, additional debug prints in IPSEC code?

Best regards,
Frank Behrens, Osterwieck, Germany
PGP-key 0x5B7C47ED on public servers available.

More information about the freebsd-current mailing list