Racoon(ipsec-tools) enters sbwait state or 100% CPU
utilization quite often on RELENG_1_2
VANHULLEBUS Yvan
vanhu_bsd at zeninc.net
Mon Aug 20 01:27:32 PDT 2007
On Sun, Aug 19, 2007 at 12:08:49PM +0900, George V. Neville-Neil wrote:
[....]
> Please file a PR and assign it to me.
>
> I read your kernel config, and it seems you were using FAST_IPSEC, and
> not Kame IPsec, so I'm wondering how relevant Yvan's comment might
> be. I think we should look a bit more deeply at this.
I tracked down the problem a few years ago, on FreeBSD 4.11, with
KAME's IPSec stack.
But the problem was not really in the stack itself, but rather in
socket processing (in other words: not in netkey/*, but in
kern/uipc_socket2.c).
And as both IPSec stacks shares some PFKey constraints (for example
one message per entry when dumping SADB / SPD), I guess the same
problem existed in FAST_IPSEC.
But when I had some time a few months ago to start filling a PR for
the problem, I had a look at FreeBSD6 source code, and I noticed that
sbspace macro (which was a quite important part of the problem) has
changed, and I didn't have the required setup to do the test again, so
I just can't be really sure the problem still exists...
But the reported problem really has similar symptoms.....
Yvan.
--
NETASQ
http://www.netasq.com
More information about the freebsd-net
mailing list