IPSEC + long UDP causes reproducible crash [was: Crash in
ether_input]
Patrick Lamaiziere
patfbsd at davenulle.org
Thu Sep 10 08:32:33 UTC 2009
Le Thu, 10 Sep 2009 00:37:39 -0700,
Chris Cowart <ccowart at rescomp.berkeley.edu> a écrit :
Hello,
> A C program that sends long UDP messages is attached (there's a
> hardcoded remote IP in there). The program sends 2 UDP message of size
> 1960, sleeping for 3 seconds in between. Most of the time, on a clean
> boot, the first message is enough to cause a kernel panic. The second
> message almost always causes a kernel panic. I have never been able to
> run the program a second time without the system crashing.
>
> The exact point of the panic tends to vary. I've seen it frequently
> occurring in in_cksumdata, but it's all been really close to
> ip_output.
>
> I've been poking around in the debugger for hours over the past couple
> of days. I can't tell if the mbuf is being corrupted as it's passing
> through the crypto system or if it's happening in ip_fragment. I'm in
> a bit over my head in terms of trying to isolate and patch the bug. If
> anyone has the time to squash it or at least give me some pointers as
> to where I might look, that would help.
I'm not sure if it will help, but that reminds me this problem :
http://www.freebsd.org/cgi/query-pr.cgi?pr=124609
This is fixed in 7.1-STABLE and after.
More information about the freebsd-net
mailing list