[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Kernel crash in an IPSEC bridge 3.4-release
Hi,
The problem that I report, occurs on an i386 3.4-release and not on the
3.3-release. So it seem's to be a regression.
My network configuration is 2 parts of a subnet separated by an OpenBSD
bridge :
| Host 1 |-------------| OpenBSD bridge |-----------------| Host 2 |
1.1.1.4 1.1.1.1 1.1.1.10
non ciphered data ciphered data
In /etc/sysctl.conf, net.inet.ip.forwarding and net.inet6.ip6.forwarding are
enabled.
I apply the following commands to configure the OpenBSD IPSEC bridge :
# bridge creation
brconfig bridge0 add fxp0
brconfig bridge0 add xl0
brconfig bridge0 link2
# SA settings
ipsecadm flush
ipsecadm new esp -enc aes -auth sha1 -spi 1000 -src 1.1.1.4 -dst 1.1.1.10
-key 11223344556677889900112233445566 -authkey
1122334455667788990011223344556677889900
ipsecadm new esp -enc aes -auth sha1 -spi 1001 -src 1.1.1.10 -dst 1.1.1.4
-key 11223344556677889900112233445560 -authkey
1122334455667788990011223344556677889900
# SP settings
ipsecadm flow -addr 1.1.1.4/32 1.1.1.10/32 -out -proto esp -src 1.1.1.4 -dst
1.1.1.10 -require
ipsecadm flow -addr 1.1.1.10/32 1.1.1.4/32 -in -proto esp -src 1.1.1.4 -dst
1.1.1.10 -require
# bridge activation
brconfig bridge0 up
After this configuration, only few pings from Host 1 to Host 2 and from Host
2 to Host 1 leads systematiquely to a kernel crash in the OpenBSD bridge.
Log is the following :
kernel: page fault trap, code=0
Stopped at bridge_ipsec+0x392: andl iunmask(,%edx,4),%eax
ddb> trace
bridge_ipsec(1,2,14,d08fb300) at bridge_ipsec+0x392
bridge_filter(d0924c00,1,d08e8040,dadcde68,d08fb300) at bridge_filter+0x224
bridgeintr_frame(d0924c00,d08fd900,40db4c80,0) at bridgeintr_frame+0x1de
bridgeintr(10,10,0,dadb4c80,dadcdf24) at bridgeintr+0x3e
Bad frame pointer: 0xdadcdea8
ddb> ps
PID PPID PGRP UID S FLAGS WAIT COMMAND
25023 1 25023 0 3 0x4086 ttyin getty
9484 1 9484 0 3 0x4086 ttyin getty
7570 1 7570 0 3 0x4086 ttyin getty
32725 1 32725 0 3 0x4086 ttyin getty
28349 1 28349 0 3 0x4086 ttyin csh
20185 1 20185 0 3 0x84 select cron
917 1 917 0 3 0x84 select sshd
28507 1 28507 0 3 0x40184 select sendmail
4097 1 4097 0 3 0x184 select inetd
23658 19163 19163 73 3 0x184 select syslogd
19163 1 19163 0 3 0x84 netio syslogd
11 0 0 0 3 0x100204 usbevt usb1
10 0 0 0 3 0x100204 usbtsk usbtask
9 0 0 0 3 0x100204 usbevt usb0
8 0 0 0 3 0x100204 apmev apm0
7 0 0 0 3 0x100204 crypto_wa crypto
6 0 0 0 3 0x100204 aiodoned aiodoned
5 0 0 0 3 0x100204 syncer update
4 0 0 0 3 0x100204 cleaner cleaner
3 0 0 0 3 0x100204 reaper reaper
2 0 0 0 3 0x100204 pgdaemon pagedaemon
1 0 1 0 3 0x4084 wait init
0 -1 0 0 3 0x80204 scheduler swapper
Here is the result of ifconfig -a before the crash :
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
lo1: flags=8008<LOOPBACK,MULTICAST> mtu 33224
fxp0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
address: 00:04:23:11:57:14
media: Ethernet autoselect (none)
status: no carrier
inet 1.1.1.1 netmask 0xffffff00 broadcast 1.1.1.255
inet6 fe80::204:23ff:fe11:5714%fxp0 prefixlen 64 scopeid 0x1
xl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
address: 00:60:08:72:c8:fe
media: Ethernet autoselect (none)
status: no carrier
inet6 fe80::260:8ff:fe72:c8fe%xl0 prefixlen 64 scopeid 0x2
pflog0: flags=0<> mtu 33224
pfsync0: flags=0<> mtu 1896
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun0: flags=10<POINTOPOINT> mtu 3000
tun1: flags=10<POINTOPOINT> mtu 3000
enc0: flags=0<> mtu 1536
bridge0: flags=4041<UP,RUNNING,LINK2> mtu 1500
bridge1: flags=0<> mtu 1500
vlan0: flags=0<> mtu 1500
address: 00:00:00:00:00:00
vlan1: flags=0<> mtu 1500
address: 00:00:00:00:00:00
gre0: flags=9010<POINTOPOINT,LINK0,MULTICAST> mtu 1450
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
The dmesg is :
OpenBSD 3.4 (GENERIC) #18: Wed Sep 17 03:34:47 MDT 2003
deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium 4 ("GenuineIntel" 686-class) 1.60 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,A
CPI,MMX,FXSR,SIMD,SIMD2,SS,HTT,TM
real mem = 133738496 (130604K)
avail mem = 118059008 (115292K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 11/07/01, BIOS32 rev. 0 @ 0xfda90
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev. 2.1 @ 0xf0000/0x10000
pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xf7360/128 (6 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801BA LPC" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x600! 0xc8800/0x1800 0xe0000/0x1000
0xe8000/0x4000!
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Rage 128 Pro TF" rev 0x00
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x12
pci2 at ppb1 bus 2
fxp0 at pci2 dev 8 function 0 "Intel 82562" rev 0x03: irq 10, address
00:04:23:11:57:14
inphy0 at fxp0 phy 1: i82562ET 10/100 media interface, rev. 0
xl0 at pci2 dev 10 function 0 "3Com 3c905 100Base-TX" rev 0x00: irq 10
address 00:60:08:72:c8:fe
nsphy0 at xl0 phy 24: DP83840 10/100 media interface, rev. 1
pcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x12
pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x12: DMA, channel
0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <ST340016A>
wd0: 16-sector PIO, LBA, 38166MB, 16383 cyl, 16 head, 63 sec, 78165360
sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <LITEON, CD-ROM LTN486S, YKS4> SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x12: irq 5
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
"Intel 82801BA SMBus" rev 0x12 at pci0 dev 31 function 3 not configured
uhci1 at pci0 dev 31 function 4 "Intel 82801BA USB2" rev 0x12: irq 9
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
auich0 at pci0 dev 31 function 5 "Intel 82801BA AC97 Audio" rev 0x12: irq
10, ICH2 AC97
ac97: codec id 0x41445360 (Analog Devices AD1885)
ac97: codec features headphone, Analog Devices Phat Stereo
audio0 at auich0
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask c260 netmask c660 ttymask d6e2
pctr: user-level cycle counter enabled
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
Thanks in advance for your help.
Regis Hanna