From owner-freebsd-net Mon Apr 23 12: 5:48 2001 Delivered-To: freebsd-net@freebsd.org Received: from mine.kame.net (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id BABB337B423 for ; Mon, 23 Apr 2001 12:05:36 -0700 (PDT) (envelope-from sakane@ydc.co.jp) Received: from localhost ([3ffe:501:4819:1000:260:1dff:fe21:f766]) by mine.kame.net (8.11.1/3.7W) with ESMTP id f3NJKuY22747; Tue, 24 Apr 2001 04:20:56 +0900 (JST) To: snap-users@kame.net Cc: freebsd-net@freebsd.org Subject: Re: (KAME-snap 4515) Re: KAME SPD bug, please try and confirm ... In-Reply-To: Your message of "Sun, 22 Apr 2001 05:15:33 +0000" <3AE268F5.B48CC2B2@aurora.regenstrief.org> References: <3AE268F5.B48CC2B2@aurora.regenstrief.org> X-Mailer: Cue version 0.6 (010413-1707/sakane) Mime-Version: 1.0 Content-Type: Multipart/Mixed; boundary="NextPart-20010424040326-0118601" Message-Id: <20010424040539N.sakane@ydc.co.jp> Date: Tue, 24 Apr 2001 04:05:39 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 313 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --NextPart-20010424040326-0118601 Content-Type: Text/Plain; charset=us-ascii > > sorry that we did not make any useful responses, some of the kame guys > > (mainly sakane) are trying to repeat the symptom. > I appreciate that very much! I have tested, but I couldn't have any error. I made the following network. And I executed flooding ping to A from both B and C. All of hosts seemed quite stable. Of course, these ICMP packet were encapsulated by ESP. Actually, I couldn't prepare three FreeBSD machine. A and C are FreeBSD4.2-RELEASE, and B is NetBSD1.5. All of them are *WITHOUT* KAME patch. A ---+--- B | +--- C Host A is powerless machine which is pentium 100MHz. just in case, I attach these configuration and results into this mail. These are: net-A: first configuration on the host A. net-A2: configuration on the host A after host C added. net-B: configuration on the host B. net-C: configuration on the host C. host-A: results of ifconfig, netstat on the host A. host-B: results of ifconfig, netstat on the host B. host-C: results of ifconfig, netstat on the host C. > > i ran a small test with slightly different setup on both NetBSD > > 1.5.1_BETA and NetBSD 1.5 + KAME SNAP 2001042x, and the problem did > > not repeat. > Hmm, may be it's a matter of FreeBSD and does not occur with NetBSD? > > is the following description correct? > > - FreeBSD 4.2-RELEASE is not affected > yes, it is affected with kernel panic (under high loads only ...) How was "high loads" ? I did flooding ping invoked "-f -s 1000" from both B and C. But kernel panic didn't happened. I haven't checked the following case. But I think the issue exists in a other place. > > - FreeBDS 4.2-RELEASE + KAME SNAP 200103xx has problem, but no kernel > > panic > right, shows the described problems but has no such kernel panics > > - FreeBSD 4.2-RELEASE + KAME SNAP 200104xx has problem, with kernel > > panic > actually I should test that. Will do tomorrow. /Shoichi Sakane @ KAME project/ --NextPart-20010424040326-0118601 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="net-A" # first host A's configuration. ifconfig ep0 inet 172.16.5.1 netmask 0xffffff00 ifconfig ep0 inet alias 10.10.10.1 netmask 0xffffff00 ifconfig lo0 inet alias 10.99.10.1 netmask 0xffffff00 route add -net 10.99.20.0/24 10.99.10.1 setkey -c < mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 inet 10.99.10.1 netmask 0xffffff00 ep0: flags=8843 mtu 1500 inet 172.16.5.1 netmask 0xffffff00 broadcast 172.16.5.255 inet6 fe80::260:8ff:fe89:b029%ep0 prefixlen 64 scopeid 0x9 inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255 ether 00:60:08:89:b0:29 media: 10baseT/UTP supported media: 10base2/BNC 10baseT/UTP 10base5/AUI # netstat -nrf inet Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire 10.10.10/24 link#9 UC 0 0 ep0 => 10.10.10.1 0:60:8:89:b0:29 UHLW 0 2 lo0 10.10.10.2 0:0:f4:5f:40:61 UHLW 1 7 ep0 760 10.10.10.3 0:0:f4:42:b5:a0 UHLW 1 1 ep0 777 10.99.10.1 10.99.10.1 UH 2 0 lo0 10.99.20/24 10.99.10.1 UGSc 0 496952 lo0 10.99.30/24 10.99.10.1 UGSc 0 681251 lo0 127.0.0.1 127.0.0.1 UH 0 0 lo0 172.16.5/24 link#9 UC 0 0 ep0 => # netstat -p ipsec ipsec: 1178203 inbound packets processed successfully 0 inbound packets violated process security policy 1 inbound packet with no SA available 0 invalid inbound packets 0 inbound packets failed due to insufficient memory 0 inbound packets failed getting SPI 0 inbound packets failed on AH replay check 0 inbound packets failed on ESP replay check 0 inbound packets considered authentic 0 inbound packets failed on authentication ESP input histogram: simple: 1178203 1178203 outbound packets processed successfully 0 outbound packets violated process security policy 0 outbound packets with no SA available 0 invalid outbound packets 0 outbound packets failed due to insufficient memory 0 outbound packets with no route ESP output histogram: simple: 1178203 --NextPart-20010424040326-0118601 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="host-B" ### host B ### OS: NetBSD1.5 ### the results of ifconfig, netstat. # ifconfig -auA ne2: flags=8863 mtu 1500 address: 00:00:f4:5f:40:61 media: Ethernet autoselect (10baseT) inet 10.10.10.2 netmask 0xffffff00 broadcast 10.10.10.255 inet alias 172.16.5.2 netmask 0xffffff00 broadcast 172.16.5.255 inet6 fe80::200:f4ff:fe5f:4061%ne2 prefixlen 64 scopeid 0x2 lo0: flags=8009 mtu 33228 inet 127.0.0.1 netmask 0xff000000 inet alias 10.99.20.1 netmask 0xffffff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 # netstat -nrf inet Routing tables Internet: Destination Gateway Flags Refs Use Mtu Interface 0&0x18 10.99.20.1 UGS 3 499038 33228 lo0 10.10.10/24 link#2 UC 1 0 1500 ne2 10.10.10.1 00:60:08:89:b0:29 UHL 1 6 1500 ne2 10.99.20.1 10.99.20.1 UH 1 4 33228 lo0 127 127.0.0.1 UGRS 0 0 33228 lo0 127.0.0.1 127.0.0.1 UH 1 0 33228 lo0 172.16.5/24 link#2 UC 0 0 1500 ne2 # netstat -p ipsec ipsec: 496825 inbound packets processed successfully 0 inbound packets violated process security policy 0 inbound packets with no SA available 0 invalid inbound packets 0 inbound packets failed due to insufficient memory 0 inbound packets failed getting SPI 0 inbound packets failed on AH replay check 0 inbound packets failed on ESP replay check 0 inbound packets considered authentic 0 inbound packets failed on authentication ESP input histogram: null: 496825 499035 outbound packets processed successfully 0 outbound packets violated process security policy 0 outbound packets with no SA available 0 invalid outbound packets 0 outbound packets failed due to insufficient memory 0 outbound packets with no route ESP output histogram: null: 499035 --NextPart-20010424040326-0118601 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="host-C" ### host C ### OS: FreeBSD4.2-RELEASE ### the results of ifconfig, netstat. # ifconfig -au lo0: flags=8049 mtu 16384 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 inet 10.99.30.1 netmask 0xffffff00 ed1: flags=8843 mtu 1500 inet 172.16.5.3 netmask 0xfffff00 broadcast 252.16.5.255 inet6 fe80::200:f4ff:fe42:b5a0%ed1 prefixlen 64 scopeid 0xa inet 10.10.10.3 netmask 0xffffff00 broadcast 10.10.10.255 ether 00:00:f4:42:b5:a0 # netstat -nrf inet Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire 10.10.10/24 link#10 UC 0 0 ed1 => 10.10.10.1 0:60:8:89:b0:29 UHLW 1 1 ed1 382 10.99.10/24 10.99.30.1 UGSc 0 681290 lo0 10.99.30.1 10.99.30.1 UH 1 0 lo0 12.16.5&0xfffff00 link#10 UC 0 0 ed1 => 127.0.0.1 127.0.0.1 UH 0 0 lo0 # netstat -p ipsec ipsec: 681184 inbound packets processed successfully 0 inbound packets violated process security policy 0 inbound packets with no SA available 0 invalid inbound packets 0 inbound packets failed due to insufficient memory 0 inbound packets failed getting SPI 0 inbound packets failed on AH replay check 0 inbound packets failed on ESP replay check 0 inbound packets considered authentic 0 inbound packets failed on authentication ESP input histogram: simple: 681184 681290 outbound packets processed successfully 0 outbound packets violated process security policy 0 outbound packets with no SA available 0 invalid outbound packets 0 outbound packets failed due to insufficient memory 0 outbound packets with no route ESP output histogram: simple: 681290 --NextPart-20010424040326-0118601-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message