Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 13 Jan 2006 19:00:08 +0200
From:      Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   kern/91760: FAST_IPSEC stops system under high traffic
Message-ID:  <20060113170008.GA883@pm513-1.comsys.ntu-kpi.kiev.ua>
Resent-Message-ID: <200601131710.k0DHA4SC096676@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         91760
>Category:       kern
>Synopsis:       FAST_IPSEC stops system under high traffic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 13 17:10:03 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Andrey Simonenko
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
>Environment:

FreeBSD 6.0-STABLE i386, CVSup'ed today

>Description:

I have two FreeBSD 6.0-STABLE systems: one is gateway another
one is my computer (both are in the same 100M LAN and gateway
is connected to another 100M LAN).  On both systems FAST_IPSEC
is used with manual keys and with few SPD AH-transport and
AH-tunnel.  IPsec policy is used in transport mode between
my computer and gateway and in tunnel mode between my
computer and gateway, when packet is not for gateway (for the
rest of the world).

I removed IP Firewall from the kernel to make my tests
more clear.

If I download something big from gateway to my computer
or when I download something big from another LAN via gateway
to my computer, then gateway or my computer stops and
does not responds (ping does not work and console also
does not work).  I got the same result if I run something
which outputs a lot to stdout via ssh.

There is no panic, the system simply does not respond
(via ping or via console).

Without FAST_IPSEC everything work without problems.

Also with IPSEC, IPSEC_ESP and the same configuration my
systems do not have any problems.

Having done some tests I'm almost sure that FAST_IPSEC
causes this problem.

>How-To-Repeat:

In my environment I can reproduce this problem.

>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060113170008.GA883>