Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 17 May 2017 14:39:36 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 219356] Using AES-GCM with IPSEC with aesni module loaded panics FreeBSD 11 stable
Message-ID:  <bug-219356-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219356

            Bug ID: 219356
           Summary: Using AES-GCM with IPSEC with aesni module loaded
                    panics FreeBSD 11 stable
           Product: Base System
           Version: 11.0-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: lab@gta.com

Created attachment 182666
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D182666&action=
=3Dedit
Core text file from panic

Using iperf to pass data between two hosts behind two FreeBSD gateways that
have an IPSec tunnel between them will panic gateway. The gateway that pani=
cs
os the one doing most of the decryption (gateway in front of iperf running =
in
server mode). I used iperf in UDP mode. Not sure if that is needed. If I use
11.0-RELEASE-p9 I do not see this issue.=20

I used strongswan to create IPSec tunnel between gateways. If duplicating, =
make
sure GCM option is turned on for strongswan.

Setkey -D shows:
172.16.72.71 172.16.73.67
        esp mode=3Dtunnel spi=3D3420721730(0xcbe41242) reqid=3D1(0x00000001)
        E: aes-gcm-16  83cc9338 e415ad69 340ecec3 1e698f52 c2b2dc8e 19687c70
192200ca 9c7564a8
 27bba7d2
        seq=3D0x00000001 replay=3D0 flags=3D0x00000000 state=3Dmature
        created: May 17 10:37:56 2017   current: May 17 10:38:01 2017
        diff: 5(s)      hard: 3600(s)   soft: 2935(s)
        last: May 17 10:37:57 2017      hard: 0(s)      soft: 0(s)
        current: 140(bytes)     hard: 0(bytes)  soft: 0(bytes)
        allocated: 1    hard: 0 soft: 0
        sadb_seq=3D1 pid=3D808 refcnt=3D1
172.16.73.67 172.16.72.71
        esp mode=3Dtunnel spi=3D3464455471(0xce7f652f) reqid=3D1(0x00000001)
        E: aes-gcm-16  032a2b86 1f878f00 b7b09d0e f95233e1 14af88a4 f5e3ad11
380a9fa7 8afc3a01
 c72438bc
        seq=3D0x00000000 replay=3D4 flags=3D0x00000000 state=3Dmature
        created: May 17 10:37:56 2017   current: May 17 10:38:01 2017
        diff: 5(s)      hard: 3600(s)   soft: 2530(s)
        last: May 17 10:37:57 2017      hard: 0(s)      soft: 0(s)
        current: 84(bytes)      hard: 0(bytes)  soft: 0(bytes)
        allocated: 1    hard: 0 soft: 0
        sadb_seq=3D0 pid=3D808 refcnt=3D1

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219356-8>