Date: Fri, 14 Nov 2014 16:28:41 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: freebsd-security@FreeBSD.org, current@FreeBSD.org, John-Mark Gurney <jmg@funkthat.com> Subject: Re: CFR: AES-GCM and OpenCrypto work review Message-ID: <54660389.9060409@yandex.ru> In-Reply-To: <54655257.8080705@yandex.ru> References: <20141108042300.GA24601@funkthat.com> <54655257.8080705@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --tfN0oppBAS2no0GJKJEj0DM2SNr8NICgn Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 14.11.2014 03:52, Andrey V. Elsukov wrote: > I tried your patch with my IPv4 forwarding test. When aesni module is > loaded and aes-cbc is used I see growing of `invalid outbound packets` > counter in `netstat -sp ipsec` output. And no packets are forwarded. > Also while testing I got a panic in aesni_encrypt_cbc(). >=20 > atal trap 9: general protection fault while in kernel mode > cpuid =3D 4; apic id =3D 04 > instruction pointer =3D 0x20:0xffffffff80d05c43 > stack pointer =3D 0x28:0xfffffe00003f7e70 > frame pointer =3D 0x28:0xfffffe00003f7eb0 > code segment =3D base 0x0, limit 0xfffff, type 0x1b > =3D DPL 0, pres 1, long 1, def32 0, gran 1 > processor eflags =3D interrupt enabled, resume, IOPL =3D 0 > current process =3D 12 (irq286: ix0:que 4) >=20 The full backtrace is here: http://paste.org.ru/?a3f8pw Screenshot from ddb: http://i.imgur.com/H5mbVi8.png?1 Also I noticed that on higher packet rate sometimes kernel reports about wrong source route attempts: kernel: attempted source route from 244.116.138.102 to 225.51.107.139 kernel: attempted source route from 19.120.181.94 to 238.17.74.139 kernel: attempted source route from 186.217.142.184 to 233.165.4.102 kernel: attempted source route from 134.41.78.248 to 231.122.242.144 probably there is mbuf's memory corruption somewhere. --=20 WBR, Andrey V. Elsukov --tfN0oppBAS2no0GJKJEj0DM2SNr8NICgn Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJUZgONAAoJEAHF6gQQyKF67yYIAISKqHBxmAfFipC3BBq97KkE hS+UanK9G9UTYh+4BOcxUs35eRV/gOtB1oVPe3OnlTHyvtLmDE0intWuDHLNQYlG fzhxPi3kREAE9K/EINBHguaWLq0PePtWj9HUyx4vhRcvEwjg1sBKgfdLGOILDDQY /1TyyMTa7B4Jnh6/8hfmjlRzbXGhAO2clhAA8S93oBSafyNsxs6hTn7M3UAzdrcp dcJbVjFMgmADwWLdHoIGDXz06fGN+BttdprTXKELg5iMsI8n5su2tipNfKpXUWF0 yYIWjw++MqjXCfURjTExdp6W8eDMgo9KWZKXWllVSciFQzc3erjRbVS/oieUzSE= =kMbH -----END PGP SIGNATURE----- --tfN0oppBAS2no0GJKJEj0DM2SNr8NICgn--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54660389.9060409>