Date: Fri, 14 Nov 2014 11:39:11 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: "Andrey V. Elsukov" <bu7cher@yandex.ru> Cc: freebsd-security@FreeBSD.org, current@FreeBSD.org Subject: Re: CFR: AES-GCM and OpenCrypto work review Message-ID: <20141114193911.GR24601@funkthat.com> In-Reply-To: <54660389.9060409@yandex.ru> References: <20141108042300.GA24601@funkthat.com> <54655257.8080705@yandex.ru> <54660389.9060409@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrey V. Elsukov wrote this message on Fri, Nov 14, 2014 at 16:28 +0300: > On 14.11.2014 03:52, Andrey V. Elsukov wrote: > > I tried your patch with my IPv4 forwarding test. When aesni module is > > loaded and aes-cbc is used I see growing of `invalid outbound packets` > > counter in `netstat -sp ipsec` output. And no packets are forwarded. > > Also while testing I got a panic in aesni_encrypt_cbc(). > > > > atal trap 9: general protection fault while in kernel mode > > cpuid = 4; apic id = 04 > > instruction pointer = 0x20:0xffffffff80d05c43 > > stack pointer = 0x28:0xfffffe00003f7e70 > > frame pointer = 0x28:0xfffffe00003f7eb0 > > code segment = base 0x0, limit 0xfffff, type 0x1b > > = DPL 0, pres 1, long 1, def32 0, gran 1 > > processor eflags = interrupt enabled, resume, IOPL = 0 > > current process = 12 (irq286: ix0:que 4) > > > > The full backtrace is here: http://paste.org.ru/?a3f8pw > Screenshot from ddb: http://i.imgur.com/H5mbVi8.png?1 > Also I noticed that on higher packet rate sometimes kernel reports about > wrong source route attempts: > > kernel: attempted source route from 244.116.138.102 to 225.51.107.139 > kernel: attempted source route from 19.120.181.94 to 238.17.74.139 > kernel: attempted source route from 186.217.142.184 to 233.165.4.102 > kernel: attempted source route from 134.41.78.248 to 231.122.242.144 > > probably there is mbuf's memory corruption somewhere. Well.. It looks like IPSEC is still broken in head... I can get pings to pass, but now on IPv4 transport mode, I can't get syn's to be sent out... I see the output packet in the protocol stats, but no packets go out the interface... If you could provide me w/ a simple set of spdadd commands, or the dumps from the machine, that'd be good... Hmm.... I just ran ping -f so I could generate some traffic, and managed to get a: panic: System call sendto returing with kernel FPU ctx leaked I'll look into this... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20141114193911.GR24601>