The following reply was made to PR kernel/6554; it has been noted by GNATS.
From: Matthieu Herrb <[email protected]> To: [email protected] Cc: [email protected] Subject: Re: kernel/6554 IPSEC + GRE + carp crash and lockup Date: Sun, 20 Feb 2011 18:42:34 +0100 carp is not needed. IPSec + gre is enough to reproduce the issue. Here is a setup that craches within a minute or two : == Configurations == * 2 machines on the same lan: north 192.168.1.1 south 192.168.1.2 * set ipsec=YES in /etc/rc.conf.local on both * set net.inet.gre.allow=1 in /etc/sysctl.conf on both north /etc/ipsec.conf ------- cut -------- north=192.168.1.1 south=192.168.1.2 flow esp out from $north to $south flow esp in from $south to $north esp transport from $north to $south \ spi 0xf0000001 \ auth hmac-md5 \ enc des \ authkey 0x10000000000000000000000000000000 \ enckey 0x0000000000000000 esp transport from $south to $north \ spi 0xf0000002 \ auth hmac-md5 \ enc des \ authkey 0x20000000000000000000000000000000 \ enckey 0x0000000000000000 ------- cut -------- /etc/hostname.gre0 ------- cut -------- 172.16.1.1 172.16.0.1 netmask 0xffffffff link0 up tunnel 192.168.1.1 192.168.1.2 description "tunnel ipsec" ------- cut -------- south /etc/ipsec.conf ------- cut -------- north=192.168.1.1 south=192.168.1.2 flow esp in from $north to $south flow esp out from $south to $north esp transport from $north to $south \ spi 0xf0000001 \ auth hmac-md5 \ enc des \ authkey 0x10000000000000000000000000000000 \ enckey 0x0000000000000000 esp transport from $south to $north \ spi 0xf0000002 \ auth hmac-md5 \ enc des \ authkey 0x20000000000000000000000000000000 \ enckey 0x0000000000000000 ------- cut -------- /etc/hostname.gre0 ------- cut -------- 172.16.0.1 172.16.1.1 netmask 0xffffffff link0 up tunnel 192.168.1.2 192.168.31.1 description "tunnel ipsec" ------- cut -------- == How to repeat the crash on south == on north run: nc -k 3300 < /dev/null on south run: while true; do date cat /bsd | nc 172.16.1.1 3030 done -- Matthieu Herrb
