The pfsync man page says:
An alternative destination address for pfsync packets can be specified
using the syncpeer keyword. This can be used in combination with
ipsec(4) to protect the synchronisation traffic. In such a
configuration, the syncdev should be set to the enc(4) interface, as this
is where the traffic arrives when it is decapsulated, e.g.:
# ifconfig pfsync0 syncpeer 10.0.0.2 syncdev enc0
Trying to use this I keep running into kernel panics and crashes.
I could reproduce this on i386 with real hardware running 5.6-stable
and in qemu running -current
Recipe with two boxes A and B:
Box A (10.197.84.109)
Copy B's /etc/isakmpd/local.pub to A at /etc/isakmpd/pubkeys/ipv4/10.197.84.141
# cat /etc/ipsec.conf
ike esp from 10.197.84.109 to 10.197.84.141
# isakmpd -K
# ipsecctl -f /etc/ipsec.conf
Box B (10.197.84.141)
Copy A's /etc/isakmpd/local.pub to B at /etc/isakmpd/pubkeys/ipv4/10.197.84.109
# cat /etc/ipsec.conf
ike esp from 10.197.84.141 to 10.197.84.109
# isakmpd -K
# ipsecctl -f /etc/ipsec.conf
Once SA's are set up (as per ipsecctl -sa):
Box A:
# ifconfig pfsync0 syncpeer 10.197.84.141 syncdev enc0 up
Box B:
# ifconfig pfsync0 syncpeer 10.197.84.109 syncdev enc0 up
Both boxes crash almost immediately.
Traces from crashes vary:
panic: pool_do_get: mbpl free list modified: page 0xd5ecd000; item addr
0xd5ecdb00; offset 0x0=0x755d6db6 != 0x9dc8198d
Stopped at Debugger+0x7: leave
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb> trace
Debugger(d09e7bd2,f5395b60,d09c1ce0,f5395b60,f5395bf8) at Debugger+0x7
panic(d09c1ce0,d09c1eff,d09c36c2,d5ecd000,d5ecdb00) at panic+0x71
pool_do_get(d0ba4e20,2,f5395be0,f5395bdc,40) at pool_do_get+0x26c
pool_get(d0ba4e20,2,ca0030,0,f0020000) at pool_get+0x116
m_get(2,1,2,d0399e40,d0b2b090) at m_get+0x29
m_inject(d5ecd800,ac,20,2,d5ecda5a) at m_inject+0xa8
esp_output(d5ecd800,d181f000,0,14,9) at esp_output+0x3ef
ipsp_process_packet(d5ecda00,d181f000,2,0,0) at ipsp_process_packet+0x277
ip_output(d5ecda00,0,0,2,d17a631c) at ip_output+0xc8e
pfsync_sendout(40,f5395eb0,d03c2060,f5395ea4,d0203009) at pfsync_sendout+0x461
pfsync_timeout(d17a6000,f5395ee0,d03a8df6,1d,40) at pfsync_timeout+0x1a
softclock(0,f5395f00,d0869ea1,d0bc9cac,d5e02450) at softclock+0x225
softintr_dispatch(0) at softintr_dispatch+0x5a
Xsoftclock() at Xsoftclock+0x12
--- interrupt ---
cpu_idle_cycle(d0c5af40) at cpu_idle_cycle+0xf
Bad frame pointer: 0xd0d22e58
uvm_fault(0xd0b7c5a0, 0xd358c000, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at m_free+0x17: movswl 0x10(%ebx),%eax
ddb> trace
m_free(d358cc0d,0,0,d5cb0b00,d16b9800) at m_free+0x17
m_freem(d5cb0b00,d6,0,da,8) at m_freem+0x18
vio_txeof(d16b98a8,d0203009,90,f53a1edc,d03ceffc) at vio_txeof+0xff
vio_start(d16b9990,d180bc00,d5e3203c,f53a1ec8,d16b8fe0) at vio_start+0x2f
nettxintr(0,0,0,0,d04a62a1) at nettxintr+0x47
softintr_dispatch(1) at softintr_dispatch+0x5a
Xsoftnet() at Xsoftnet+0x12
--- interrupt ---
Bad frame pointer: 0xd0493aa0
uvm_fault(0xd0b9e160, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at vio_rxeof+0x1b1: movzwl 0xa(%edi),%eax
ddb> trace
vio_rxeof(d16b9800,0,d16f4300,f5395e18,0) at vio_rxeof+0x1b1
vio_rx_intr(d16b9834,d16dc380,2000,804,2) at vio_rx_intr+0x1e
virtio_vq_intr(d16f4300,c040,13,f5395e54,d0203009) at virtio_vq_intr+0x79
virtio_pci_intr(d16f4300,d16d49c0) at virtio_pci_intr+0x3d
Xintr_ioapic2() at Xintr_ioapic2+0x65
--- interrupt ---
splx(30,f5395f04,d056aa7a,d0b39008,d0201fee) at splx+0x20
mtx_leave(d0b39008,d0201fee,f5395f08,0,20000000) at mtx_leave+0x29
softintr_dispatch(0) at softintr_dispatch+0x5a
Xsoftclock() at Xsoftclock+0x12
--- interrupt ---
cpu_idle_cycle(d0c5af40) at cpu_idle_cycle+0xf
Bad frame pointer: 0xd0d22e58
uvm_fault(0xd0b9e160, 0x853e6000, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at m_free+0x17: movswl 0x10(%ebx),%eax
ddb> trace
m_free(853e65f5,d5e40c40,0,d5ecdd00,d16b9800) at m_free+0x17
m_freem(d5ecdd00,d2,0,12a,8) at m_freem+0x18
vio_txeof(d16b98a8,d17a6000,d5ecda00,0,b8) at vio_txeof+0xff
vio_tx_intr(d16b98a8,d0bc9ca0,f5395ea4,d037ccba,40) at vio_tx_intr+0x1c
vio_txtick(d16b98a8,f5395ee0,d03a8df6,1d,40) at vio_txtick+0x25
softclock(0,f5395f00,d0869ea1,d0bc9cac,d5ea6170) at softclock+0x225
softintr_dispatch(0) at softintr_dispatch+0x5a
Xsoftclock() at Xsoftclock+0x12
--- interrupt ---
cpu_idle_cycle(d0c5af40) at cpu_idle_cycle+0xf
Bad frame pointer: 0xd0d22e58
I've tried to figure this out for a bit but didn't get anywhere.
Can someone help?
