as discussed, a fix for this has been committed in src/sys/net/if_pfsync.c r1.210
thank you for the good bug report. your recipe was easy to follow. On 15 Oct 2014, at 9:43, Stefan Sperling <[email protected]> wrote: > The pfsync man page says: > > An alternative destination address for pfsync packets can be specified > using the syncpeer keyword. This can be used in combination with > ipsec(4) to protect the synchronisation traffic. In such a > configuration, the syncdev should be set to the enc(4) interface, as this > is where the traffic arrives when it is decapsulated, e.g.: > > # ifconfig pfsync0 syncpeer 10.0.0.2 syncdev enc0 > > Trying to use this I keep running into kernel panics and crashes. > I could reproduce this on i386 with real hardware running 5.6-stable > and in qemu running -current > > Recipe with two boxes A and B: > > Box A (10.197.84.109) > > Copy B's /etc/isakmpd/local.pub to A at > /etc/isakmpd/pubkeys/ipv4/10.197.84.141 > # cat /etc/ipsec.conf > > ike esp from 10.197.84.109 to 10.197.84.141 > # isakmpd -K > # ipsecctl -f /etc/ipsec.conf > > Box B (10.197.84.141) > > Copy A's /etc/isakmpd/local.pub to B at > /etc/isakmpd/pubkeys/ipv4/10.197.84.109 > # cat /etc/ipsec.conf > > ike esp from 10.197.84.141 to 10.197.84.109 > # isakmpd -K > # ipsecctl -f /etc/ipsec.conf > > Once SA's are set up (as per ipsecctl -sa): > > Box A: > # ifconfig pfsync0 syncpeer 10.197.84.141 syncdev enc0 up > > Box B: > # ifconfig pfsync0 syncpeer 10.197.84.109 syncdev enc0 up > > Both boxes crash almost immediately. > > Traces from crashes vary: > > panic: pool_do_get: mbpl free list modified: page 0xd5ecd000; item addr > 0xd5ecdb00; offset 0x0=0x755d6db6 != 0x9dc8198d > Stopped at Debugger+0x7: leave > RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! > DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! > ddb> trace > Debugger(d09e7bd2,f5395b60,d09c1ce0,f5395b60,f5395bf8) at Debugger+0x7 > panic(d09c1ce0,d09c1eff,d09c36c2,d5ecd000,d5ecdb00) at panic+0x71 > pool_do_get(d0ba4e20,2,f5395be0,f5395bdc,40) at pool_do_get+0x26c > pool_get(d0ba4e20,2,ca0030,0,f0020000) at pool_get+0x116 > m_get(2,1,2,d0399e40,d0b2b090) at m_get+0x29 > m_inject(d5ecd800,ac,20,2,d5ecda5a) at m_inject+0xa8 > esp_output(d5ecd800,d181f000,0,14,9) at esp_output+0x3ef > ipsp_process_packet(d5ecda00,d181f000,2,0,0) at ipsp_process_packet+0x277 > ip_output(d5ecda00,0,0,2,d17a631c) at ip_output+0xc8e > pfsync_sendout(40,f5395eb0,d03c2060,f5395ea4,d0203009) at pfsync_sendout+0x461 > pfsync_timeout(d17a6000,f5395ee0,d03a8df6,1d,40) at pfsync_timeout+0x1a > softclock(0,f5395f00,d0869ea1,d0bc9cac,d5e02450) at softclock+0x225 > softintr_dispatch(0) at softintr_dispatch+0x5a > Xsoftclock() at Xsoftclock+0x12 > --- interrupt --- > cpu_idle_cycle(d0c5af40) at cpu_idle_cycle+0xf > Bad frame pointer: 0xd0d22e58 > > > uvm_fault(0xd0b7c5a0, 0xd358c000, 0, 1) -> e > kernel: page fault trap, code=0 > Stopped at m_free+0x17: movswl 0x10(%ebx),%eax > ddb> trace > m_free(d358cc0d,0,0,d5cb0b00,d16b9800) at m_free+0x17 > m_freem(d5cb0b00,d6,0,da,8) at m_freem+0x18 > vio_txeof(d16b98a8,d0203009,90,f53a1edc,d03ceffc) at vio_txeof+0xff > vio_start(d16b9990,d180bc00,d5e3203c,f53a1ec8,d16b8fe0) at vio_start+0x2f > nettxintr(0,0,0,0,d04a62a1) at nettxintr+0x47 > softintr_dispatch(1) at softintr_dispatch+0x5a > Xsoftnet() at Xsoftnet+0x12 > --- interrupt --- > Bad frame pointer: 0xd0493aa0 > > > > uvm_fault(0xd0b9e160, 0x0, 0, 1) -> e > kernel: page fault trap, code=0 > Stopped at vio_rxeof+0x1b1: movzwl 0xa(%edi),%eax > ddb> trace > vio_rxeof(d16b9800,0,d16f4300,f5395e18,0) at vio_rxeof+0x1b1 > vio_rx_intr(d16b9834,d16dc380,2000,804,2) at vio_rx_intr+0x1e > virtio_vq_intr(d16f4300,c040,13,f5395e54,d0203009) at virtio_vq_intr+0x79 > virtio_pci_intr(d16f4300,d16d49c0) at virtio_pci_intr+0x3d > Xintr_ioapic2() at Xintr_ioapic2+0x65 > --- interrupt --- > splx(30,f5395f04,d056aa7a,d0b39008,d0201fee) at splx+0x20 > mtx_leave(d0b39008,d0201fee,f5395f08,0,20000000) at mtx_leave+0x29 > softintr_dispatch(0) at softintr_dispatch+0x5a > Xsoftclock() at Xsoftclock+0x12 > --- interrupt --- > cpu_idle_cycle(d0c5af40) at cpu_idle_cycle+0xf > Bad frame pointer: 0xd0d22e58 > > > > uvm_fault(0xd0b9e160, 0x853e6000, 0, 1) -> e > kernel: page fault trap, code=0 > Stopped at m_free+0x17: movswl 0x10(%ebx),%eax > ddb> trace > m_free(853e65f5,d5e40c40,0,d5ecdd00,d16b9800) at m_free+0x17 > m_freem(d5ecdd00,d2,0,12a,8) at m_freem+0x18 > vio_txeof(d16b98a8,d17a6000,d5ecda00,0,b8) at vio_txeof+0xff > vio_tx_intr(d16b98a8,d0bc9ca0,f5395ea4,d037ccba,40) at vio_tx_intr+0x1c > vio_txtick(d16b98a8,f5395ee0,d03a8df6,1d,40) at vio_txtick+0x25 > softclock(0,f5395f00,d0869ea1,d0bc9cac,d5ea6170) at softclock+0x225 > softintr_dispatch(0) at softintr_dispatch+0x5a > Xsoftclock() at Xsoftclock+0x12 > --- interrupt --- > cpu_idle_cycle(d0c5af40) at cpu_idle_cycle+0xf > Bad frame pointer: 0xd0d22e58 > > I've tried to figure this out for a bit but didn't get anywhere. > Can someone help? >
