IPSEC/FAST_IPSEC panic.

Gary Allan dragonfly at gallan.plus.com
Fri Apr 28 04:39:46 PDT 2006


Matthew Dillon wrote:
    I tested your config file between a FreeBSD-6.x and a DragonFly
    box and ICMP, UDP, and TCP seems to work.
    Could you explain the TCP timeout issue more?  Does TCP work initially
    and then fail at some point after the connection has been working for
    a whlie ?  I need to be able to duplicate the problem to track it down.
    It might also help to use tcpdump to observe the packet traffic at the
    point where the connection starts to fail and times out.
    tcpdump -s 4096 -vvv -i em0 -n -l port <port_you_are_testing_tcp_on>

						-Matt
I have been able to 100% reproduce the following panic when using IPSEC 
(3DES/SHA1 ESP no AH) between WinXP and DragonFly. From the WinXP 
machine ping and DNS work but attempting to SSH (PuTTY) into DragonFly 
always produces the panic.

panic: TCP header not in one mbuf: m->m_len 20
. ..
tcp_input(...)
esp4_input(...)
transport_processing_oncpu(...)
ip_input(...)
ip_input_handler(...)
netmsg_service_loop(...)
lwkt_exit()
Debugger("panic")
I have core dumps if anyone wants them. (Send me a direct email.)

Regards

Gary





More information about the Bugs mailing list