FreeBSD 7.0BETA2 freezes when using SCTP and IPSec

Dear all,

I'm experiencing problems when sending SCTP-traffic between two hosts
over a transport-mode IPSec-connection on FreeBSD 7.0BETA2.
The setup is very low-level: a listening server and a client sending one
line of text to the server; connection is secured with setkey, using
hmac-md5 for AH and triple DES for ESP.
On my 7.0Beta2 traffic which is only authenticated with AH is
trouble-free. Once using ESP to encrypt the traffic the sending system
(client) freezes. A "panic: double fault" is displayed on the client's
console and the core is dumped. Error message:

Fatal double fault:
eip = 0xc07a4912
esp = 0xcbd44ffc
ebp = 0xcbd45018

A strange issue is that only the sending side is affected. If only the
server->client traffic (INIT_ACK, SACK etc.) is encrypted, both machines
are still alive after transferring data.
My setup works well on FreeBSD 6.1 machines without any freezes.

Can anybody please help me?

By the way: the reason for using 7.0BETA2 was that I was not able to
compile a kernel on 6.2 machines with both SCTP and IPSEC activated in
the kernel (using a sunday-night cvs-checkout from
stewart.chicago.il.us/sctpCVS). Kernelbuild failed with error message:

in file included from /usr/src/sys/netipsec/ipsec.h:46,
from /usr/src/sys/netinet/sctp_os_bsd.h:78,
from /usr/src/sys/netinet/sctp_os.h:59,
from /usr/src/sys/netinet/in_proto.c:92:
/usr/src/sys/netipsec/keydb.h:54 error: redefinition of 'struct secasindex'

As far as I can evaluate this there is a conflict between ipsec and
netkey but I was not able to solve this conflig. Maybe this problem is
known already?

Thank you, best regards,

Oliver
Received on Wed Nov 14 11:54:23 2007