Hi Oliver,
do you have a core and provide a stack backtrace such
that we can see at least where the crash happens?
Best regards
Michael
On Nov 14, 2007, at 5:37 PM, Oliver Roll wrote:
> Dear all,
>
> I'm experiencing problems when sending SCTP-traffic between two hosts
> over a transport-mode IPSec-connection on FreeBSD 7.0BETA2.
> The setup is very low-level: a listening server and a client sending
> one
> line of text to the server; connection is secured with setkey, using
> hmac-md5 for AH and triple DES for ESP.
> On my 7.0Beta2 traffic which is only authenticated with AH is
> trouble-free. Once using ESP to encrypt the traffic the sending system
> (client) freezes. A "panic: double fault" is displayed on the client's
> console and the core is dumped. Error message:
>
> Fatal double fault:
> eip = 0xc07a4912
> esp = 0xcbd44ffc
> ebp = 0xcbd45018
>
> A strange issue is that only the sending side is affected. If only the
> server->client traffic (INIT_ACK, SACK etc.) is encrypted, both
> machines
> are still alive after transferring data.
> My setup works well on FreeBSD 6.1 machines without any freezes.
>
> Can anybody please help me?
>
> By the way: the reason for using 7.0BETA2 was that I was not able to
> compile a kernel on 6.2 machines with both SCTP and IPSEC activated in
> the kernel (using a sunday-night cvs-checkout from
> stewart.chicago.il.us/sctpCVS). Kernelbuild failed with error message:
>
> in file included from /usr/src/sys/netipsec/ipsec.h:46,
> from /usr/src/sys/netinet/sctp_os_bsd.h:78,
> from /usr/src/sys/netinet/sctp_os.h:59,
> from /usr/src/sys/netinet/in_proto.c:92:
> /usr/src/sys/netipsec/keydb.h:54 error: redefinition of 'struct
> secasindex'
>
> As far as I can evaluate this there is a conflict between ipsec and
> netkey but I was not able to solve this conflig. Maybe this problem is
> known already?
>
> Thank you, best regards,
>
> Oliver
>
Received on Wed Nov 14 14:15:42 2007
This archive was generated by hypermail 2.1.8 : Wed Nov 14 2007 - 16:01:03 EST