CFR: AES-GCM and OpenCrypto work review
John-Mark Gurney
jmg at funkthat.com
Fri Nov 14 19:39:14 UTC 2014
Andrey V. Elsukov wrote this message on Fri, Nov 14, 2014 at 16:28 +0300:
> On 14.11.2014 03:52, Andrey V. Elsukov wrote:
> > I tried your patch with my IPv4 forwarding test. When aesni module is
> > loaded and aes-cbc is used I see growing of `invalid outbound packets`
> > counter in `netstat -sp ipsec` output. And no packets are forwarded.
> > Also while testing I got a panic in aesni_encrypt_cbc().
> >
> > atal trap 9: general protection fault while in kernel mode
> > cpuid = 4; apic id = 04
> > instruction pointer = 0x20:0xffffffff80d05c43
> > stack pointer = 0x28:0xfffffe00003f7e70
> > frame pointer = 0x28:0xfffffe00003f7eb0
> > code segment = base 0x0, limit 0xfffff, type 0x1b
> > = DPL 0, pres 1, long 1, def32 0, gran 1
> > processor eflags = interrupt enabled, resume, IOPL = 0
> > current process = 12 (irq286: ix0:que 4)
> >
>
> The full backtrace is here: http://paste.org.ru/?a3f8pw
> Screenshot from ddb: http://i.imgur.com/H5mbVi8.png?1
> Also I noticed that on higher packet rate sometimes kernel reports about
> wrong source route attempts:
>
> kernel: attempted source route from 244.116.138.102 to 225.51.107.139
> kernel: attempted source route from 19.120.181.94 to 238.17.74.139
> kernel: attempted source route from 186.217.142.184 to 233.165.4.102
> kernel: attempted source route from 134.41.78.248 to 231.122.242.144
>
> probably there is mbuf's memory corruption somewhere.
Well.. It looks like IPSEC is still broken in head... I can get
pings to pass, but now on IPv4 transport mode, I can't get syn's to
be sent out... I see the output packet in the protocol stats, but
no packets go out the interface...
If you could provide me w/ a simple set of spdadd commands, or the
dumps from the machine, that'd be good...
Hmm.... I just ran ping -f so I could generate some traffic, and
managed to get a:
panic: System call sendto returing with kernel FPU ctx leaked
I'll look into this...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the freebsd-current
mailing list