Racoon(ipsec-tools) enters sbwait state or 100% CPU
utilization quite often on RELENG_1_2
George V. Neville-Neil
gnn at neville-neil.com
Mon Aug 20 18:19:40 PDT 2007
At Mon, 20 Aug 2007 12:43:25 -0400,
Scott Ullrich wrote:
>
> On 8/20/07, VANHULLEBUS Yvan <vanhu_bsd at zeninc.net> wrote:
> > I tracked down the problem a few years ago, on FreeBSD 4.11, with
> > KAME's IPSec stack.
> >
> > But the problem was not really in the stack itself, but rather in
> > socket processing (in other words: not in netkey/*, but in
> > kern/uipc_socket2.c).
> >
> > And as both IPSec stacks shares some PFKey constraints (for example
> > one message per entry when dumping SADB / SPD), I guess the same
> > problem existed in FAST_IPSEC.
> >
> > But when I had some time a few months ago to start filling a PR for
> > the problem, I had a look at FreeBSD6 source code, and I noticed that
> > sbspace macro (which was a quite important part of the problem) has
> > changed, and I didn't have the required setup to do the test again, so
> > I just can't be really sure the problem still exists...
> >
> > But the reported problem really has similar symptoms.....
>
> Thank you Yvan and George!
>
> The PR has been filed and the ID# is
>
> kern/115651
>
Got it.
> I have added some interesting notes that seem to affect NetBSD as well.
>
> We will be happy to work with anyone to get this solved and access to
> the machine in question is available if need be.
>
Your raccoon config, if you could send it to me, would be helpful.
Best,
GEorge
More information about the freebsd-net
mailing list