Subject: kern/30057: FAST_IPSEC, large MTU, and strict alignment don't get along
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <nathanw@wasabisystems.com>
List: netbsd-bugs
Date: 04/25/2005 16:25:00
>Number: 30057
>Category: kern
>Synopsis: FAST_IPSEC, large MTU, and strict alignment don't get along
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Apr 25 16:25:00 +0000 2005
>Originator: Nathan J. Williams
>Release: NetBSD 3.99.3 (2004-04-10)
>Organization:
>Environment:
System: NetBSD mac-g4.nathanw.com 3.99.3 NetBSD 3.99.3 (G4) #84: Mon Apr 25 09:59:58 EDT 2005 nathanw@marvin-the-martian.nathanw.com:/nbsd/src/sys/arch/macppc/compile/G4 macppc
Architecture: powerpc
Machine: macppc
>Description:
Configuring a kernel with FAST_IPSEC, setting up ESP and AH with manual keys, increasing the MTU from the default and running nttcp (from pkgsrc) against another host results in a panic in tcp_input.c:
panic: kernel diagnostic assertion "TCP_HDR_ALIGNED_P(th)" failed: file "../../../../netinet/tcp_input.c", line 1035
Stopped in pid 2.1 (cryptoret) at netbsd:cpu_Debugger+0x18: lwz \
r
11, r1, 0x0
db> t
0xd5243b50: at panic+0x174
0xd5243bf0: at __assert+0x3c
0xd5243c20: at tcp_input+0x22e8
0xd5243d80: at ip_input+0x640
0xd5243dd0: at ipintr+0x80
0xd5243e00: at softintr__run+0xa8
0xd5243e20: at do_pending_int+0x1ec
0xd5243e60: at splx+0x40
0xd5243e70: at esp_input_cb+0x420
0xd5243ef0: at cryptoret+0x188
0xd5243f40: at cpu_switchto+0x44
0xd5243f50: at ADBDevTable+0xffb49c08
db>
With the KASSERT() at line 1035 replaced with a test-and-panic like so:
if (!TCP_HDR_ALIGNED_P(th))
panic("tcp_input: th is not aligned (%p)\n", th);
the panic is
panic: tcp_input: th is not aligned (0xba86052)
so the pointer is 2-byte-aligned but not 4-byte-aligned.
The network interface probes as:
wm0 at pci1 dev 4 function 0: Intel i82545GM 1000BASE-T Ethernet, rev. 4
wm0: interrupting at irq 25
wm0: Ethernet address 00:04:23:b2:30:90
makphy0 at wm0 phy 1: Marvell 88E1011 Gigabit PHY, rev. 5
makphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-F\
DX, auto
and is configured as:
# ifconfig wm0
wm0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 3000
capabilities=87<IP4CSUM,TCP4CSUM,UDP4CSUM,TSO4>
enabled=0
address: 00:04:23:b2:30:90
media: Ethernet autoselect (1000baseT full-duplex,flowcontrol,rxpause,t\
xpause)
status: active
inet 10.1.0.15 netmask 0xffffff00 broadcast 10.1.0.255
The /etc/ipsec.conf contents, fed to setkey -c:
add 10.1.0.15 10.1.0.5 esp 1234 -E rijndael-cbc 0x79d06d135aadaba411ee0663fbcf9\
69bc0137e91b0677e39;
add 10.1.0.5 10.1.0.15 esp 1235 -E rijndael-cbc 0x92a933b4621cd5599d53834bdf301\
2d22cf460f8589f7166;
spdadd 10.1.0.15 10.1.0.5 any -P out ipsec esp/transport//use;
(I first noticed this problem with ESP and AH, but just ESP seems to
be sufficent)
>How-To-Repeat:
See above.
>Fix:
Unknown