Subject: Re: Problems with IPsec
To: Bill Studenmund <wrstuden@netbsd.org>
From: Paul Dokas <dokas@mail.attbi.com>
List: tech-net
Date: 04/11/2002 21:57:53
On Thu, Apr 11, 2002 at 02:09:18PM -0700, Bill Studenmund wrote:
>
> data modified on free list e01a3fff size 320 prevtype ??
> invalid addr 0xefe01a4c deadbe != deadbeef
> unaligned addr e01a3fff size 128 type key mgmt XXX 127
>
> panic was in mountd shutting down.
>
> keydb_delsecpolicy
> key_delsp
> key_freesp
> ipsec4_delete_pcbpolicy
> in_pcvdetatch
> .L370+4
> soclose
> soo_close
Sounds like PR 13813 and/or 15953 (personally, they look the same to
me, but those who know more than I think that they're different <shrug>)
I can reproduce this one fairly easily. I just need to use racoon and
add:
# for clients with dynamic IPs
generate_policy on;
to the config. Then after hitting the machine from about 5 different
IPs (or from the same machine about 5 times), the machine will panic
in a call to key_delsp()
I spent some time figuring out what was going on. Here's the email
that I sent as a result:
http://mail-index.netbsd.org/current-users/2002/02/19/0007.html
Basically, I found that the kernel was dying inside of the LIST_REMOVE()
macro found in key_freesp(). The link list appears to have been stomped.
My best guess was that there's a missing splsoftnet()/splx() somewhere.
Paul
--
Paul Dokas dokas@cs.umn.edu
======================================================================
Don Juan Matus: "an enigma wrapped in mystery wrapped in a tortilla."