From simon@comsys.ntu-kpi.kiev.ua  Fri Jan 13 17:00:20 2006
Return-Path: <simon@comsys.ntu-kpi.kiev.ua>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 01A1516A422
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 13 Jan 2006 17:00:20 +0000 (GMT)
	(envelope-from simon@comsys.ntu-kpi.kiev.ua)
Received: from comsys.ntu-kpi.kiev.ua (comsys.ntu-kpi.kiev.ua [195.245.194.142])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DF96C43D48
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 13 Jan 2006 17:00:05 +0000 (GMT)
	(envelope-from simon@comsys.ntu-kpi.kiev.ua)
Received: from pm513-1.comsys.ntu-kpi.kiev.ua (pm513-1.comsys.ntu-kpi.kiev.ua [10.18.52.101])
	(authenticated bits=0)
	by comsys.ntu-kpi.kiev.ua (8.12.10/8.12.10) with ESMTP id k0DHBbVO060911
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL)
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 13 Jan 2006 19:11:39 +0200 (EET)
Received: by pm513-1.comsys.ntu-kpi.kiev.ua (Postfix, from userid 1001)
	id B8BE95C021; Fri, 13 Jan 2006 19:00:08 +0200 (EET)
Message-Id: <20060113170008.GA883@pm513-1.comsys.ntu-kpi.kiev.ua>
Date: Fri, 13 Jan 2006 19:00:08 +0200
From: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
To: FreeBSD-gnats-submit@freebsd.org
Subject: FAST_IPSEC stops system under high traffic

>Number:         91760
>Category:       kern
>Synopsis:       [ipsec] FAST_IPSEC stops system under high traffic
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    remko
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 13 17:10:03 GMT 2006
>Closed-Date:    Fri Jun 15 10:51:19 GMT 2007
>Last-Modified:  Fri Jun 15 10:51:19 GMT 2007
>Originator:     Andrey Simonenko
>Release:        FreeBSD 6.0-STABLE i386
>Organization:
>Environment:

FreeBSD 6.0-STABLE i386, CVSup'ed today

>Description:

I have two FreeBSD 6.0-STABLE systems: one is gateway another
one is my computer (both are in the same 100M LAN and gateway
is connected to another 100M LAN).  On both systems FAST_IPSEC
is used with manual keys and with few SPD AH-transport and
AH-tunnel.  IPsec policy is used in transport mode between
my computer and gateway and in tunnel mode between my
computer and gateway, when packet is not for gateway (for the
rest of the world).

I removed IP Firewall from the kernel to make my tests
more clear.

If I download something big from gateway to my computer
or when I download something big from another LAN via gateway
to my computer, then gateway or my computer stops and
does not responds (ping does not work and console also
does not work).  I got the same result if I run something
which outputs a lot to stdout via ssh.

There is no panic, the system simply does not respond
(via ping or via console).

Without FAST_IPSEC everything work without problems.

Also with IPSEC, IPSEC_ESP and the same configuration my
systems do not have any problems.

Having done some tests I'm almost sure that FAST_IPSEC
causes this problem.

>How-To-Repeat:

In my environment I can reproduce this problem.

>Fix:
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: remko 
State-Changed-When: Mon Dec 25 14:50:28 UTC 2006 
State-Changed-Why:  
Hello, We are a bit further in time now, did the behaviour you are seeing 
still occur on FreeBSD 6.1 and perhaps even on 6.2?  What kind of network 
cards are you using? Does this occur with other hardware in between as 
well?  


Responsible-Changed-From-To: freebsd-bugs->remko 
Responsible-Changed-By: remko 
Responsible-Changed-When: Mon Dec 25 14:50:28 UTC 2006 
Responsible-Changed-Why:  
grab the pr to trace feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91760 
State-Changed-From-To: feedback->closed 
State-Changed-By: linimon 
State-Changed-When: Fri Jun 15 10:50:40 UTC 2007 
State-Changed-Why:  
Feedback timeout (> 5 months). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91760 
>Unformatted:
