Project

General

Profile

Bug #4754

enabling net.inet.ipsec.directdispatch on 32 bit results in kernel panics

Added by Chris Buechler over 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Operating System
Target version:
Start date:
06/11/2015
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.2.x
Affected Architecture:
i386

Description

Starting this for the root problem in #4537. We have a workaround for the issue and hence closed that ticket, but the root cause should still be fixed or at least reported upstream after putting together a test case and verifying on stock FreeBSD.

Where net.inet.ipsec.directdispatch=1, and you try to reach any service running on the box itself across IPsec, it triggers a kernel panic on 32 bit only.

Associated revisions

Revision 9a330eff (diff)
Added by Chris Buechler over 3 years ago

Remove workaround for Ticket #4754 in 2.4 since 32 bit is dead.

Revision 1a33a597 (diff)
Added by Chris Buechler over 3 years ago

set net.isr.dispatch instead since net.inet.ipsec.directdispatch no longer exists. Ticket #4754

History

#1 Updated by Jim Pingle over 3 years ago

Apparently this can also affect 2.3.x and that tunable is no longer present. To work around the issue, use net.isr.dispatch=deferred instead.

See https://forum.pfsense.org/index.php?topic=114217.msg638131#msg638131

#2 Updated by Chris Buechler over 3 years ago

  • Status changed from Confirmed to Feedback
  • Target version set to 2.3.2

I removed that directdispatch sysctl from 2.4 entirely since 32 bit is gone there, and changed RELENG_2_3 to net.isr.dispatch=deferred.

Since 32 bit is EOL in 2.4, setting this target 2.3.2 for tracking and to close out once verified.

#3 Updated by Renato Botelho over 3 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF