enabling net.inet.ipsec.directdispatch on 32 bit results in kernel panics
Starting this for the root problem in #4537. We have a workaround for the issue and hence closed that ticket, but the root cause should still be fixed or at least reported upstream after putting together a test case and verifying on stock FreeBSD.
Where net.inet.ipsec.directdispatch=1, and you try to reach any service running on the box itself across IPsec, it triggers a kernel panic on 32 bit only.
#1 Updated by Jim Pingle about 4 years ago
Apparently this can also affect 2.3.x and that tunable is no longer present. To work around the issue, use
#2 Updated by Chris Buechler about 4 years ago
- Status changed from Confirmed to Feedback
- Target version set to 2.3.2
I removed that directdispatch sysctl from 2.4 entirely since 32 bit is gone there, and changed RELENG_2_3 to net.isr.dispatch=deferred.
Since 32 bit is EOL in 2.4, setting this target 2.3.2 for tracking and to close out once verified.