Bug #4754
closed
enabling net.inet.ipsec.directdispatch on 32 bit results in kernel panics
0%
Description
Starting this for the root problem in #4537. We have a workaround for the issue and hence closed that ticket, but the root cause should still be fixed or at least reported upstream after putting together a test case and verifying on stock FreeBSD.
Where net.inet.ipsec.directdispatch=1, and you try to reach any service running on the box itself across IPsec, it triggers a kernel panic on 32 bit only.
Updated by Jim Pingle over 8 years ago
Apparently this can also affect 2.3.x and that tunable is no longer present. To work around the issue, use net.isr.dispatch=deferred instead.
See https://forum.pfsense.org/index.php?topic=114217.msg638131#msg638131
Updated by Chris Buechler over 8 years ago
- Status changed from Confirmed to Feedback
- Target version set to 2.3.2
I removed that directdispatch sysctl from 2.4 entirely since 32 bit is gone there, and changed RELENG_2_3 to net.isr.dispatch=deferred.
Since 32 bit is EOL in 2.4, setting this target 2.3.2 for tracking and to close out once verified.
Updated by Renato Botelho over 8 years ago
- Status changed from Feedback to Resolved