Project

General

Profile

Actions

Bug #4754

closed

enabling net.inet.ipsec.directdispatch on 32 bit results in kernel panics

Added by Chris Buechler about 6 years ago. Updated about 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Operating System
Target version:
Start date:
06/11/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2.x
Affected Architecture:
i386

Description

Starting this for the root problem in #4537. We have a workaround for the issue and hence closed that ticket, but the root cause should still be fixed or at least reported upstream after putting together a test case and verifying on stock FreeBSD.

Where net.inet.ipsec.directdispatch=1, and you try to reach any service running on the box itself across IPsec, it triggers a kernel panic on 32 bit only.

Actions #1

Updated by Jim Pingle about 5 years ago

Apparently this can also affect 2.3.x and that tunable is no longer present. To work around the issue, use net.isr.dispatch=deferred instead.

See https://forum.pfsense.org/index.php?topic=114217.msg638131#msg638131

Actions #2

Updated by Chris Buechler about 5 years ago

  • Status changed from Confirmed to Feedback
  • Target version set to 2.3.2

I removed that directdispatch sysctl from 2.4 entirely since 32 bit is gone there, and changed RELENG_2_3 to net.isr.dispatch=deferred.

Since 32 bit is EOL in 2.4, setting this target 2.3.2 for tracking and to close out once verified.

Actions #3

Updated by Renato Botelho about 5 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF