Bug #4754
closed
enabling net.inet.ipsec.directdispatch on 32 bit results in kernel panics
0%
Description
Starting this for the root problem in #4537. We have a workaround for the issue and hence closed that ticket, but the root cause should still be fixed or at least reported upstream after putting together a test case and verifying on stock FreeBSD.
Where net.inet.ipsec.directdispatch=1, and you try to reach any service running on the box itself across IPsec, it triggers a kernel panic on 32 bit only.
Updated by Jim Pingle almost 10 years ago
Apparently this can also affect 2.3.x and that tunable is no longer present. To work around the issue, use net.isr.dispatch=deferred instead.
See https://forum.pfsense.org/index.php?topic=114217.msg638131#msg638131
Updated by Chris Buechler almost 10 years ago
- Status changed from Confirmed to Feedback
- Target version set to 2.3.2
I removed that directdispatch sysctl from 2.4 entirely since 32 bit is gone there, and changed RELENG_2_3 to net.isr.dispatch=deferred.
Since 32 bit is EOL in 2.4, setting this target 2.3.2 for tracking and to close out once verified.
Updated by Renato Botelho almost 10 years ago
- Status changed from Feedback to Resolved