[strongSwan] Kernel crashes with AES-GCM

Robert Woodcock robert.woodcock at cobaltmortgage.com
Thu Sep 27 20:13:17 CEST 2012

I can replicate this as well  - usually in 2-5 hours with 3.2.23 and 3.4.11,
on 82571EB NICs and a E3-1270 CPU. I don't have a full call trace yet (need
to set up a serial console first) but the last 25 lines of mine look pretty
similar to yours.

I'm using tunnel mode, not transport, with aes128gcm16.

-----Original Message-----
From: users-bounces+robert.woodcock=cobaltmortgage.com at lists.strongswan.org [mailto:users-bounces+robert.woodcock=cobaltmortgage.com at lists.strongswan.org] On Behalf Of Guru Shetty
Sent: Thursday, September 27, 2012 9:59 AM
To: users at lists.strongswan.org
Subject: [strongSwan] Kernel crashes with AES-GCM

This probably is not a strongswan issue, as it is the Linux kernel
that crashes. But, I felt the wider community may have seen this and
have some opinions on how to avoid it.

My ipsec.conf summary is as follows:


When I use the hardware acceleration provided by Intel CPUs (by
loading the aesni-intel kernel module), and run netperf tests in a
loop on a 10G NIC, I see kernel crashes (I do get a very good
throughput boost). I have seen this issue in Linux 3.2, 3.3, 3.4 and
3.5. It is very easy to reproduce in Linux 3.2 (This is the stock
kernel that comes with Ubuntu 12.04).

Since Ubuntu 12.04 is a very popular distribution, I was surprised to
see no prior bug reports on this front. This makes me wonder, whether
there are other ways the wider community is making use of the hardware

Any inputs are deeply appreciated.

For those of you interested, here is the actual kernel back traces.


Users mailing list
Users at lists.strongswan.org

More information about the Users mailing list