[strongSwan] Kernel crashes with AES-GCM
Robert Woodcock
robert.woodcock at cobaltmortgage.com
Thu Sep 27 20:13:17 CEST 2012
I can replicate this as well - usually in 2-5 hours with 3.2.23 and 3.4.11,
on 82571EB NICs and a E3-1270 CPU. I don't have a full call trace yet (need
to set up a serial console first) but the last 25 lines of mine look pretty
similar to yours.
I'm using tunnel mode, not transport, with aes128gcm16.
-----Original Message-----
From: users-bounces+robert.woodcock=cobaltmortgage.com at lists.strongswan.org [mailto:users-bounces+robert.woodcock=cobaltmortgage.com at lists.strongswan.org] On Behalf Of Guru Shetty
Sent: Thursday, September 27, 2012 9:59 AM
To: users at lists.strongswan.org
Subject: [strongSwan] Kernel crashes with AES-GCM
This probably is not a strongswan issue, as it is the Linux kernel
that crashes. But, I felt the wider community may have seen this and
have some opinions on how to avoid it.
My ipsec.conf summary is as follows:
esp=aes128gcm12-modp1024
ike=aes-sha1-modp1024
type=transport
When I use the hardware acceleration provided by Intel CPUs (by
loading the aesni-intel kernel module), and run netperf tests in a
loop on a 10G NIC, I see kernel crashes (I do get a very good
throughput boost). I have seen this issue in Linux 3.2, 3.3, 3.4 and
3.5. It is very easy to reproduce in Linux 3.2 (This is the stock
kernel that comes with Ubuntu 12.04).
Since Ubuntu 12.04 is a very popular distribution, I was surprised to
see no prior bug reports on this front. This makes me wonder, whether
there are other ways the wider community is making use of the hardware
acceleration.
Any inputs are deeply appreciated.
For those of you interested, here is the actual kernel back traces.
http://marc.info/?l=linux-crypto-vger&m=134852306202727&w=2
Thanks,
Guru
_______________________________________________
Users mailing list
Users at lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list