Subject: kern/30057: FAST_IPSEC, large MTU, and strict alignment don't get along
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <nathanw@wasabisystems.com>
List: netbsd-bugs
Date: 04/25/2005 16:25:00
>Number:         30057
>Category:       kern
>Synopsis:       FAST_IPSEC, large MTU, and strict alignment don't get along
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Apr 25 16:25:00 +0000 2005
>Originator:     Nathan J. Williams
>Release:        NetBSD 3.99.3 (2004-04-10)
>Organization:
	
>Environment:
System: NetBSD mac-g4.nathanw.com 3.99.3 NetBSD 3.99.3 (G4) #84: Mon Apr 25 09:59:58 EDT 2005 nathanw@marvin-the-martian.nathanw.com:/nbsd/src/sys/arch/macppc/compile/G4 macppc

Architecture: powerpc
Machine: macppc
>Description:
Configuring a kernel with FAST_IPSEC, setting up ESP and AH with manual keys, increasing the MTU from the default and running nttcp (from pkgsrc) against another host results in a panic in tcp_input.c:

panic: kernel diagnostic assertion "TCP_HDR_ALIGNED_P(th)" failed: file "../../../../netinet/tcp_input.c", line 1035
Stopped in pid 2.1 (cryptoret) at       netbsd:cpu_Debugger+0x18:       lwz    \
 r
11, r1, 0x0
db> t
0xd5243b50: at panic+0x174
0xd5243bf0: at __assert+0x3c
0xd5243c20: at tcp_input+0x22e8
0xd5243d80: at ip_input+0x640
0xd5243dd0: at ipintr+0x80
0xd5243e00: at softintr__run+0xa8
0xd5243e20: at do_pending_int+0x1ec
0xd5243e60: at splx+0x40
0xd5243e70: at esp_input_cb+0x420
0xd5243ef0: at cryptoret+0x188
0xd5243f40: at cpu_switchto+0x44
0xd5243f50: at ADBDevTable+0xffb49c08
db>

With the KASSERT() at line 1035 replaced with a test-and-panic like so:

	if (!TCP_HDR_ALIGNED_P(th))
		panic("tcp_input: th is not aligned (%p)\n", th);

the panic is
panic: tcp_input: th is not aligned (0xba86052)

so the pointer is 2-byte-aligned but not 4-byte-aligned.

The network interface probes as:
wm0 at pci1 dev 4 function 0: Intel i82545GM 1000BASE-T Ethernet, rev. 4
wm0: interrupting at irq 25
wm0: Ethernet address 00:04:23:b2:30:90
makphy0 at wm0 phy 1: Marvell 88E1011 Gigabit PHY, rev. 5
makphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-F\
DX, auto

and is configured as:
# ifconfig wm0
wm0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 3000
        capabilities=87<IP4CSUM,TCP4CSUM,UDP4CSUM,TSO4>
        enabled=0
        address: 00:04:23:b2:30:90
        media: Ethernet autoselect (1000baseT full-duplex,flowcontrol,rxpause,t\
xpause)
        status: active
        inet 10.1.0.15 netmask 0xffffff00 broadcast 10.1.0.255

The /etc/ipsec.conf contents, fed to setkey -c:

add 10.1.0.15 10.1.0.5 esp 1234 -E rijndael-cbc 0x79d06d135aadaba411ee0663fbcf9\
69bc0137e91b0677e39;
add 10.1.0.5 10.1.0.15 esp 1235 -E rijndael-cbc 0x92a933b4621cd5599d53834bdf301\
2d22cf460f8589f7166;
spdadd 10.1.0.15 10.1.0.5 any -P out ipsec esp/transport//use;

(I first noticed this problem with ESP and AH, but just ESP seems to
be sufficent)

>How-To-Repeat:

See above.

>Fix:
Unknown