[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#629636: linux-image-2.6.32-5-kirkwood: IPsec aes-sha1 with kirkwood/mv_cesa causes CPU to spin

* Sebastian Andrzej Siewior <sebastian@breakpoint.cc> [2011-06-08 13:38:10+0200]:
>
> * Alexander Clouter | 2011-06-08 09:54:58 [+0000]:
> 
> >Whilst deploying IPsec (with strongswan-ike2) I ran into a complication[1]
> >that causes mv_cesa to spin the CPU when the system receives an IPsec ESP
> >packet; it seems to be able to send traffic (before the CPU spin) as a
> >ICMP Echo request (a la pin) out from the system out is okay, until the
> >ICMP Reply comes back.  The packet never 'arrives' as far as userspace is
> >concerned and the only way to stop the CPU spinning is a reboot.
> 
> I've been working on that and forgot about it in the meantime. The 
> problem is that incremental sha1 checksum are wrong i.e. the previous 
> state is ignored by the hardware.
>
I have just been tasked with putting together an active-active IPsec VPN 
concentrator (with a need to use AES-SHA1 it seems) and I was hoping to 
use the OpenRD's (and mv_cesa).  Have you got a patch I can test that 
fixes things for SHA1?

Cheers

-- 
Alexander Clouter
.sigmonster says: You fill a much-needed gap.
Reply to: