Date: Sun, 26 Sep 2004 12:51:57 +0300 From: Niki Denev <nike_d@cytexbg.com> To: current@freebsd.org Subject: Re: 5.3 IPSEC broken Message-ID: <cone.1096192317.771953.670.1001@phobos.totalterror.net> References: <Pine.NEB.3.96L.1040925150944.79682C-100000@fledge.watson.org> <200409251502.34281.sam@errno.com> <Pine.BSF.4.53.0409252349140.93902@e0-0.zab2.int.zabbadoz.net> <200409251938.28089.sam@errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a MIME GnuPG-signed message. If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.
--=_mimegpg-phobos.totalterror.net-670-1096192317-0001
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
Sam Leffler writes:
> On Saturday 25 September 2004 04:50 pm, Bjoern A. Zeeb wrote:
>> On Sat, 25 Sep 2004, Sam Leffler wrote:
>> > > > That's a 216 byte packet, fwiw. I instrumented key.c and ran into
>> > > > the following ENOBUFS case on key.c:6957:
>> > > >
>> > > > /* align the mbuf chain so that extensions are in contiguous
>> > > > region. */ error = key_align(m, &mh);
>> > > > if (error)
>> > > > return error;
>> > > >
>> > > > if (m->m_next) { /*XXX*/
>> > > > m_freem(m);
>> > > > return ENOBUFS;
>> > > > }
>> > > >
>> > > > I.e., the author knew it was a bug (feature) that an additional mbuf
>> > > > couldn't be handled here, but we do need to handle one. Looks like
>> > > > much of the surrounding code could be replaced with a call to
>> > > > m_defrag() and/or m_pullup().
>> > >
>> > > Just to mention that i too experience this problem,
>> > > but with FAST_IPSEC so this probably means that if any fix will be made
>> > > for netkey/key.c then netipsec/key.c will need it too.(as far as i can
>> > > tell) Please correct me if i'm wrong.
>> >
>> > Correct. I gave Robert a fix that was sent to me for fast ipsec. I was
>> > going to commit it this weekend after some testing.
>>
>> could you perhaps post it or place it somewhere for download ?
>
> sam 2004-09-26 02:01:27 UTC
>
> FreeBSD src repository
>
> Modified files:
> sys/netipsec key.c
> Log:
> Correct handling of SADB_UPDATE and SADB_ADD requests. key_align may split
> the mbuf due to use of m_pulldown. Discarding the result because of this
> does not make sense as no subsequent code depends on the entire msg being
> linearized (only the individual pieces). It's likely something else is
> wrong
> here but for now this appears to get things back to a working state.
>
> Submitted by: Roselyn Lee
>
> Revision Changes Path
> 1.17 +0 -5 src/sys/netipsec/key.c
> http://cvsweb.FreeBSD.org/src/sys/netipsec/key.c.diff?r1=1.16&r2=1.17
And for netkey/key.c ?
--niki
--=_mimegpg-phobos.totalterror.net-670-1096192317-0001
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)
iD8DBQBBVpE9HNAJ/fLbfrkRAnWvAJwK+OsLC1H+E0DbaD90vdrXJ/7CcACffBVe
mYPfYxxy9YHblwiASi7TUsI=
=nZ7i
-----END PGP SIGNATURE-----
--=_mimegpg-phobos.totalterror.net-670-1096192317-0001--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cone.1096192317.771953.670.1001>