Date: Sun, 26 Sep 2004 12:51:57 +0300 From: Niki Denev <nike_d@cytexbg.com> To: current@freebsd.org Subject: Re: 5.3 IPSEC broken Message-ID: <cone.1096192317.771953.670.1001@phobos.totalterror.net> References: <Pine.NEB.3.96L.1040925150944.79682C-100000@fledge.watson.org> <200409251502.34281.sam@errno.com> <Pine.BSF.4.53.0409252349140.93902@e0-0.zab2.int.zabbadoz.net> <200409251938.28089.sam@errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a MIME GnuPG-signed message. If you see this text, it means that your E-mail or Usenet software does not support MIME signed messages. --=_mimegpg-phobos.totalterror.net-670-1096192317-0001 Content-Type: text/plain; format=flowed; charset="US-ASCII" Content-Disposition: inline Content-Transfer-Encoding: 7bit Sam Leffler writes: > On Saturday 25 September 2004 04:50 pm, Bjoern A. Zeeb wrote: >> On Sat, 25 Sep 2004, Sam Leffler wrote: >> > > > That's a 216 byte packet, fwiw. I instrumented key.c and ran into >> > > > the following ENOBUFS case on key.c:6957: >> > > > >> > > > /* align the mbuf chain so that extensions are in contiguous >> > > > region. */ error = key_align(m, &mh); >> > > > if (error) >> > > > return error; >> > > > >> > > > if (m->m_next) { /*XXX*/ >> > > > m_freem(m); >> > > > return ENOBUFS; >> > > > } >> > > > >> > > > I.e., the author knew it was a bug (feature) that an additional mbuf >> > > > couldn't be handled here, but we do need to handle one. Looks like >> > > > much of the surrounding code could be replaced with a call to >> > > > m_defrag() and/or m_pullup(). >> > > >> > > Just to mention that i too experience this problem, >> > > but with FAST_IPSEC so this probably means that if any fix will be made >> > > for netkey/key.c then netipsec/key.c will need it too.(as far as i can >> > > tell) Please correct me if i'm wrong. >> > >> > Correct. I gave Robert a fix that was sent to me for fast ipsec. I was >> > going to commit it this weekend after some testing. >> >> could you perhaps post it or place it somewhere for download ? > > sam 2004-09-26 02:01:27 UTC > > FreeBSD src repository > > Modified files: > sys/netipsec key.c > Log: > Correct handling of SADB_UPDATE and SADB_ADD requests. key_align may split > the mbuf due to use of m_pulldown. Discarding the result because of this > does not make sense as no subsequent code depends on the entire msg being > linearized (only the individual pieces). It's likely something else is > wrong > here but for now this appears to get things back to a working state. > > Submitted by: Roselyn Lee > > Revision Changes Path > 1.17 +0 -5 src/sys/netipsec/key.c > http://cvsweb.FreeBSD.org/src/sys/netipsec/key.c.diff?r1=1.16&r2=1.17 And for netkey/key.c ? --niki --=_mimegpg-phobos.totalterror.net-670-1096192317-0001 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQBBVpE9HNAJ/fLbfrkRAnWvAJwK+OsLC1H+E0DbaD90vdrXJ/7CcACffBVe mYPfYxxy9YHblwiASi7TUsI= =nZ7i -----END PGP SIGNATURE----- --=_mimegpg-phobos.totalterror.net-670-1096192317-0001--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cone.1096192317.771953.670.1001>