From owner-freebsd-current@FreeBSD.ORG Sun Sep 26 09:51:47 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 29AF916A4CE for ; Sun, 26 Sep 2004 09:51:47 +0000 (GMT) Received: from ns1.interbgc.com (mail.interbgc.com [217.9.224.3]) by mx1.FreeBSD.org (Postfix) with SMTP id 19C8143D46 for ; Sun, 26 Sep 2004 09:51:46 +0000 (GMT) (envelope-from nike_d@cytexbg.com) Received: (qmail 30019 invoked from network); 26 Sep 2004 09:51:45 -0000 Received: from nike_d@cytexbg.com by keeper.interbgc.com by uid 1002 with qmail-scanner-1.14 (uvscan: v4.2.40/v4374. spamassassin: 2.63. Clear:SA:0(-4.9/8.0):. Processed in 1.262606 secs); 26 Sep 2004 09:51:45 -0000 X-Spam-Status: No, hits=-4.9 required=8.0 Received: from 213-240-202-139.1697748.ddns.cablebg.net (HELO tormentor.totalterror.net) (213.240.202.139) by mail.interbgc.com with SMTP; 26 Sep 2004 09:51:43 -0000 Received: (qmail 29538 invoked from network); 26 Sep 2004 09:49:38 -0000 Received: from unknown (HELO phobos.totalterror.net) (10.10.0.2) by tormentor.totalterror.net with SMTP; 26 Sep 2004 09:49:38 -0000 References: <200409251502.34281.sam@errno.com> <200409251938.28089.sam@errno.com> Message-ID: X-Mailer: http://www.courier-mta.org/cone/ From: Niki Denev To: current@freebsd.org Date: Sun, 26 Sep 2004 12:51:57 +0300 Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=_mimegpg-phobos.totalterror.net-670-1096192317-0001"; micalg=pgp-sha1; protocol="application/pgp-signature" Subject: Re: 5.3 IPSEC broken X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Sep 2004 09:51:47 -0000 This is a MIME GnuPG-signed message. If you see this text, it means that your E-mail or Usenet software does not support MIME signed messages. --=_mimegpg-phobos.totalterror.net-670-1096192317-0001 Content-Type: text/plain; format=flowed; charset="US-ASCII" Content-Disposition: inline Content-Transfer-Encoding: 7bit Sam Leffler writes: > On Saturday 25 September 2004 04:50 pm, Bjoern A. Zeeb wrote: >> On Sat, 25 Sep 2004, Sam Leffler wrote: >> > > > That's a 216 byte packet, fwiw. I instrumented key.c and ran into >> > > > the following ENOBUFS case on key.c:6957: >> > > > >> > > > /* align the mbuf chain so that extensions are in contiguous >> > > > region. */ error = key_align(m, &mh); >> > > > if (error) >> > > > return error; >> > > > >> > > > if (m->m_next) { /*XXX*/ >> > > > m_freem(m); >> > > > return ENOBUFS; >> > > > } >> > > > >> > > > I.e., the author knew it was a bug (feature) that an additional mbuf >> > > > couldn't be handled here, but we do need to handle one. Looks like >> > > > much of the surrounding code could be replaced with a call to >> > > > m_defrag() and/or m_pullup(). >> > > >> > > Just to mention that i too experience this problem, >> > > but with FAST_IPSEC so this probably means that if any fix will be made >> > > for netkey/key.c then netipsec/key.c will need it too.(as far as i can >> > > tell) Please correct me if i'm wrong. >> > >> > Correct. I gave Robert a fix that was sent to me for fast ipsec. I was >> > going to commit it this weekend after some testing. >> >> could you perhaps post it or place it somewhere for download ? > > sam 2004-09-26 02:01:27 UTC > > FreeBSD src repository > > Modified files: > sys/netipsec key.c > Log: > Correct handling of SADB_UPDATE and SADB_ADD requests. key_align may split > the mbuf due to use of m_pulldown. Discarding the result because of this > does not make sense as no subsequent code depends on the entire msg being > linearized (only the individual pieces). It's likely something else is > wrong > here but for now this appears to get things back to a working state. > > Submitted by: Roselyn Lee > > Revision Changes Path > 1.17 +0 -5 src/sys/netipsec/key.c > http://cvsweb.FreeBSD.org/src/sys/netipsec/key.c.diff?r1=1.16&r2=1.17 And for netkey/key.c ? --niki --=_mimegpg-phobos.totalterror.net-670-1096192317-0001 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (FreeBSD) iD8DBQBBVpE9HNAJ/fLbfrkRAnWvAJwK+OsLC1H+E0DbaD90vdrXJ/7CcACffBVe mYPfYxxy9YHblwiASi7TUsI= =nZ7i -----END PGP SIGNATURE----- --=_mimegpg-phobos.totalterror.net-670-1096192317-0001--