From owner-freebsd-current@FreeBSD.ORG  Sun Sep 26 09:51:47 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 29AF916A4CE
	for <current@freebsd.org>; Sun, 26 Sep 2004 09:51:47 +0000 (GMT)
Received: from ns1.interbgc.com (mail.interbgc.com [217.9.224.3])
	by mx1.FreeBSD.org (Postfix) with SMTP id 19C8143D46
	for <current@freebsd.org>; Sun, 26 Sep 2004 09:51:46 +0000 (GMT)
	(envelope-from nike_d@cytexbg.com)
Received: (qmail 30019 invoked from network); 26 Sep 2004 09:51:45 -0000
Received: from nike_d@cytexbg.com by keeper.interbgc.com by uid 1002 with
	qmail-scanner-1.14 
	(uvscan: v4.2.40/v4374. spamassassin: 2.63.  Clear:SA:0(-4.9/8.0):. 
	Processed in 1.262606 secs); 26 Sep 2004 09:51:45 -0000
X-Spam-Status: No, hits=-4.9 required=8.0
Received: from 213-240-202-139.1697748.ddns.cablebg.net (HELO
	tormentor.totalterror.net) (213.240.202.139)
	by mail.interbgc.com with SMTP; 26 Sep 2004 09:51:43 -0000
Received: (qmail 29538 invoked from network); 26 Sep 2004 09:49:38 -0000
Received: from unknown (HELO phobos.totalterror.net) (10.10.0.2)
  by tormentor.totalterror.net with SMTP; 26 Sep 2004 09:49:38 -0000
References: <Pine.NEB.3.96L.1040925150944.79682C-100000@fledge.watson.org>
	<200409251502.34281.sam@errno.com>
	<Pine.BSF.4.53.0409252349140.93902@e0-0.zab2.int.zabbadoz.net>
	<200409251938.28089.sam@errno.com>
Message-ID: <cone.1096192317.771953.670.1001@phobos.totalterror.net>
X-Mailer: http://www.courier-mta.org/cone/
From: Niki Denev <nike_d@cytexbg.com>
To: current@freebsd.org
Date: Sun, 26 Sep 2004 12:51:57 +0300
Mime-Version: 1.0
Content-Type: multipart/signed;
    boundary="=_mimegpg-phobos.totalterror.net-670-1096192317-0001";
    micalg=pgp-sha1; protocol="application/pgp-signature"
Subject: Re: 5.3 IPSEC broken
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Sep 2004 09:51:47 -0000

This is a MIME GnuPG-signed message.  If you see this text, it means that
your E-mail or Usenet software does not support MIME signed messages.

--=_mimegpg-phobos.totalterror.net-670-1096192317-0001
Content-Type: text/plain; format=flowed; charset="US-ASCII"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Sam Leffler writes:

> On Saturday 25 September 2004 04:50 pm, Bjoern A. Zeeb wrote:
>> On Sat, 25 Sep 2004, Sam Leffler wrote:
>> > > > That's a 216 byte packet, fwiw.  I instrumented key.c and ran into
>> > > > the following ENOBUFS case on key.c:6957:
>> > > >
>> > > >         /* align the mbuf chain so that extensions are in contiguous
>> > > > region. */ error = key_align(m, &mh);
>> > > >         if (error)
>> > > >                 return error;
>> > > >
>> > > >         if (m->m_next) {        /*XXX*/
>> > > >                 m_freem(m);
>> > > >                 return ENOBUFS;
>> > > >         }
>> > > >
>> > > > I.e., the author knew it was a bug (feature) that an additional mbuf
>> > > > couldn't be handled here, but we do need to handle one.  Looks like
>> > > > much of the surrounding code could be replaced with a call to
>> > > > m_defrag() and/or m_pullup().
>> > >
>> > > Just to mention that i too experience this problem,
>> > > but with FAST_IPSEC so this probably means that if any fix will be made
>> > > for netkey/key.c then netipsec/key.c will need it too.(as far as i can
>> > > tell) Please correct me if i'm wrong.
>> >
>> > Correct.  I gave Robert a fix that was sent to me for fast ipsec.  I was
>> > going to commit it this weekend after some testing.
>>
>> could you perhaps post it or place it somewhere for download ?
> 
> sam         2004-09-26 02:01:27 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
>     sys/netipsec         key.c 
>   Log:
>   Correct handling of SADB_UPDATE and SADB_ADD requests.  key_align may split
>   the mbuf due to use of m_pulldown.  Discarding the result because of this
>   does not make sense as no subsequent code depends on the entire msg being
>   linearized (only the individual pieces).  It's likely something else is 
> wrong
>   here but for now this appears to get things back to a working state.
>   
>   Submitted by:   Roselyn Lee
>   
>   Revision  Changes    Path
>   1.17      +0 -5      src/sys/netipsec/key.c
> http://cvsweb.FreeBSD.org/src/sys/netipsec/key.c.diff?r1=1.16&r2=1.17

And for netkey/key.c ?


--niki


--=_mimegpg-phobos.totalterror.net-670-1096192317-0001
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (FreeBSD)

iD8DBQBBVpE9HNAJ/fLbfrkRAnWvAJwK+OsLC1H+E0DbaD90vdrXJ/7CcACffBVe
mYPfYxxy9YHblwiASi7TUsI=
=nZ7i
-----END PGP SIGNATURE-----

--=_mimegpg-phobos.totalterror.net-670-1096192317-0001--