From owner-freebsd-stable Thu Jul 26 12:31:17 2001 Delivered-To: freebsd-stable@freebsd.org Received: from light.imasy.or.jp (light.imasy.or.jp [202.227.24.4]) by hub.freebsd.org (Postfix) with ESMTP id 30F0A37B406 for ; Thu, 26 Jul 2001 12:31:08 -0700 (PDT) (envelope-from ume@mahoroba.org) Received: (from uucp@localhost) by light.imasy.or.jp (8.11.3+3.4W/8.11.3/light) with UUCP id f6QJUeh27703; Fri, 27 Jul 2001 04:30:40 +0900 (JST) (envelope-from ume@mahoroba.org) Received: from peace.mahoroba.org (IDENT:8WYXztGHoiOvveeZWsPHSzr6mrYrjxYtGBvLo7gY49xlaRDdgrPWTqRMakdLll6d@peace.mahoroba.org [3ffe:505:2:0:200:f8ff:fe05:3eae]) (authenticated as ume with CRAM-MD5) by mail.mahoroba.org (8.11.4/8.11.4/chaos) with ESMTP/inet6 id f6QJUEg08853; Fri, 27 Jul 2001 04:30:15 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Fri, 27 Jul 2001 04:30:11 +0900 (JST) Message-Id: <20010727.043011.74725216.ume@mahoroba.org> To: itojun@iijlab.net Cc: daniel.sobral@tcoip.com.br, stable@freebsd.org Subject: Re: Completely unstable -stable (IPSEC) From: Hajimu UMEMOTO In-Reply-To: <13678.996078404@itojun.org> References: <3B5DD8BC.8010601@tcoip.com.br> <13678.996078404@itojun.org> X-Mailer: xcite1.38> Mew version 1.95b119 on Emacs 20.7 / Mule 4.0 =?iso-2022-jp?B?KBskQjJWMWMbKEIp?= X-PGP-Public-Key: http://www.imasy.org/~ume/publickey.asc X-PGP-Fingerprint: 6B 0C 53 FC 5D D0 37 91 05 D0 B3 EF 36 9B 6A BC X-URL: http://www.imasy.org/~ume/ X-Operating-System: FreeBSD 5.0-CURRENT Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG >>>>> On Thu, 26 Jul 2001 01:26:44 +0900 >>>>> itojun@iijlab.net said: >I have a 4.3-STABLE (cvsupped a few times this week already) which will=20 >crash within hours (and then never get to a second succesful boot).=20 >4.3-RELEASE works fine with the same kernel. itojun> after more diagnosis - it is a KAME bug, made apparent by recent itojun> locking changes. investigation/fixes are still ongoing. itojun> thank you for your patience. I just merged the fix from KAME repo. into 5-CURRENT. Thanks, itojun! There is some difference between 4-STABLE and 5-CURRENT. Here is a patch for 4-STABLE. Index: sys/netinet/in_pcb.c diff -u sys/netinet/in_pcb.c.orig sys/netinet/in_pcb.c --- sys/netinet/in_pcb.c.orig Tue Jul 3 20:01:45 2001 +++ sys/netinet/in_pcb.c Fri Jul 27 03:33:34 2001 @@ -142,6 +142,9 @@ struct proc *p; { register struct inpcb *inp; +#ifdef IPSEC + int error; +#endif inp = zalloci(pcbinfo->ipi_zone); if (inp == NULL) @@ -150,6 +153,13 @@ inp->inp_gencnt = ++pcbinfo->ipi_gencnt; inp->inp_pcbinfo = pcbinfo; inp->inp_socket = so; +#ifdef IPSEC + error = ipsec_init_policy(so, &inp->inp_sp); + if (error != 0) { + zfreei(pcbinfo->ipi_zone, inp); + return error; + } +#endif /*IPSEC*/ #if defined(INET6) if (INP_SOCKAF(so) == AF_INET6 && !ip6_mapped_addr_on) inp->inp_flags |= IN6P_IPV6_V6ONLY; Index: sys/netinet/ip_divert.c diff -u sys/netinet/ip_divert.c.orig sys/netinet/ip_divert.c --- sys/netinet/ip_divert.c.orig Tue Feb 27 18:41:15 2001 +++ sys/netinet/ip_divert.c Fri Jul 27 03:32:13 2001 @@ -362,13 +362,6 @@ /* The socket is always "connected" because we always know "where" to send the packet */ so->so_state |= SS_ISCONNECTED; -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->inp_sp); - if (error != 0) { - in_pcbdetach(inp); - return error; - } -#endif /*IPSEC*/ return 0; } Index: sys/netinet/raw_ip.c diff -u sys/netinet/raw_ip.c.orig sys/netinet/raw_ip.c --- sys/netinet/raw_ip.c.orig Fri Jul 27 03:31:49 2001 +++ sys/netinet/raw_ip.c Fri Jul 27 03:32:14 2001 @@ -486,13 +486,6 @@ inp->inp_vflag |= INP_IPV4; inp->inp_ip_p = proto; inp->inp_ip_ttl = ip_defttl; -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->inp_sp); - if (error != 0) { - in_pcbdetach(inp); - return error; - } -#endif /*IPSEC*/ return 0; } Index: sys/netinet/tcp_usrreq.c diff -u sys/netinet/tcp_usrreq.c.orig sys/netinet/tcp_usrreq.c --- sys/netinet/tcp_usrreq.c.orig Fri Jul 27 03:31:50 2001 +++ sys/netinet/tcp_usrreq.c Fri Jul 27 03:32:14 2001 @@ -1015,18 +1015,6 @@ if (error) return (error); inp = sotoinpcb(so); -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->inp_sp); - if (error) { -#ifdef INET6 - if (isipv6) - in6_pcbdetach(inp); - else -#endif - in_pcbdetach(inp); - return (error); - } -#endif /*IPSEC*/ #ifdef INET6 if (isipv6) { inp->inp_vflag |= INP_IPV6; Index: sys/netinet/udp_usrreq.c diff -u sys/netinet/udp_usrreq.c.orig sys/netinet/udp_usrreq.c --- sys/netinet/udp_usrreq.c.orig Tue Jul 3 20:01:47 2001 +++ sys/netinet/udp_usrreq.c Fri Jul 27 03:32:14 2001 @@ -810,13 +810,6 @@ inp = (struct inpcb *)so->so_pcb; inp->inp_vflag |= INP_IPV4; inp->inp_ip_ttl = ip_defttl; -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->inp_sp); - if (error != 0) { - in_pcbdetach(inp); - return error; - } -#endif /*IPSEC*/ return 0; } Index: sys/netinet6/raw_ip6.c diff -u sys/netinet6/raw_ip6.c.orig sys/netinet6/raw_ip6.c --- sys/netinet6/raw_ip6.c.orig Tue Jul 3 20:01:55 2001 +++ sys/netinet6/raw_ip6.c Fri Jul 27 03:32:14 2001 @@ -567,13 +567,6 @@ inp->in6p_ip6_nxt = (long)proto; inp->in6p_hops = -1; /* use kernel default */ inp->in6p_cksum = -1; -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->in6p_sp); - if (error != 0) { - in6_pcbdetach(inp); - return (error); - } -#endif /*IPSEC*/ MALLOC(inp->in6p_icmp6filt, struct icmp6_filter *, sizeof(struct icmp6_filter), M_PCB, M_NOWAIT); ICMP6_FILTER_SETPASSALL(inp->in6p_icmp6filt); Index: sys/netinet6/udp6_usrreq.c diff -u sys/netinet6/udp6_usrreq.c.orig sys/netinet6/udp6_usrreq.c --- sys/netinet6/udp6_usrreq.c.orig Tue Jul 3 20:01:55 2001 +++ sys/netinet6/udp6_usrreq.c Fri Jul 27 03:32:14 2001 @@ -549,13 +549,6 @@ * which may match an IPv4-mapped IPv6 address. */ inp->inp_ip_ttl = ip_defttl; -#ifdef IPSEC - error = ipsec_init_policy(so, &inp->in6p_sp); - if (error != 0) { - in6_pcbdetach(inp); - return (error); - } -#endif /*IPSEC*/ return 0; } -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message