Date: Wed, 5 Mar 2008 00:36:26 GMT From: Cyrus Rahman <crahman@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/121374: SP refcnt increases with each packet in ipv6 with new IPSEC Message-ID: <200803050036.m250aQqk061813@www.freebsd.org> Resent-Message-ID: <200803050040.m250e09C008319@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 121374 >Category: kern >Synopsis: SP refcnt increases with each packet in ipv6 with new IPSEC >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Mar 05 00:40:00 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Cyrus Rahman >Release: 7.0-RELEASE >Organization: >Environment: FreeBSD snowfall.signetica.com 7.0-RELEASE FreeBSD 7.0-RELEASE #6: Tue Mar 4 16:27:33 MST 2008 cr@snowfall.signetica.com:/usr/src/sys/i386/compile/SIGNETICA i386 >Description: Ok, this is actually probably more serious than I say, because when refcnt overflows KASSERT will cause some trouble. But obviously no one is actually using ipv6 with IPSEC yet. Anyway, if one creates an ipv6 association between two hosts with the new IPSEC, each packet will increment the refcnt: root# setkey -PD hostA[any] hostB[any] any out ipsec esp/transport//use spid=3 seq=0 pid=1554 refcnt=65 root# ping6 hostB .. some packets go by root# setkey -PD hostA[any] hostB[any] any out ipsec esp/transport//use spid=3 seq=0 pid=1635 refcnt=77 This problem does not occur with ipv4. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803050036.m250aQqk061813>