Date: Mon, 26 Feb 2018 12:48:08 +0300 From: "dejamuse" <dejamuse@bonalumi.it> To: "freebsd net" <freebsd-net@freebsd.org> Message-ID: <2317178krge1$hbz0u7xd$c4m0hqaf$@bonalumi.it>
next in thread | raw e-mail | index | archive | help
hi Freebsd https://goo.gl/kWA3ua dejamuse From owner-freebsd-net@freebsd.org Mon Feb 26 12:41:32 2018 Return-Path: <owner-freebsd-net@freebsd.org> Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6DB92F1ECD5 for <freebsd-net@mailman.ysv.freebsd.org>; Mon, 26 Feb 2018 12:41:32 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net [IPv6:2a02:6b8:0:1a2d::608]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D7B0973435 for <freebsd-net@freebsd.org>; Mon, 26 Feb 2018 12:41:31 +0000 (UTC) (envelope-from bu7cher@yandex.ru) Received: from mxback8g.mail.yandex.net (mxback8g.mail.yandex.net [IPv6:2a02:6b8:0:1472:2741:0:8b7:169]) by forward105o.mail.yandex.net (Yandex) with ESMTP id BF7994445132; Mon, 26 Feb 2018 15:41:21 +0300 (MSK) Received: from smtp1o.mail.yandex.net (smtp1o.mail.yandex.net [2a02:6b8:0:1a2d::25]) by mxback8g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id Dj4Tb0Hhhi-fKm8Ppr7; Mon, 26 Feb 2018 15:41:21 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519648881; bh=Zcor+LBBUGXzy1NMTVL9P4UROVCwGsb8pDIUdRykZxs=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=niwbFzLvDMbEcRHC5HGLE3Wkq+whWP70QaZ0erzQFe/zrfdsxOcs1tm89cfCP9Wt5 pM+VkqVyvT457UdAzMGU9qByTGo7ieBV9YQDJfGx4rPkfv5Z030YqDd0EOCfxDHxuR tZOIb6y20l26cge0/MmvgI7pmwhRoj7y/QY/1VIs= Received: by smtp1o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id sGsMgNEkri-fJTS3bj4; Mon, 26 Feb 2018 15:41:20 +0300 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client certificate not present) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1519648880; bh=Zcor+LBBUGXzy1NMTVL9P4UROVCwGsb8pDIUdRykZxs=; h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To; b=XFfPIb39ueTvF6sm3zil/fhnN5Mi/4O3e6FyYKUSCjQNaiEiLjJw+16kCgS/ElhQY AQPGTbvAJb1avuJOQM/vM7gCJczqakmaOJgBAlJli+v1fznxZTDcuJTdp8ly3m+zzt 8hvA7zirakoopSUVo0wRdkFxNZtXeRZDWxMfnHFs= Authentication-Results: smtp1o.mail.yandex.net; dkim=pass header.i=@yandex.ru Subject: Re: Racoon and setkey problems To: Misak Khachatryan <kmisak@gmail.com> Cc: freebsd-net@freebsd.org, Eugene Grosbein <eugen@grosbein.net> References: <CABfKv0mYX2ouQ1k6M2Bd90yp=eQXP6HcHL7+dE2AZQ9afQ+c2g@mail.gmail.com> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <CABfKv0kvTLJjv7F6y7DTXxE-oXspOHTJti+j0Ftqv5xVpqQQRQ@mail.gmail.com> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <CABfKv0mavVUqFsecAAa6-6RjzfBQ9qoGp7sUw8EEyXEkVQ5Onw@mail.gmail.com> <5A8E7642.2020509@grosbein.net> <CABfKv0=wV0_W2eWRkgcWKwwUxiNigR7NKXCdRyCSwVXhGrQKZw@mail.gmail.com> <ddf4d736-d071-4ddb-2237-001cdac8992f@yandex.ru> <CABfKv0kX70wV3isxxADq3xoNN5P-Y2_tN3iuyXvYzH0dntgo1A@mail.gmail.com> <CABfKv0ms1Aw_g4DHWGskxMmi7tHczeEQBMBch6MphG7NcSa3Cg@mail.gmail.com> <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru> <CABfKv0=n9TnezVZSbTLyYV+ndk4mPJrgo+HvsFno=wMazrf7fg@mail.gmail.com> <9db09caa-010f-facb-778b-4a1a82cbb0b7@yandex.ru> <CABfKv0kbqYCPXk+2xxX2tOx+haB3NQTur6Lrrm3rTOANz5W=WQ@mail.gmail.com> <300530ba-f2b2-f31c-881e-4841c9c8ec12@yandex.ru> <CABfKv0ki8CKbOd3n3RmBB2AwxO4H_wxo8RNF-LazMb9b5hKu-w@mail.gmail.com> From: "Andrey V. Elsukov" <bu7cher@yandex.ru> Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A Message-ID: <36df24bc-8370-1786-9a11-7c77e968813f@yandex.ru> Date: Mon, 26 Feb 2018 15:39:53 +0300 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <CABfKv0ki8CKbOd3n3RmBB2AwxO4H_wxo8RNF-LazMb9b5hKu-w@mail.gmail.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="ReTmGbUuqU0dgIEVfGGJN9i0J6Q2on3vx" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/> List-Post: <mailto:freebsd-net@freebsd.org> List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>, <mailto:freebsd-net-request@freebsd.org?subject=subscribe> X-List-Received-Date: Mon, 26 Feb 2018 12:41:32 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --ReTmGbUuqU0dgIEVfGGJN9i0J6Q2on3vx Content-Type: multipart/mixed; boundary="Fj3gibvcEbn6j2Reci5NjXZIt3V4rEsWd"; protected-headers="v1" From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Misak Khachatryan <kmisak@gmail.com> Cc: freebsd-net@freebsd.org, Eugene Grosbein <eugen@grosbein.net> Message-ID: <36df24bc-8370-1786-9a11-7c77e968813f@yandex.ru> Subject: Re: Racoon and setkey problems References: <CABfKv0mYX2ouQ1k6M2Bd90yp=eQXP6HcHL7+dE2AZQ9afQ+c2g@mail.gmail.com> <5A8A97EC.4040103@grosbein.net> <CABfKv0ntGt6TCP7v9xa=MSSZqHwYbZtYtVd6s0gZ-Mbdu2qk5A@mail.gmail.com> <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru> <CABfKv0kvTLJjv7F6y7DTXxE-oXspOHTJti+j0Ftqv5xVpqQQRQ@mail.gmail.com> <5A8BB836.2010501@grosbein.net> <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru> <CABfKv0mavVUqFsecAAa6-6RjzfBQ9qoGp7sUw8EEyXEkVQ5Onw@mail.gmail.com> <5A8E7642.2020509@grosbein.net> <CABfKv0=wV0_W2eWRkgcWKwwUxiNigR7NKXCdRyCSwVXhGrQKZw@mail.gmail.com> <ddf4d736-d071-4ddb-2237-001cdac8992f@yandex.ru> <CABfKv0kX70wV3isxxADq3xoNN5P-Y2_tN3iuyXvYzH0dntgo1A@mail.gmail.com> <CABfKv0ms1Aw_g4DHWGskxMmi7tHczeEQBMBch6MphG7NcSa3Cg@mail.gmail.com> <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru> <CABfKv0=n9TnezVZSbTLyYV+ndk4mPJrgo+HvsFno=wMazrf7fg@mail.gmail.com> <9db09caa-010f-facb-778b-4a1a82cbb0b7@yandex.ru> <CABfKv0kbqYCPXk+2xxX2tOx+haB3NQTur6Lrrm3rTOANz5W=WQ@mail.gmail.com> <300530ba-f2b2-f31c-881e-4841c9c8ec12@yandex.ru> <CABfKv0ki8CKbOd3n3RmBB2AwxO4H_wxo8RNF-LazMb9b5hKu-w@mail.gmail.com> In-Reply-To: <CABfKv0ki8CKbOd3n3RmBB2AwxO4H_wxo8RNF-LazMb9b5hKu-w@mail.gmail.com> --Fj3gibvcEbn6j2Reci5NjXZIt3V4rEsWd Content-Type: multipart/mixed; boundary="------------940284574C4B6C67465F4C5A" Content-Language: en-US This is a multi-part message in MIME format. --------------940284574C4B6C67465F4C5A Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 22.02.2018 22:12, Misak Khachatryan wrote: >>> kernel`key_sendup0+0xee >>> kernel`key_sendup_mbuf+0x1e6 >>> kernel`key_parse+0x87f >>> >> >> Then probably this output will be changed. I think the problem is that there are several PF_KEY sockets present, but some socket has overfilled its buffers. key_sendup_mbuf() function tries to send data to all sockets and fails on this mentioned socket. If you can, please, try the attached patch. It changes the behavior to always try to send data to all sockets and ignore some possible errors on intermediate sockets. I think with this patch you will be able to clear SAs with `setkey -F` command. You need to rebuild and reinstall the kernel. The patch is for stable/10.= --=20 WBR, Andrey V. Elsukov --------------940284574C4B6C67465F4C5A Content-Type: text/x-patch; name="keysock.diff" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="keysock.diff" Index: stable/10/sys/netipsec/keysock.c =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- stable/10/sys/netipsec/keysock.c (revision 329557) +++ stable/10/sys/netipsec/keysock.c (working copy) @@ -333,16 +333,14 @@ key_sendup_mbuf(struct socket *so, struct mbuf *m, continue; =20 if ((n =3D m_copy(m, 0, (int)M_COPYALL)) =3D=3D NULL) { - m_freem(m); PFKEYSTAT_INC(in_nomem); - mtx_unlock(&rawcb_mtx); - return ENOBUFS; + /* Try with next socket */ + continue; } =20 if ((error =3D key_sendup0(rp, n, 0)) !=3D 0) { - m_freem(m); - mtx_unlock(&rawcb_mtx); - return error; + /* Try with next socket */ + continue; } =20 n =3D NULL; --------------940284574C4B6C67465F4C5A-- --Fj3gibvcEbn6j2Reci5NjXZIt3V4rEsWd-- --ReTmGbUuqU0dgIEVfGGJN9i0J6Q2on3vx Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlqUABkACgkQAcXqBBDI oXqUMwf8DGlP2x48etpZjaMRmicXItD9Ac7Zs0MYbeF7/yvKdGE3yJO4qGmpHSku xeThGwlUN2128SQck8ukeP5KaF+PSDEii0QZOV9mDP7o0Fiub9ELoOp7ttvzXELt 7/1ZW4xg6YUepgbYmKAKRA2wPDohrzJRAdr8hKmItusYbQEPcaAMkQM+s27ZFqF2 Em4c5VCMW8+vi1NwVGrrmvX9IAjZc2u1c7IHdMP7CGrQDu22ElzuRvAqMJBR3Se+ wa59xV9laRYwvzl/qW4SvOnQd3LWEEPNbIGp5/LV3JCq8HsahaQqBjMAAxE+zOVj n7punNQ7pw2MfagMlQQc5C+P37CvXQ== =c3E4 -----END PGP SIGNATURE----- --ReTmGbUuqU0dgIEVfGGJN9i0J6Q2on3vx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2317178krge1$hbz0u7xd$c4m0hqaf$>