Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 26 Feb 2018 12:48:08 +0300
From:      "dejamuse" <dejamuse@bonalumi.it>
To:        "freebsd net" <freebsd-net@freebsd.org>
Message-ID:  <2317178krge1$hbz0u7xd$c4m0hqaf$@bonalumi.it>
next in thread | raw e-mail | index | archive | help 
hi Freebsd https://goo.gl/kWA3ua   dejamuse
From owner-freebsd-net@freebsd.org  Mon Feb 26 12:41:32 2018
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6DB92F1ECD5
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Mon, 26 Feb 2018 12:41:32 +0000 (UTC)
 (envelope-from bu7cher@yandex.ru)
Received: from forward105o.mail.yandex.net (forward105o.mail.yandex.net
 [IPv6:2a02:6b8:0:1a2d::608])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "forwards.mail.yandex.net", Issuer "Yandex CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id D7B0973435
 for <freebsd-net@freebsd.org>; Mon, 26 Feb 2018 12:41:31 +0000 (UTC)
 (envelope-from bu7cher@yandex.ru)
Received: from mxback8g.mail.yandex.net (mxback8g.mail.yandex.net
 [IPv6:2a02:6b8:0:1472:2741:0:8b7:169])
 by forward105o.mail.yandex.net (Yandex) with ESMTP id BF7994445132;
 Mon, 26 Feb 2018 15:41:21 +0300 (MSK)
Received: from smtp1o.mail.yandex.net (smtp1o.mail.yandex.net
 [2a02:6b8:0:1a2d::25])
 by mxback8g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id Dj4Tb0Hhhi-fKm8Ppr7; 
 Mon, 26 Feb 2018 15:41:21 +0300
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
 t=1519648881; bh=Zcor+LBBUGXzy1NMTVL9P4UROVCwGsb8pDIUdRykZxs=;
 h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To;
 b=niwbFzLvDMbEcRHC5HGLE3Wkq+whWP70QaZ0erzQFe/zrfdsxOcs1tm89cfCP9Wt5
 pM+VkqVyvT457UdAzMGU9qByTGo7ieBV9YQDJfGx4rPkfv5Z030YqDd0EOCfxDHxuR
 tZOIb6y20l26cge0/MmvgI7pmwhRoj7y/QY/1VIs=
Received: by smtp1o.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id
 sGsMgNEkri-fJTS3bj4; Mon, 26 Feb 2018 15:41:20 +0300
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client certificate not present)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
 t=1519648880; bh=Zcor+LBBUGXzy1NMTVL9P4UROVCwGsb8pDIUdRykZxs=;
 h=Subject:To:Cc:References:From:Message-ID:Date:In-Reply-To;
 b=XFfPIb39ueTvF6sm3zil/fhnN5Mi/4O3e6FyYKUSCjQNaiEiLjJw+16kCgS/ElhQY
 AQPGTbvAJb1avuJOQM/vM7gCJczqakmaOJgBAlJli+v1fznxZTDcuJTdp8ly3m+zzt
 8hvA7zirakoopSUVo0wRdkFxNZtXeRZDWxMfnHFs=
Authentication-Results: smtp1o.mail.yandex.net; dkim=pass header.i=@yandex.ru
Subject: Re: Racoon and setkey problems
To: Misak Khachatryan <kmisak@gmail.com>
Cc: freebsd-net@freebsd.org, Eugene Grosbein <eugen@grosbein.net>
References: <CABfKv0mYX2ouQ1k6M2Bd90yp=eQXP6HcHL7+dE2AZQ9afQ+c2g@mail.gmail.com>
 <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru>
 <CABfKv0kvTLJjv7F6y7DTXxE-oXspOHTJti+j0Ftqv5xVpqQQRQ@mail.gmail.com>
 <5A8BB836.2010501@grosbein.net>
 <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru>
 <CABfKv0mavVUqFsecAAa6-6RjzfBQ9qoGp7sUw8EEyXEkVQ5Onw@mail.gmail.com>
 <5A8E7642.2020509@grosbein.net>
 <CABfKv0=wV0_W2eWRkgcWKwwUxiNigR7NKXCdRyCSwVXhGrQKZw@mail.gmail.com>
 <ddf4d736-d071-4ddb-2237-001cdac8992f@yandex.ru>
 <CABfKv0kX70wV3isxxADq3xoNN5P-Y2_tN3iuyXvYzH0dntgo1A@mail.gmail.com>
 <CABfKv0ms1Aw_g4DHWGskxMmi7tHczeEQBMBch6MphG7NcSa3Cg@mail.gmail.com>
 <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru>
 <CABfKv0=n9TnezVZSbTLyYV+ndk4mPJrgo+HvsFno=wMazrf7fg@mail.gmail.com>
 <9db09caa-010f-facb-778b-4a1a82cbb0b7@yandex.ru>
 <CABfKv0kbqYCPXk+2xxX2tOx+haB3NQTur6Lrrm3rTOANz5W=WQ@mail.gmail.com>
 <300530ba-f2b2-f31c-881e-4841c9c8ec12@yandex.ru>
 <CABfKv0ki8CKbOd3n3RmBB2AwxO4H_wxo8RNF-LazMb9b5hKu-w@mail.gmail.com>
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
Openpgp: id=E6591E1B41DA1516F0C9BC0001C5EA0410C8A17A
Message-ID: <36df24bc-8370-1786-9a11-7c77e968813f@yandex.ru>
Date: Mon, 26 Feb 2018 15:39:53 +0300
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CABfKv0ki8CKbOd3n3RmBB2AwxO4H_wxo8RNF-LazMb9b5hKu-w@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="ReTmGbUuqU0dgIEVfGGJN9i0J6Q2on3vx"
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>;
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Feb 2018 12:41:32 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ReTmGbUuqU0dgIEVfGGJN9i0J6Q2on3vx
Content-Type: multipart/mixed; boundary="Fj3gibvcEbn6j2Reci5NjXZIt3V4rEsWd";
 protected-headers="v1"
From: "Andrey V. Elsukov" <bu7cher@yandex.ru>
To: Misak Khachatryan <kmisak@gmail.com>
Cc: freebsd-net@freebsd.org, Eugene Grosbein <eugen@grosbein.net>
Message-ID: <36df24bc-8370-1786-9a11-7c77e968813f@yandex.ru>
Subject: Re: Racoon and setkey problems
References: <CABfKv0mYX2ouQ1k6M2Bd90yp=eQXP6HcHL7+dE2AZQ9afQ+c2g@mail.gmail.com>
 <5A8A97EC.4040103@grosbein.net>
 <CABfKv0ntGt6TCP7v9xa=MSSZqHwYbZtYtVd6s0gZ-Mbdu2qk5A@mail.gmail.com>
 <16e6d695-6961-bc17-6ff0-e2affcd5df3b@yandex.ru>
 <CABfKv0kvTLJjv7F6y7DTXxE-oXspOHTJti+j0Ftqv5xVpqQQRQ@mail.gmail.com>
 <5A8BB836.2010501@grosbein.net>
 <5e13deb9-0d83-5f43-195c-f6797ed36a7b@yandex.ru>
 <CABfKv0mavVUqFsecAAa6-6RjzfBQ9qoGp7sUw8EEyXEkVQ5Onw@mail.gmail.com>
 <5A8E7642.2020509@grosbein.net>
 <CABfKv0=wV0_W2eWRkgcWKwwUxiNigR7NKXCdRyCSwVXhGrQKZw@mail.gmail.com>
 <ddf4d736-d071-4ddb-2237-001cdac8992f@yandex.ru>
 <CABfKv0kX70wV3isxxADq3xoNN5P-Y2_tN3iuyXvYzH0dntgo1A@mail.gmail.com>
 <CABfKv0ms1Aw_g4DHWGskxMmi7tHczeEQBMBch6MphG7NcSa3Cg@mail.gmail.com>
 <182ad344-6d2d-418f-02c6-1ba11dd3c2cd@yandex.ru>
 <CABfKv0=n9TnezVZSbTLyYV+ndk4mPJrgo+HvsFno=wMazrf7fg@mail.gmail.com>
 <9db09caa-010f-facb-778b-4a1a82cbb0b7@yandex.ru>
 <CABfKv0kbqYCPXk+2xxX2tOx+haB3NQTur6Lrrm3rTOANz5W=WQ@mail.gmail.com>
 <300530ba-f2b2-f31c-881e-4841c9c8ec12@yandex.ru>
 <CABfKv0ki8CKbOd3n3RmBB2AwxO4H_wxo8RNF-LazMb9b5hKu-w@mail.gmail.com>
In-Reply-To: <CABfKv0ki8CKbOd3n3RmBB2AwxO4H_wxo8RNF-LazMb9b5hKu-w@mail.gmail.com>

--Fj3gibvcEbn6j2Reci5NjXZIt3V4rEsWd
Content-Type: multipart/mixed;
 boundary="------------940284574C4B6C67465F4C5A"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------940284574C4B6C67465F4C5A
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 22.02.2018 22:12, Misak Khachatryan wrote:
>>>              kernel`key_sendup0+0xee
>>>              kernel`key_sendup_mbuf+0x1e6
>>>              kernel`key_parse+0x87f
>>>
>>
>> Then probably this output will be changed.

I think the problem is that there are several PF_KEY sockets present,
but some socket has overfilled its buffers. key_sendup_mbuf() function
tries to send data to all sockets and fails on this mentioned socket.

If you can, please, try the attached patch. It changes the behavior to
always try to send data to all sockets and ignore some possible errors
on intermediate sockets. I think with this patch you will be able to
clear SAs with `setkey -F` command.

You need to rebuild and reinstall the kernel. The patch is for stable/10.=


--=20
WBR, Andrey V. Elsukov

--------------940284574C4B6C67465F4C5A
Content-Type: text/x-patch;
 name="keysock.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
 filename="keysock.diff"

Index: stable/10/sys/netipsec/keysock.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- stable/10/sys/netipsec/keysock.c	(revision 329557)
+++ stable/10/sys/netipsec/keysock.c	(working copy)
@@ -333,16 +333,14 @@ key_sendup_mbuf(struct socket *so, struct mbuf *m,
 			continue;
=20
 		if ((n =3D m_copy(m, 0, (int)M_COPYALL)) =3D=3D NULL) {
-			m_freem(m);
 			PFKEYSTAT_INC(in_nomem);
-			mtx_unlock(&rawcb_mtx);
-			return ENOBUFS;
+			/* Try with next socket */
+			continue;
 		}
=20
 		if ((error =3D key_sendup0(rp, n, 0)) !=3D 0) {
-			m_freem(m);
-			mtx_unlock(&rawcb_mtx);
-			return error;
+			/* Try with next socket */
+			continue;
 		}
=20
 		n =3D NULL;

--------------940284574C4B6C67465F4C5A--

--Fj3gibvcEbn6j2Reci5NjXZIt3V4rEsWd--

--ReTmGbUuqU0dgIEVfGGJN9i0J6Q2on3vx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEzBAEBCAAdFiEE5lkeG0HaFRbwybwAAcXqBBDIoXoFAlqUABkACgkQAcXqBBDI
oXqUMwf8DGlP2x48etpZjaMRmicXItD9Ac7Zs0MYbeF7/yvKdGE3yJO4qGmpHSku
xeThGwlUN2128SQck8ukeP5KaF+PSDEii0QZOV9mDP7o0Fiub9ELoOp7ttvzXELt
7/1ZW4xg6YUepgbYmKAKRA2wPDohrzJRAdr8hKmItusYbQEPcaAMkQM+s27ZFqF2
Em4c5VCMW8+vi1NwVGrrmvX9IAjZc2u1c7IHdMP7CGrQDu22ElzuRvAqMJBR3Se+
wa59xV9laRYwvzl/qW4SvOnQd3LWEEPNbIGp5/LV3JCq8HsahaQqBjMAAxE+zOVj
n7punNQ7pw2MfagMlQQc5C+P37CvXQ==
=c3E4
-----END PGP SIGNATURE-----

--ReTmGbUuqU0dgIEVfGGJN9i0J6Q2on3vx--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2317178krge1$hbz0u7xd$c4m0hqaf$>