From owner-freebsd-current@FreeBSD.ORG  Sat Jun  5 19:53:22 2004
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1826716A4CE
	for <current@freebsd.org>; Sat,  5 Jun 2004 19:53:22 -0700 (PDT)
Received: from beagle2.mehnert.org (beagle2.mehnert.org [212.42.235.57])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 23CBD43D1D
	for <current@freebsd.org>; Sat,  5 Jun 2004 19:53:21 -0700 (PDT)
	(envelope-from hannes@mehnert.org)
Received: from localhost (port-195-158-171-122.dynamic.qsc.de
	[195.158.171.122])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "Hannes Mehnert", Issuer "mehnert root CA" (verified OK))
	by beagle2.mehnert.org (Postfix) with ESMTP id 9C68E95821
	for <current@freebsd.org>; Sun,  6 Jun 2004 04:53:10 +0200 (CEST)
Date: Sun, 6 Jun 2004 04:53:01 +0200
From: Hannes Mehnert <hannes@mehnert.org>
To: current@freebsd.org
Message-ID: <20040606025301.GB41345@mehnert.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Subject: IPSec broken in -current
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jun 2004 02:53:22 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have a FreeBSD-CURRENT from Fri Jun  4 17:24:01 CEST 2004 where IPSec
is broken:

I tried IPSEC & IPSEC_ESP (kame stack) as well as FAST_IPSEC and always
get the following error during phase2 (output from racoon):
DEBUG: oakley.c:436:oakley_compute_keymat(): KEYMAT computed.
DEBUG: isakmp_quick.c:649:quick_i2send(): call pk_sendupdate
DEBUG: algorithm.c:513:alg_ipsec_encdef(): encription(rijndael)
DEBUG: algorithm.c:556:alg_ipsec_hmacdef(): hmac(hmac_sha1)
DEBUG: pfkey.c:1061:pk_sendupdate(): call pfkey_send_update
ERROR: pfkey.c:1076:pk_sendupdate(): libipsec failed send update
       (No buffer space available)
ERROR: isakmp_quick.c:651:quick_i2send(): pfkey update failed.
ERROR: isakmp.c:750:quick_main(): failed to process packet.

anyone has seen this?

kernel + world from 20040310 work fine with same config and racoon.

I recompiled racoon-20040408a with the new world.

Full racoon log, dmesg, kernel config,... is available on request.

Regards,

Hannes Mehnert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAwocJRcuNlziBjRwRAjOpAJ9UruylB9zbd1oDEtQtLB6ALLAaswCgi+ga
mMFhEh6yZuBnxB409sT9XOg=
=VuYB
-----END PGP SIGNATURE-----