From owner-freebsd-current@FreeBSD.ORG Sun Sep 26 02:33:56 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 60C9E16A4CE; Sun, 26 Sep 2004 02:33:56 +0000 (GMT) Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1628F43D41; Sun, 26 Sep 2004 02:33:56 +0000 (GMT) (envelope-from sam@errno.com) Received: from [66.127.85.91] ([66.127.85.91]) (authenticated bits=0) by ebb.errno.com (8.12.9/8.12.6) with ESMTP id i8Q2XtWi006201 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Sat, 25 Sep 2004 19:33:55 -0700 (PDT) (envelope-from sam@errno.com) From: Sam Leffler Organization: Errno Consulting To: freebsd-current@freebsd.org Date: Sat, 25 Sep 2004 19:38:27 -0700 User-Agent: KMail/1.7 References: <200409251502.34281.sam@errno.com> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200409251938.28089.sam@errno.com> cc: "Bjoern A. Zeeb" cc: Robert Watson Subject: Re: 5.3 IPSEC broken X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Sep 2004 02:33:56 -0000 On Saturday 25 September 2004 04:50 pm, Bjoern A. Zeeb wrote: > On Sat, 25 Sep 2004, Sam Leffler wrote: > > > > That's a 216 byte packet, fwiw. I instrumented key.c and ran into > > > > the following ENOBUFS case on key.c:6957: > > > > > > > > /* align the mbuf chain so that extensions are in contiguous > > > > region. */ error = key_align(m, &mh); > > > > if (error) > > > > return error; > > > > > > > > if (m->m_next) { /*XXX*/ > > > > m_freem(m); > > > > return ENOBUFS; > > > > } > > > > > > > > I.e., the author knew it was a bug (feature) that an additional mbuf > > > > couldn't be handled here, but we do need to handle one. Looks like > > > > much of the surrounding code could be replaced with a call to > > > > m_defrag() and/or m_pullup(). > > > > > > Just to mention that i too experience this problem, > > > but with FAST_IPSEC so this probably means that if any fix will be made > > > for netkey/key.c then netipsec/key.c will need it too.(as far as i can > > > tell) Please correct me if i'm wrong. > > > > Correct. I gave Robert a fix that was sent to me for fast ipsec. I was > > going to commit it this weekend after some testing. > > could you perhaps post it or place it somewhere for download ? sam 2004-09-26 02:01:27 UTC FreeBSD src repository Modified files: sys/netipsec key.c Log: Correct handling of SADB_UPDATE and SADB_ADD requests. key_align may split the mbuf due to use of m_pulldown. Discarding the result because of this does not make sense as no subsequent code depends on the entire msg being linearized (only the individual pieces). It's likely something else is wrong here but for now this appears to get things back to a working state. Submitted by: Roselyn Lee Revision Changes Path 1.17 +0 -5 src/sys/netipsec/key.c http://cvsweb.FreeBSD.org/src/sys/netipsec/key.c.diff?r1=1.16&r2=1.17