Date: Sat, 25 Sep 2004 13:39:08 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Hannes Mehnert <hannes@mehnert.org> Cc: freebsd-current@freebsd.org Subject: Re: 5.3 IPSEC broken Message-ID: <Pine.NEB.3.96L.1040925133727.79682B-100000@fledge.watson.org> In-Reply-To: <20040925145534.GD5307@mehnert.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 25 Sep 2004, Hannes Mehnert wrote: > On Fri, Sep 24, 2004 at 10:58:33PM -0400, Robert Watson wrote: > > I'd like to take a look at this sometime in the next few days. Could you > > send me an appropriately censored version of your racoon configuration for > > each endpoint that I can use as a starting point? > > Sure, my config files are available at https://berlin.ccc.de/~hannes/racoon/ > > I use a /30 subnet for IPSec, 192.168.2.40/30. So an interesting first observation for anyone else following this is that under mbuma, the number of bytes available in an mbuf has changed by four due (presumably) to the use of extra space by mbuma: 4.x: MSIZE: 256 MLEN: 236 MHLEN: 212 MINCLSIZE: 213 sizeof(struct m_hdr): 20 sizeof(struct pkthdr): 24 5.x: MSIZE: 256 MLEN: 232 MHLEN: 208 MINCLSIZE: 209 sizeof(struct m_hdr): 24 sizeof(struct pkthdr): 24 So presumably something in pfkey was carefully (or accidentally) designed to assume that some object/content would fit in MLEN or MHLEN that no longer does. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1040925133727.79682B-100000>