From owner-freebsd-current@FreeBSD.ORG Sat Sep 25 23:55:10 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C84F516A4CE; Sat, 25 Sep 2004 23:55:10 +0000 (GMT) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id F319F43D48; Sat, 25 Sep 2004 23:55:09 +0000 (GMT) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id C6D021FF9A6; Sun, 26 Sep 2004 01:55:07 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id 932541FF931; Sun, 26 Sep 2004 01:55:05 +0200 (CEST) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 46E0115682; Sat, 25 Sep 2004 23:50:12 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 3BDE4154FC; Sat, 25 Sep 2004 23:50:13 +0000 (UTC) Date: Sat, 25 Sep 2004 23:50:13 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: Sam Leffler In-Reply-To: <200409251502.34281.sam@errno.com> Message-ID: References: <200409251502.34281.sam@errno.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: freebsd-current@freebsd.org cc: Robert Watson Subject: Re: 5.3 IPSEC broken X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Sep 2004 23:55:10 -0000 On Sat, 25 Sep 2004, Sam Leffler wrote: > > > That's a 216 byte packet, fwiw. I instrumented key.c and ran into the > > > following ENOBUFS case on key.c:6957: > > > > > > /* align the mbuf chain so that extensions are in contiguous > > > region. */ error = key_align(m, &mh); > > > if (error) > > > return error; > > > > > > if (m->m_next) { /*XXX*/ > > > m_freem(m); > > > return ENOBUFS; > > > } > > > > > > I.e., the author knew it was a bug (feature) that an additional mbuf > > > couldn't be handled here, but we do need to handle one. Looks like much > > > of the surrounding code could be replaced with a call to m_defrag() > > > and/or m_pullup(). > > > > Just to mention that i too experience this problem, > > but with FAST_IPSEC so this probably means that if any fix will be made for > > netkey/key.c then netipsec/key.c will need it too.(as far as i can tell) > > Please correct me if i'm wrong. > > Correct. I gave Robert a fix that was sent to me for fast ipsec. I was going > to commit it this weekend after some testing. could you perhaps post it or place it somewhere for download ? -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT