From owner-freebsd-net@FreeBSD.ORG Wed Jan 3 04:28:05 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 58DDC16A415 for ; Wed, 3 Jan 2007 04:28:05 +0000 (UTC) (envelope-from ashoke@rocketmail.com) Received: from web51904.mail.yahoo.com (web51904.mail.yahoo.com [206.190.48.67]) by mx1.freebsd.org (Postfix) with SMTP id C1B1513C448 for ; Wed, 3 Jan 2007 04:28:04 +0000 (UTC) (envelope-from ashoke@rocketmail.com) Received: (qmail 49157 invoked by uid 60001); 3 Jan 2007 04:28:01 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=rocketmail.com; h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=afuNdFOKxCfTnwmuW09J3A984JA+xAE0NXMitaOldzgA7YtVhFFHiZlgt22TnDkyMRQ6gO3GVvTDrhHFMPdYKqAok5d730d+PAhDXOWOR7ZQ2DkMtooIb7KU0pEY4EoAGtusYpN/lut+M08j63935ou6SO4so0+n94vDMhrWiIY=; X-YMail-OSG: fPUUTx8VM1lfzXRf1.Tqn4EDm8JWAXOFa07yYvkEJFAJuborRqdV7UlGgrqZ7jlcGit4FTK0htZ6UmauxfIBu5CYYvYo.5uEbD4TNeezsjamECAeE8g0Wg-- Received: from [164.164.171.194] by web51904.mail.yahoo.com via HTTP; Tue, 02 Jan 2007 20:28:01 PST Date: Tue, 2 Jan 2007 20:28:01 -0800 (PST) From: ashoke saha To: VANHULLEBUS Yvan , freebsd-net@freebsd.org In-Reply-To: <20070102141351.GA1604@jayce.zen.inc> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <369726.48848.qm@web51904.mail.yahoo.com> Cc: Subject: Re: NAT Taversal bug in kernel patch ? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jan 2007 04:28:05 -0000 not new. 6/7 months old. Also, quite sometime back 1 yr .... looked like there are issues in PFKEY interface in scalibility . if you create more than 300 ipsecpolicy and ipsec SA's PFKEY used to fail as kernel was using one mbuf cluster (2K or 4k dont remmember) for each policy or SA. That way it was running out of mbuf cluster limit for process. maybe that is also fixed. ashoke. --- VANHULLEBUS Yvan wrote: > On Tue, Jan 02, 2007 at 02:59:59AM -0800, ashoke > saha wrote: > > Hi , > > Hi. > > > > just joined the mailibng list. I was implementing > > > NAT traversal based on the patch and my kernel was > > panicking because of wrong ipsec config, which it > > should not whatever be the config. > > > > Looks like there is a small issue in the code > > > http://ipsec-tools.sourceforge.net/freebsd6-natt.diff > > > which might already be fixed. > > > > Look at the call of the function > > udp4_espinudp () in udp append. Now under certain > > circumstances it is possible that udp4_espinudp () > > calls m_pullup() and it would add a new pkt header > to > > the mbuf chain. But udp_append() is still holding > the > > old head, whose PKTHDR flag is now off. It then > sends > > the pkt further up and kernel does as panic as it > does > > not see PKTHDR flag. > > I already fixed "something like that" a few months > ago. > > Are you using the latest version of the patch ? > > MD5 sum of the patch file should be > 510ac07e6aa95d34e1e05da0695e4059, > is that what you get ? > > > > Yvan. > > -- > NETASQ > http://www.netasq.com > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com