Date: Tue, 2 Jan 2007 20:28:01 -0800 (PST) From: ashoke saha <ashoke@rocketmail.com> To: VANHULLEBUS Yvan <vanhu_bsd@zeninc.net>, freebsd-net@freebsd.org Subject: Re: NAT Taversal bug in kernel patch ? Message-ID: <369726.48848.qm@web51904.mail.yahoo.com> In-Reply-To: <20070102141351.GA1604@jayce.zen.inc>
next in thread | previous in thread | raw e-mail | index | archive | help
not new. 6/7 months old. Also, quite sometime back 1 yr .... looked like there are issues in PFKEY interface in scalibility . if you create more than 300 ipsecpolicy and ipsec SA's PFKEY used to fail as kernel was using one mbuf cluster (2K or 4k dont remmember) for each policy or SA. That way it was running out of mbuf cluster limit for process. maybe that is also fixed. ashoke. --- VANHULLEBUS Yvan <vanhu_bsd@zeninc.net> wrote: > On Tue, Jan 02, 2007 at 02:59:59AM -0800, ashoke > saha wrote: > > Hi , > > Hi. > > > > just joined the mailibng list. I was implementing > > > NAT traversal based on the patch and my kernel was > > panicking because of wrong ipsec config, which it > > should not whatever be the config. > > > > Looks like there is a small issue in the code > > > http://ipsec-tools.sourceforge.net/freebsd6-natt.diff > > > which might already be fixed. > > > > Look at the call of the function > > udp4_espinudp () in udp append. Now under certain > > circumstances it is possible that udp4_espinudp () > > calls m_pullup() and it would add a new pkt header > to > > the mbuf chain. But udp_append() is still holding > the > > old head, whose PKTHDR flag is now off. It then > sends > > the pkt further up and kernel does as panic as it > does > > not see PKTHDR flag. > > I already fixed "something like that" a few months > ago. > > Are you using the latest version of the patch ? > > MD5 sum of the patch file should be > 510ac07e6aa95d34e1e05da0695e4059, > is that what you get ? > > > > Yvan. > > -- > NETASQ > http://www.netasq.com > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to > "freebsd-net-unsubscribe@freebsd.org" > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?369726.48848.qm>