Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 25 Sep 2004 23:50:13 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To:        Sam Leffler <sam@errno.com>
Cc:        Robert Watson <rwatson@freebsd.org>
Subject:   Re: 5.3 IPSEC broken
Message-ID:  <Pine.BSF.4.53.0409252349140.93902@e0-0.zab2.int.zabbadoz.net>
In-Reply-To: <200409251502.34281.sam@errno.com>
References:  <Pine.NEB.3.96L.1040925150944.79682C-100000@fledge.watson.org> <200409251502.34281.sam@errno.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 25 Sep 2004, Sam Leffler wrote:

> > > That's a 216 byte packet, fwiw.  I instrumented key.c and ran into the
> > > following ENOBUFS case on key.c:6957:
> > >
> > >         /* align the mbuf chain so that extensions are in contiguous
> > > region. */ error = key_align(m, &mh);
> > >         if (error)
> > >                 return error;
> > >
> > >         if (m->m_next) {        /*XXX*/
> > >                 m_freem(m);
> > >                 return ENOBUFS;
> > >         }
> > >
> > > I.e., the author knew it was a bug (feature) that an additional mbuf
> > > couldn't be handled here, but we do need to handle one.  Looks like much
> > > of the surrounding code could be replaced with a call to m_defrag()
> > > and/or m_pullup().
> >
> > Just to mention that i too experience this problem,
> > but with FAST_IPSEC so this probably means that if any fix will be made for
> > netkey/key.c then netipsec/key.c will need it too.(as far as i can tell)
> > Please correct me if i'm wrong.
>
> Correct.  I gave Robert a fix that was sent to me for fast ipsec.  I was going
> to commit it this weekend after some testing.

could you perhaps post it or place it somewhere for download ?

-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT


Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.53.0409252349140.93902>