Date: Sat, 25 Sep 2004 23:50:13 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Sam Leffler <sam@errno.com> Cc: Robert Watson <rwatson@freebsd.org> Subject: Re: 5.3 IPSEC broken Message-ID: <Pine.BSF.4.53.0409252349140.93902@e0-0.zab2.int.zabbadoz.net> In-Reply-To: <200409251502.34281.sam@errno.com> References: <Pine.NEB.3.96L.1040925150944.79682C-100000@fledge.watson.org> <200409251502.34281.sam@errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 25 Sep 2004, Sam Leffler wrote:
> > > That's a 216 byte packet, fwiw. I instrumented key.c and ran into the
> > > following ENOBUFS case on key.c:6957:
> > >
> > > /* align the mbuf chain so that extensions are in contiguous
> > > region. */ error = key_align(m, &mh);
> > > if (error)
> > > return error;
> > >
> > > if (m->m_next) { /*XXX*/
> > > m_freem(m);
> > > return ENOBUFS;
> > > }
> > >
> > > I.e., the author knew it was a bug (feature) that an additional mbuf
> > > couldn't be handled here, but we do need to handle one. Looks like much
> > > of the surrounding code could be replaced with a call to m_defrag()
> > > and/or m_pullup().
> >
> > Just to mention that i too experience this problem,
> > but with FAST_IPSEC so this probably means that if any fix will be made for
> > netkey/key.c then netipsec/key.c will need it too.(as far as i can tell)
> > Please correct me if i'm wrong.
>
> Correct. I gave Robert a fix that was sent to me for fast ipsec. I was going
> to commit it this weekend after some testing.
could you perhaps post it or place it somewhere for download ?
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.53.0409252349140.93902>