misc/88336: setkey -D fails to report all SAs

Mats Palmgren mats.palmgren at bredband.net
Tue Nov 1 07:40:45 PST 2005 

>Number:         88336
>Category:       misc
>Synopsis:       setkey -D fails to report all SAs
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 01 15:40:17 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Mats Palmgren
>Release:        RELENG_5
>Organization:
>Environment:
>Description:
The socket buffer size for pfkey only allows for 342
SAs to be dumped by "setkey -D".
(In our application we have the need for in the order of 10k)
>How-To-Repeat:
Use 'setkey' command to push 10000 SAs into the kernel.
Run 'setkey -D'.

ACTUAL RESULT
Only 342 of the SAs is reported to userland, then an error message:
# setkey -D | grep esp | wc -l
recv: Resource temporarily unavailable
     342

EXPECTED RESULT
# setkey -D | grep esp | wc -l
     10000

>Fix:
This is our workaround for now, probably not the best solution.
Could you at least add the u_quad_t cast since it triggers this
warning when increasing SB_MAX:
uipc_socket2.c:69: warning: integer overflow in expression

The added cast corresponds to uipc_socket2.c:490:
    sb_max_adj = (u_quad_t)sb_max * MCLBYTES / (MSIZE + MCLBYTES);



Index: lib/libipsec/pfkey.c
===================================================================
RCS file: /cvs/src/lib/libipsec/pfkey.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 pfkey.c
--- lib/libipsec/pfkey.c        12 May 2004 20:54:18 -0000      1.1.1.1
+++ lib/libipsec/pfkey.c        31 Oct 2005 19:15:03 -0000
@@ -1582,6 +1582,15 @@
        int so;
        const int bufsiz = 128 * 1024;  /*is 128K enough?*/

+#ifdef FIX
+       const int r_bufsiz = 8 * 1024 * 1024;
+#endif
        if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
                __ipsec_set_strerror(strerror(errno));
                return -1;
@@ -1592,7 +1601,11 @@
         * Don't really care even if it fails.
         */
        (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz));
+#ifdef FIX
+       (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &r_bufsiz, sizeof(r_bufsiz));
+#else
        (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+#endif

        __ipsec_errcode = EIPSEC_NO_ERROR;
        return so;
Index: sys/kern/uipc_socket2.c
===================================================================
RCS file: /cvs/src/sys/kern/uipc_socket2.c,v
retrieving revision 1.1.1.7
diff -u -r1.1.1.7 uipc_socket2.c
--- sys/kern/uipc_socket2.c     13 Jun 2005 14:54:31 -0000      1.1.1.7
+++ sys/kern/uipc_socket2.c     31 Oct 2005 16:39:25 -0000
@@ -66,7 +66,7 @@

 u_long sb_max = SB_MAX;
 static u_long sb_max_adj =
-    SB_MAX * MCLBYTES / (MSIZE + MCLBYTES); /* adjusted sb_max */
+    (u_quad_t)SB_MAX * MCLBYTES / (MSIZE + MCLBYTES); /* adjusted sb_max */

 static u_long sb_efficiency = 8;       /* parameter for sbreserve() */

Index: sys/sys/socketvar.h
===================================================================
RCS file: /cvs/src/sys/sys/socketvar.h,v
retrieving revision 1.1.1.5
diff -u -r1.1.1.5 socketvar.h
--- sys/sys/socketvar.h 21 Apr 2005 00:19:11 -0000      1.1.1.5
+++ sys/sys/socketvar.h 31 Oct 2005 17:46:30 -0000
@@ -115,7 +115,11 @@
 /*
  * Constants for sb_flags field of struct sockbuf.
  */
+#ifdef FIX
+#define        SB_MAX          (((8*1024*1024)/MCLBYTES)*(MSIZE+MCLBYTES))
+#else
 #define        SB_MAX          (256*1024)      /* default for max chars in sockbuf */
+#endif
 /*
  * Constants for sb_flags field of struct sockbuf.
  */



>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list