5.3 IPSEC broken
Bjoern A. Zeeb
bzeeb-lists at lists.zabbadoz.net
Sat Sep 25 16:55:10 PDT 2004
On Sat, 25 Sep 2004, Sam Leffler wrote:
> > > That's a 216 byte packet, fwiw. I instrumented key.c and ran into the
> > > following ENOBUFS case on key.c:6957:
> > >
> > > /* align the mbuf chain so that extensions are in contiguous
> > > region. */ error = key_align(m, &mh);
> > > if (error)
> > > return error;
> > >
> > > if (m->m_next) { /*XXX*/
> > > m_freem(m);
> > > return ENOBUFS;
> > > }
> > >
> > > I.e., the author knew it was a bug (feature) that an additional mbuf
> > > couldn't be handled here, but we do need to handle one. Looks like much
> > > of the surrounding code could be replaced with a call to m_defrag()
> > > and/or m_pullup().
> >
> > Just to mention that i too experience this problem,
> > but with FAST_IPSEC so this probably means that if any fix will be made for
> > netkey/key.c then netipsec/key.c will need it too.(as far as i can tell)
> > Please correct me if i'm wrong.
>
> Correct. I gave Robert a fix that was sent to me for fast ipsec. I was going
> to commit it this weekend after some testing.
could you perhaps post it or place it somewhere for download ?
--
Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT
More information about the freebsd-current
mailing list