ipsec and freebsd 5.3-beta

Niki Denev nike_d at cytexbg.com
Mon Sep 27 05:33:26 PDT 2004

Hannes Mehnert writes:

> Hash: SHA1
> Hi,
> On Mon, Sep 27, 2004 at 08:22:40AM +0200, cell wrote:
>> I have always the same problem.I'm on freebsd 5.3-beta 5 and i have put the
>> patch for key.c who is in cvweb but  i have that :
>> .. ENOBUFS ...
> Currently only netipsec/key.c is fixed (which is the FAST_IPSEC
> implementation), so if you use FAST_IPSEC it should work, with IPSEC it
> shouldn't.
> Best Regards,
> Hannes Mehnert
> Version: GnuPG v1.2.5 (FreeBSD)
> 3E1YOvTQaPf19QjG8cRx4w8=
> =5rFG

The netkey/key.c and netipsec/key.c files are very similar,
probably because as far as i remember FAST_IPSEC started as fork from
the KAME ipsec implementation.(or at least uses some of the code)
I think that the same fix will work both for IPSEC and FAST_IPSEC.
e can try to find the key_parse() routine in netkey/key.c
and comment the following code :

        if (m->m_next) {        /*XXX*/
                return ENOBUFS;

starting at line 6976.

P.S. No guarantees on that, try it at your own risk  :) :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040927/443cbf38/attachment.bin

More information about the freebsd-current mailing list