Racoon and setkey problems
Andrey V. Elsukov
bu7cher at yandex.ru
Mon Feb 26 12:41:32 UTC 2018
On 22.02.2018 22:12, Misak Khachatryan wrote:
>>> kernel`key_sendup0+0xee
>>> kernel`key_sendup_mbuf+0x1e6
>>> kernel`key_parse+0x87f
>>>
>>
>> Then probably this output will be changed.
I think the problem is that there are several PF_KEY sockets present,
but some socket has overfilled its buffers. key_sendup_mbuf() function
tries to send data to all sockets and fails on this mentioned socket.
If you can, please, try the attached patch. It changes the behavior to
always try to send data to all sockets and ignore some possible errors
on intermediate sockets. I think with this patch you will be able to
clear SAs with `setkey -F` command.
You need to rebuild and reinstall the kernel. The patch is for stable/10.
--
WBR, Andrey V. Elsukov
-------------- next part --------------
A non-text attachment was scrubbed...
Name: keysock.diff
Type: text/x-patch
Size: 676 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20180226/e772b2a8/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20180226/e772b2a8/attachment.sig>
More information about the freebsd-net
mailing list