FreeBSD Mail Archives

Date:      Fri, 27 Jul 2001 04:30:11 +0900 (JST)
From:      Hajimu UMEMOTO <ume@mahoroba.org>
To:        itojun@iijlab.net
Cc:        daniel.sobral@tcoip.com.br, stable@freebsd.org
Subject:   Re: Completely unstable -stable (IPSEC) 
Message-ID:  <20010727.043011.74725216.ume@mahoroba.org>
In-Reply-To: <13678.996078404@itojun.org>
References:  <3B5DD8BC.8010601@tcoip.com.br> <13678.996078404@itojun.org>

>>>>> On Thu, 26 Jul 2001 01:26:44 +0900
>>>>> itojun@iijlab.net said:

>I have a 4.3-STABLE (cvsupped a few times this week already) which will=20
>crash within hours (and then never get to a second succesful boot).=20
>4.3-RELEASE works fine with the same kernel.

itojun> 	after more diagnosis - it is a KAME bug, made apparent by recent
itojun> 	locking changes.  investigation/fixes are still ongoing.
itojun> 	thank you for your patience.

I just merged the fix from KAME repo. into 5-CURRENT.  Thanks, itojun!
There is some difference between 4-STABLE and 5-CURRENT.  Here is a
patch for 4-STABLE.

Index: sys/netinet/in_pcb.c
diff -u sys/netinet/in_pcb.c.orig sys/netinet/in_pcb.c
--- sys/netinet/in_pcb.c.orig	Tue Jul  3 20:01:45 2001
+++ sys/netinet/in_pcb.c	Fri Jul 27 03:33:34 2001
@@ -142,6 +142,9 @@
 	struct proc *p;
 {
 	register struct inpcb *inp;
+#ifdef IPSEC
+	int error;
+#endif
 
 	inp = zalloci(pcbinfo->ipi_zone);
 	if (inp == NULL)
@@ -150,6 +153,13 @@
 	inp->inp_gencnt = ++pcbinfo->ipi_gencnt;
 	inp->inp_pcbinfo = pcbinfo;
 	inp->inp_socket = so;
+#ifdef IPSEC
+	error = ipsec_init_policy(so, &inp->inp_sp);
+	if (error != 0) {
+		zfreei(pcbinfo->ipi_zone, inp);
+		return error;
+	}
+#endif /*IPSEC*/
 #if defined(INET6)
 	if (INP_SOCKAF(so) == AF_INET6 && !ip6_mapped_addr_on)
 		inp->inp_flags |= IN6P_IPV6_V6ONLY;
Index: sys/netinet/ip_divert.c
diff -u sys/netinet/ip_divert.c.orig sys/netinet/ip_divert.c
--- sys/netinet/ip_divert.c.orig	Tue Feb 27 18:41:15 2001
+++ sys/netinet/ip_divert.c	Fri Jul 27 03:32:13 2001
@@ -362,13 +362,6 @@
 	/* The socket is always "connected" because
 	   we always know "where" to send the packet */
 	so->so_state |= SS_ISCONNECTED;
-#ifdef IPSEC
-	error = ipsec_init_policy(so, &inp->inp_sp);
-	if (error != 0) {
-		in_pcbdetach(inp);
-		return error;
-	}
-#endif /*IPSEC*/
 	return 0;
 }
 
Index: sys/netinet/raw_ip.c
diff -u sys/netinet/raw_ip.c.orig sys/netinet/raw_ip.c
--- sys/netinet/raw_ip.c.orig	Fri Jul 27 03:31:49 2001
+++ sys/netinet/raw_ip.c	Fri Jul 27 03:32:14 2001
@@ -486,13 +486,6 @@
 	inp->inp_vflag |= INP_IPV4;
 	inp->inp_ip_p = proto;
 	inp->inp_ip_ttl = ip_defttl;
-#ifdef IPSEC
-	error = ipsec_init_policy(so, &inp->inp_sp);
-	if (error != 0) {
-		in_pcbdetach(inp);
-		return error;
-	}
-#endif /*IPSEC*/
 	return 0;
 }
 
Index: sys/netinet/tcp_usrreq.c
diff -u sys/netinet/tcp_usrreq.c.orig sys/netinet/tcp_usrreq.c
--- sys/netinet/tcp_usrreq.c.orig	Fri Jul 27 03:31:50 2001
+++ sys/netinet/tcp_usrreq.c	Fri Jul 27 03:32:14 2001
@@ -1015,18 +1015,6 @@
 	if (error)
 		return (error);
 	inp = sotoinpcb(so);
-#ifdef IPSEC
-	error = ipsec_init_policy(so, &inp->inp_sp);
-	if (error) {
-#ifdef INET6
-		if (isipv6)
-			in6_pcbdetach(inp);
-		else
-#endif
-		in_pcbdetach(inp);
-		return (error);
-	}
-#endif /*IPSEC*/
 #ifdef INET6
 	if (isipv6) {
 		inp->inp_vflag |= INP_IPV6;
Index: sys/netinet/udp_usrreq.c
diff -u sys/netinet/udp_usrreq.c.orig sys/netinet/udp_usrreq.c
--- sys/netinet/udp_usrreq.c.orig	Tue Jul  3 20:01:47 2001
+++ sys/netinet/udp_usrreq.c	Fri Jul 27 03:32:14 2001
@@ -810,13 +810,6 @@
 	inp = (struct inpcb *)so->so_pcb;
 	inp->inp_vflag |= INP_IPV4;
 	inp->inp_ip_ttl = ip_defttl;
-#ifdef IPSEC
-	error = ipsec_init_policy(so, &inp->inp_sp);
-	if (error != 0) {
-		in_pcbdetach(inp);
-		return error;
-	}
-#endif /*IPSEC*/
 	return 0;
 }
 
Index: sys/netinet6/raw_ip6.c
diff -u sys/netinet6/raw_ip6.c.orig sys/netinet6/raw_ip6.c
--- sys/netinet6/raw_ip6.c.orig	Tue Jul  3 20:01:55 2001
+++ sys/netinet6/raw_ip6.c	Fri Jul 27 03:32:14 2001
@@ -567,13 +567,6 @@
 	inp->in6p_ip6_nxt = (long)proto;
 	inp->in6p_hops = -1;	/* use kernel default */
 	inp->in6p_cksum = -1;
-#ifdef IPSEC
-	error = ipsec_init_policy(so, &inp->in6p_sp);
-	if (error != 0) {
-		in6_pcbdetach(inp);
-		return (error);
-	}
-#endif /*IPSEC*/
 	MALLOC(inp->in6p_icmp6filt, struct icmp6_filter *,
 	       sizeof(struct icmp6_filter), M_PCB, M_NOWAIT);
 	ICMP6_FILTER_SETPASSALL(inp->in6p_icmp6filt);
Index: sys/netinet6/udp6_usrreq.c
diff -u sys/netinet6/udp6_usrreq.c.orig sys/netinet6/udp6_usrreq.c
--- sys/netinet6/udp6_usrreq.c.orig	Tue Jul  3 20:01:55 2001
+++ sys/netinet6/udp6_usrreq.c	Fri Jul 27 03:32:14 2001
@@ -549,13 +549,6 @@
 	 * which may match an IPv4-mapped IPv6 address.
 	 */
 	inp->inp_ip_ttl = ip_defttl;
-#ifdef IPSEC
-	error = ipsec_init_policy(so, &inp->in6p_sp);
-	if (error != 0) {
-		in6_pcbdetach(inp);
-		return (error);
-	}
-#endif /*IPSEC*/
 	return 0;
 }
 

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@mahoroba.org  ume@bisd.hitachi.co.jp  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010727.043011.74725216.ume>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation