From owner-freebsd-bugs@FreeBSD.ORG Wed Mar 5 00:40:01 2008 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2CCDD1065672 for ; Wed, 5 Mar 2008 00:40:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id E33728FC1F for ; Wed, 5 Mar 2008 00:40:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m250e0Vv008320 for ; Wed, 5 Mar 2008 00:40:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m250e09C008319; Wed, 5 Mar 2008 00:40:00 GMT (envelope-from gnats) Resent-Date: Wed, 5 Mar 2008 00:40:00 GMT Resent-Message-Id: <200803050040.m250e09C008319@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Cyrus Rahman Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B1B61065675 for ; Wed, 5 Mar 2008 00:39:27 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id 09CA38FC19 for ; Wed, 5 Mar 2008 00:39:27 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.2/8.14.2) with ESMTP id m250aQNK061814 for ; Wed, 5 Mar 2008 00:36:26 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.2/8.14.1/Submit) id m250aQqk061813; Wed, 5 Mar 2008 00:36:26 GMT (envelope-from nobody) Message-Id: <200803050036.m250aQqk061813@www.freebsd.org> Date: Wed, 5 Mar 2008 00:36:26 GMT From: Cyrus Rahman To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: kern/121374: SP refcnt increases with each packet in ipv6 with new IPSEC X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Mar 2008 00:40:01 -0000 >Number: 121374 >Category: kern >Synopsis: SP refcnt increases with each packet in ipv6 with new IPSEC >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Mar 05 00:40:00 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Cyrus Rahman >Release: 7.0-RELEASE >Organization: >Environment: FreeBSD snowfall.signetica.com 7.0-RELEASE FreeBSD 7.0-RELEASE #6: Tue Mar 4 16:27:33 MST 2008 cr@snowfall.signetica.com:/usr/src/sys/i386/compile/SIGNETICA i386 >Description: Ok, this is actually probably more serious than I say, because when refcnt overflows KASSERT will cause some trouble. But obviously no one is actually using ipv6 with IPSEC yet. Anyway, if one creates an ipv6 association between two hosts with the new IPSEC, each packet will increment the refcnt: root# setkey -PD hostA[any] hostB[any] any out ipsec esp/transport//use spid=3 seq=0 pid=1554 refcnt=65 root# ping6 hostB .. some packets go by root# setkey -PD hostA[any] hostB[any] any out ipsec esp/transport//use spid=3 seq=0 pid=1635 refcnt=77 This problem does not occur with ipv4. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted: