From owner-freebsd-current@FreeBSD.ORG Fri Jan 16 01:31:55 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D6E916A4CE; Fri, 16 Jan 2004 01:31:55 -0800 (PST) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2758E43D2D; Fri, 16 Jan 2004 01:31:53 -0800 (PST) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from transport.cksoft.de (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 8E3531FF91D; Fri, 16 Jan 2004 10:31:51 +0100 (CET) Received: by transport.cksoft.de (Postfix, from userid 66) id EABF51FF90C; Fri, 16 Jan 2004 10:31:49 +0100 (CET) Received: by mail.int.zabbadoz.net (Postfix, from userid 1060) id 113E5155E3; Fri, 16 Jan 2004 09:31:25 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.int.zabbadoz.net (Postfix) with ESMTP id 0E852155AE; Fri, 16 Jan 2004 09:31:26 +0000 (UTC) Date: Fri, 16 Jan 2004 09:31:25 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@e0-0.zab2.int.zabbadoz.net To: Hajimu UMEMOTO In-Reply-To: Message-ID: References: <20040115041435.7B739A6@coconut.itojun.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS cksoft-s20020300-20031204bz on transport.cksoft.de cc: core@kame.net cc: current@freebsd.org cc: "Bjoern A. Zeeb" cc: Jun-ichiro itojun Hagino Subject: Re: [PATCH] IPSec fixes X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Jan 2004 09:31:56 -0000 On Fri, 16 Jan 2004, Hajimu UMEMOTO wrote: Hi, > Do you mean that following patch itojun offered doesn't help for you? I never applied it as going through the code showed that it will not do the right thing(TM). See older mail. > It seems fix the problem here. ahh - this isn't exactly the diff itojun offered. the newsp->refcnt++; is missing. Is it also missing in your kernel ? I am currently offsite but could you please try to add this - shouldn't give too much debugging output; depending on number of SPs ypu have - do some setkey spdadd and sdpflush and restart your ike daemon possibly running and mail me the output ? > Index: sys/netkey/key.c > diff -up sys/netkey/key.c.orig sys/netkey/key.c > --- sys/netkey/key.c.orig Fri Jan 16 17:06:26 2004 > +++ sys/netkey/key.c Fri Jan 16 17:07:38 2004 > @@ -1958,7 +1958,6 @@ key_spdadd(so, m, mhp) > newsp->lifetime = lft ? lft->sadb_lifetime_addtime : 0; > newsp->validtime = lft ? lft->sadb_lifetime_usetime : 0; > > - newsp->refcnt = 1; /* do not reclaim until I say I do */ > newsp->state = IPSEC_SPSTATE_ALIVE; > LIST_INSERT_TAIL(&sptree[newsp->dir], newsp, secpolicy, chain); > > @@ -7591,9 +7590,10 @@ key_sp_unlink(sp) > { > > /* remove from SP index */ > - if (__LIST_CHAINED(sp)) > + if (__LIST_CHAINED(sp)) { > LIST_REMOVE(sp, chain); > - key_freesp(sp); + /* you should only see this once */ + printf("%s:%d key_sp_unlink(%p) called\n", + __func__, __LINE__, sp); + printf("+ id=%u, refcnt=%d\n", sp->id, sp->refcnt); + printf("+ le_next=%p, le_prev=%p\n", + sp->chain.le_next, sp->chain.le_prev); > + key_freesp(sp); > + } + else { + /* you should never see this */ + printf("%s:%d key_sp_unlink(%p) called another time\n", + __func__, __LINE__, sp); + printf("+ id=%u, refcnt=%d\n", sp->id, sp->refcnt); + printf("+ le_next=%p, le_prev=%p\n", + sp->chain.le_next, sp->chain.le_prev); + } > } > > /* XXX too much? */ PS: do you have other patches in your local tree that are not yet in HEAD ? I got another patch from you once in Nov or Dec but I think it was renaming functions and passing pcb instead of so only (removing some unnecessary function calls) [more like FATS_IPSEC]. I have a more improved version of this in my private patchset but currently suspended while debugging. -- Greetings Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/