Date: Tue, 1 Nov 2005 15:37:31 GMT From: Mats Palmgren <mats.palmgren@bredband.net> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/88336: setkey -D fails to report all SAs Message-ID: <200511011537.jA1FbV6o023879@www.freebsd.org> Resent-Message-ID: <200511011540.jA1FeH3Q007318@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 88336
>Category: misc
>Synopsis: setkey -D fails to report all SAs
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 01 15:40:17 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Mats Palmgren
>Release: RELENG_5
>Organization:
>Environment:
>Description:
The socket buffer size for pfkey only allows for 342
SAs to be dumped by "setkey -D".
(In our application we have the need for in the order of 10k)
>How-To-Repeat:
Use 'setkey' command to push 10000 SAs into the kernel.
Run 'setkey -D'.
ACTUAL RESULT
Only 342 of the SAs is reported to userland, then an error message:
# setkey -D | grep esp | wc -l
recv: Resource temporarily unavailable
342
EXPECTED RESULT
# setkey -D | grep esp | wc -l
10000
>Fix:
This is our workaround for now, probably not the best solution.
Could you at least add the u_quad_t cast since it triggers this
warning when increasing SB_MAX:
uipc_socket2.c:69: warning: integer overflow in expression
The added cast corresponds to uipc_socket2.c:490:
sb_max_adj = (u_quad_t)sb_max * MCLBYTES / (MSIZE + MCLBYTES);
Index: lib/libipsec/pfkey.c
===================================================================
RCS file: /cvs/src/lib/libipsec/pfkey.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 pfkey.c
--- lib/libipsec/pfkey.c 12 May 2004 20:54:18 -0000 1.1.1.1
+++ lib/libipsec/pfkey.c 31 Oct 2005 19:15:03 -0000
@@ -1582,6 +1582,15 @@
int so;
const int bufsiz = 128 * 1024; /*is 128K enough?*/
+#ifdef FIX
+ const int r_bufsiz = 8 * 1024 * 1024;
+#endif
if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
__ipsec_set_strerror(strerror(errno));
return -1;
@@ -1592,7 +1601,11 @@
* Don't really care even if it fails.
*/
(void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz));
+#ifdef FIX
+ (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &r_bufsiz, sizeof(r_bufsiz));
+#else
(void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
+#endif
__ipsec_errcode = EIPSEC_NO_ERROR;
return so;
Index: sys/kern/uipc_socket2.c
===================================================================
RCS file: /cvs/src/sys/kern/uipc_socket2.c,v
retrieving revision 1.1.1.7
diff -u -r1.1.1.7 uipc_socket2.c
--- sys/kern/uipc_socket2.c 13 Jun 2005 14:54:31 -0000 1.1.1.7
+++ sys/kern/uipc_socket2.c 31 Oct 2005 16:39:25 -0000
@@ -66,7 +66,7 @@
u_long sb_max = SB_MAX;
static u_long sb_max_adj =
- SB_MAX * MCLBYTES / (MSIZE + MCLBYTES); /* adjusted sb_max */
+ (u_quad_t)SB_MAX * MCLBYTES / (MSIZE + MCLBYTES); /* adjusted sb_max */
static u_long sb_efficiency = 8; /* parameter for sbreserve() */
Index: sys/sys/socketvar.h
===================================================================
RCS file: /cvs/src/sys/sys/socketvar.h,v
retrieving revision 1.1.1.5
diff -u -r1.1.1.5 socketvar.h
--- sys/sys/socketvar.h 21 Apr 2005 00:19:11 -0000 1.1.1.5
+++ sys/sys/socketvar.h 31 Oct 2005 17:46:30 -0000
@@ -115,7 +115,11 @@
/*
* Constants for sb_flags field of struct sockbuf.
*/
+#ifdef FIX
+#define SB_MAX (((8*1024*1024)/MCLBYTES)*(MSIZE+MCLBYTES))
+#else
#define SB_MAX (256*1024) /* default for max chars in sockbuf */
+#endif
/*
* Constants for sb_flags field of struct sockbuf.
*/
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511011537.jA1FbV6o023879>