Date: Tue, 1 Nov 2005 15:37:31 GMT From: Mats Palmgren <mats.palmgren@bredband.net> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/88336: setkey -D fails to report all SAs Message-ID: <200511011537.jA1FbV6o023879@www.freebsd.org> Resent-Message-ID: <200511011540.jA1FeH3Q007318@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 88336 >Category: misc >Synopsis: setkey -D fails to report all SAs >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Nov 01 15:40:17 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Mats Palmgren >Release: RELENG_5 >Organization: >Environment: >Description: The socket buffer size for pfkey only allows for 342 SAs to be dumped by "setkey -D". (In our application we have the need for in the order of 10k) >How-To-Repeat: Use 'setkey' command to push 10000 SAs into the kernel. Run 'setkey -D'. ACTUAL RESULT Only 342 of the SAs is reported to userland, then an error message: # setkey -D | grep esp | wc -l recv: Resource temporarily unavailable 342 EXPECTED RESULT # setkey -D | grep esp | wc -l 10000 >Fix: This is our workaround for now, probably not the best solution. Could you at least add the u_quad_t cast since it triggers this warning when increasing SB_MAX: uipc_socket2.c:69: warning: integer overflow in expression The added cast corresponds to uipc_socket2.c:490: sb_max_adj = (u_quad_t)sb_max * MCLBYTES / (MSIZE + MCLBYTES); Index: lib/libipsec/pfkey.c =================================================================== RCS file: /cvs/src/lib/libipsec/pfkey.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 pfkey.c --- lib/libipsec/pfkey.c 12 May 2004 20:54:18 -0000 1.1.1.1 +++ lib/libipsec/pfkey.c 31 Oct 2005 19:15:03 -0000 @@ -1582,6 +1582,15 @@ int so; const int bufsiz = 128 * 1024; /*is 128K enough?*/ +#ifdef FIX + const int r_bufsiz = 8 * 1024 * 1024; +#endif if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) { __ipsec_set_strerror(strerror(errno)); return -1; @@ -1592,7 +1601,11 @@ * Don't really care even if it fails. */ (void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz)); +#ifdef FIX + (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &r_bufsiz, sizeof(r_bufsiz)); +#else (void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz)); +#endif __ipsec_errcode = EIPSEC_NO_ERROR; return so; Index: sys/kern/uipc_socket2.c =================================================================== RCS file: /cvs/src/sys/kern/uipc_socket2.c,v retrieving revision 1.1.1.7 diff -u -r1.1.1.7 uipc_socket2.c --- sys/kern/uipc_socket2.c 13 Jun 2005 14:54:31 -0000 1.1.1.7 +++ sys/kern/uipc_socket2.c 31 Oct 2005 16:39:25 -0000 @@ -66,7 +66,7 @@ u_long sb_max = SB_MAX; static u_long sb_max_adj = - SB_MAX * MCLBYTES / (MSIZE + MCLBYTES); /* adjusted sb_max */ + (u_quad_t)SB_MAX * MCLBYTES / (MSIZE + MCLBYTES); /* adjusted sb_max */ static u_long sb_efficiency = 8; /* parameter for sbreserve() */ Index: sys/sys/socketvar.h =================================================================== RCS file: /cvs/src/sys/sys/socketvar.h,v retrieving revision 1.1.1.5 diff -u -r1.1.1.5 socketvar.h --- sys/sys/socketvar.h 21 Apr 2005 00:19:11 -0000 1.1.1.5 +++ sys/sys/socketvar.h 31 Oct 2005 17:46:30 -0000 @@ -115,7 +115,11 @@ /* * Constants for sb_flags field of struct sockbuf. */ +#ifdef FIX +#define SB_MAX (((8*1024*1024)/MCLBYTES)*(MSIZE+MCLBYTES)) +#else #define SB_MAX (256*1024) /* default for max chars in sockbuf */ +#endif /* * Constants for sb_flags field of struct sockbuf. */ >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200511011537.jA1FbV6o023879>