From owner-freebsd-net@freebsd.org Mon Feb 19 06:27:18 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EDA27F05E58 for ; Mon, 19 Feb 2018 06:27:17 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 8B30B82C68 for ; Mon, 19 Feb 2018 06:27:17 +0000 (UTC) (envelope-from kmisak@gmail.com) Received: by mail-qk0-x230.google.com with SMTP id f25so11025940qkm.0 for ; Sun, 18 Feb 2018 22:27:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=SBhFm/jZ6H/JJzMkw02wPGzAqtp1vBRfHv7AuPqXD4o=; b=PVfL5XEdBKwHsnNxhPg9CyVJYt6YCuR4tTIl47oN8aUjsMr8DkAo51mRYURwzPFIEa beZKa/OYX7GMUg44aEgqLApFVYJX9qdebuUExLX9lM4wQpf8cC48x15MKU2KNPDDwpXY jH0L/ajtZu7cle0PcLuV0kohF8VNthsGSxbikKa0igrS59QFuzyCUqkkxLAPPip/no0X XgZveRQGtPtxwhOhgN+jm7Fcv+dMPeiRyKwnELG57QODL1O6XQC0EHn67ZWTWxPuYy/2 fkRLpa/xLR6Zk+Mod24ebpGW3FBAutgucZb0CWEJopN/kk8lXl2hILdQDy98FG221K44 NYWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=SBhFm/jZ6H/JJzMkw02wPGzAqtp1vBRfHv7AuPqXD4o=; b=tSDmPADQW426SC1eoA+UU3WN3HrLQFQYmd5E5AHEcHMtz9unDiL0gRDXwiwZwQDGsC bEtKEVgkjxbNzR+H54J6IdH+FnHXk3Ej6fX/pN69O+UvBsv2VaAPwyR6RZ4tb1yaUl0C h4XIU5AedNhP0Xx32avqHPKlQLdCqtUyn6UFTb6oPmdGMjaPycycson8Ua16HElmwKT9 cqEuKBMMdbUdkY08LrDN7rWEpS+32UDifleDIMgEq8uZ+Rgjr/tiA4qKnk+6/ho6fREz SdoXdnn2zspAI2VvCKIa8RkixICOPkP1c+MKoap+pLWm4e+c3fr6VH/LyX41dRBMXCvX OiIg== X-Gm-Message-State: APf1xPCnkBqVAe0AnME7bEImg+2WszgOTHve2oz4mZBOZ5KKVTf15KLl KIAhw+NY87xzJ0jU+mSnSkfRM6LehdSGmirxwIs5MyLV X-Google-Smtp-Source: AH8x224WtUh6KO1aSTuHz1YTQUge0O5W0hZwH8IBKi0mVqavIC6N61WLIOUeBO0IIBTq8593YszHb/G3lm/ha9FOPJ0= X-Received: by 10.55.24.34 with SMTP id j34mr21068046qkh.294.1519021636969; Sun, 18 Feb 2018 22:27:16 -0800 (PST) MIME-Version: 1.0 Received: by 10.200.112.24 with HTTP; Sun, 18 Feb 2018 22:27:16 -0800 (PST) From: Misak Khachatryan Date: Mon, 19 Feb 2018 10:27:16 +0400 Message-ID: Subject: Racoon and setkey problems To: freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Feb 2018 06:27:18 -0000 Hello there, I 4 machines with ipsec confingured by racoon and running well by several years. A three week ago 3 of them starting to fill the log with messages like this: Feb 19 10:17:57 rtr-1 racoon: [10.1.0.2] ERROR: failed to process ph2 packet (side: 1, status: 8). Feb 19 10:17:57 rtr-1 racoon: [10.1.0.2] ERROR: phase2 negotiation failed. Feb 19 10:17:58 rtr-1 racoon: ERROR: libipsec failed send update (No buffer space available) Feb 19 10:17:58 rtr-1 racoon: ERROR: pfkey update failed. Feb 19 10:17:58 rtr-1 racoon: [10.0.0.2] ERROR: failed to process ph2 packet (side: 0, status: 8). Feb 19 10:17:58 rtr-1 racoon: [10.0.0.2] ERROR: phase2 negotiation failed. Feb 19 10:18:00 rtr-1 racoon: ERROR: libipsec failed send update (No buffer space available) Feb 19 10:18:00 rtr-1 racoon: ERROR: pfkey update failed. I see also increasing counter of "messages with memory allocation failure" on "sent to userland" part. # netstat -s -p pfkey pfkey: 3067523 requests sent from userland 453974456 bytes sent from userland histogram by message type: getspi: 1533688 update: 1533640 add: 25 delete: 1 acquire: 42 register: 16 flush: 10 dump: 18 x_promisc: 23 x_spdadd: 48 x_spddump: 5 x_spdflush: 7 0 messages with invalid length field 0 messages with invalid version field 0 messages with invalid message type field 0 messages too short 0 messages with memory allocation failure 0 messages with duplicate extension 0 messages with invalid extension type 0 messages with invalid sa type 0 messages with invalid address extension 7717719 requests sent to userland 1461098984 bytes sent to userland histogram by message type: getspi: 1533688 update: 1533640 add: 25 delete: 1 acquire: 1569975 register: 16 expire: 2968244 flush: 10 dump: 111982 x_promisc: 48 x_spdadd: 48 x_spddump: 60 x_spdflush: 7 1757766 messages toward single socket 1533864 messages toward all sockets 9076534 messages toward registered sockets 1644111 messages with memory allocation failure 3 of machines running 10.4-RELEASE-p1, one 10.3. Two of the machine almost the same, only ip addresses and few lines of configs differ. One is OK, other one have problem. Running almost any setkey command leads to: # setkey -x setkey: send: No buffer space available All packet versions are completely the same, binaries exactly same size. Any help will be appreciated. Best regards, Misak Khachatryan