On Sat, Oct 27, 2018 at 05:35:16PM +0200, Mark Patruck wrote:
> I've found the reason for the error message
>
> iked[24455]: pfkey_write: writev failed: Invalid argument
> iked[24455]: pfkey_write: writev failed: Invalid argument
>
> that comes up when the Child SA expires. (this affects 6.4 and -current)
>
> It appears when using a tap interface != default enc0 (for example enc5
> in routing domain 5). So you can simply reproduce via
>
> $ doas ifconfig enc1 create
>
> use "tap enc1" in iked.conf (hint: "tap enc0" works)
>
> For testing purposes it makes sense to lower "lifetime" to f.e. 2m.
>
>
> On Tue, Sep 25, 2018 at 10:50:43AM -0300, Martin Pieuchot wrote:
> > On 24/09/18(Mon) 20:21, Mark Patruck wrote:
> > > Hi Martin,
> > >
> > > if you need additional info or have a diff to test, drop me a
> > > note.
> >
> > I don't have time to look at this, better send a report to bugs@, you
> > could also poke patrick@ to see if he has some ideas.
>
> --
> Mark Patruck ( mark at wrapped.cx )
> GPG key 0xF2865E51 / 187F F6D3 EE04 1DCE 1C74 F644 0D3C F66F F286 5E51
>
> http://www.wrapped.cx
>
I hit this too.
in pfkey_sa, if the action is SADB_DELETE, the code skips (goto) ahead,
so sa_tap is left uninitialized. I tried the following diff first,
thinking sa_tap wasn't being initialized in the SADB_DELETE case. But
it didn't help.
Index: pfkey.c
===================================================================
RCS file: /cvs/src/sbin/iked/pfkey.c,v
retrieving revision 1.59
diff -u -p -r1.59 pfkey.c
--- pfkey.c 27 Nov 2017 18:39:35 -0000 1.59
+++ pfkey.c 25 Nov 2018 15:46:32 -0000
@@ -530,6 +530,13 @@ pfkey_sa(int sd, uint8_t satype, uint8_t
bzero(&sa_ltime_hard, sizeof(sa_ltime_hard));
bzero(&sa_ltime_soft, sizeof(sa_ltime_soft));
+ if (pol->pol_tap != 0) {
+ bzero(&sa_tap, sizeof(sa_tap));
+ sa_tap.sadb_x_tap_exttype = SADB_X_EXT_TAP;
+ sa_tap.sadb_x_tap_len = sizeof(sa_tap) / 8;
+ sa_tap.sadb_x_tap_unit = pol->pol_tap;
+ }
+
if (action == SADB_DELETE)
goto send;
@@ -641,13 +648,6 @@ pfkey_sa(int sd, uint8_t satype, uint8_t
sa_tag.sadb_x_tag_taglen = strlen(tag) + 1;
} else
tag = NULL;
-
- if (pol->pol_tap != 0) {
- bzero(&sa_tap, sizeof(sa_tap));
- sa_tap.sadb_x_tap_exttype = SADB_X_EXT_TAP;
- sa_tap.sadb_x_tap_len = sizeof(sa_tap) / 8;
- sa_tap.sadb_x_tap_unit = pol->pol_tap;
- }
send:
iov_cnt = 0;
So, i reversed the logic and thought maybe SADB_DELETE doesn't want
sa_tap to be part of the iov and came up with this diff. I no longer
get writev errors on rekey. I am not sure if it is correct as-is
though.
Index: pfkey.c
===================================================================
RCS file: /cvs/src/sbin/iked/pfkey.c,v
retrieving revision 1.59
diff -u -p -r1.59 pfkey.c
--- pfkey.c 27 Nov 2017 18:39:35 -0000 1.59
+++ pfkey.c 25 Nov 2018 15:37:11 -0000
@@ -764,7 +764,7 @@ pfkey_sa(int sd, uint8_t satype, uint8_t
iov_cnt++;
}
- if (pol->pol_tap != 0) {
+ if (pol->pol_tap != 0 && action != SADB_DELETE) {
/* enc(4) device tap unit */
iov[iov_cnt].iov_base = &sa_tap;
iov[iov_cnt].iov_len = sizeof(sa_tap);
