On 22.02.2018 22:12, Misak Khachatryan wrote: >>> kernel`key_sendup0+0xee >>> kernel`key_sendup_mbuf+0x1e6 >>> kernel`key_parse+0x87f >>> >> >> Then probably this output will be changed.
I think the problem is that there are several PF_KEY sockets present, but some socket has overfilled its buffers. key_sendup_mbuf() function tries to send data to all sockets and fails on this mentioned socket. If you can, please, try the attached patch. It changes the behavior to always try to send data to all sockets and ignore some possible errors on intermediate sockets. I think with this patch you will be able to clear SAs with `setkey -F` command. You need to rebuild and reinstall the kernel. The patch is for stable/10. -- WBR, Andrey V. Elsukov
Index: stable/10/sys/netipsec/keysock.c =================================================================== --- stable/10/sys/netipsec/keysock.c (revision 329557) +++ stable/10/sys/netipsec/keysock.c (working copy) @@ -333,16 +333,14 @@ key_sendup_mbuf(struct socket *so, struct mbuf *m, continue; if ((n = m_copy(m, 0, (int)M_COPYALL)) == NULL) { - m_freem(m); PFKEYSTAT_INC(in_nomem); - mtx_unlock(&rawcb_mtx); - return ENOBUFS; + /* Try with next socket */ + continue; } if ((error = key_sendup0(rp, n, 0)) != 0) { - m_freem(m); - mtx_unlock(&rawcb_mtx); - return error; + /* Try with next socket */ + continue; } n = NULL;
signature.asc
Description: OpenPGP digital signature