> -----Original Message----- > From: [email protected] > [mailto:openembedded-devel- > [email protected]] On Behalf Of Martin Jansa > Sent: Wednesday, July 30, 2014 3:29 PM > To: [email protected] > Subject: Re: [oe] [meta-networking][PATCH] ipsec-tools: Fix pfkey UPDATE > failure caused by EINTR > > On Mon, Jul 28, 2014 at 04:08:01AM -0400, [email protected] wrote: > > From: Xufeng Zhang <[email protected]> > > > > While kernel is processing the UPDATE message which is sent from > > racoon, it maybe interrupted by certain system signal and if this case > > happens, kernel responds with an EINTR message to racoon and kernel > > fails to establish the corresponding SA. > > Fix this problem by resend the UPDATE message when EINTR(Interrupted > > system call) error happens. > > Is this still needed after:
Sorry I missed this. I checked that this is still needed even after: commit 4d7e174324d61c8da79152b67c4e8a434bd2d078 Author: Roy Li <[email protected]> Date: Tue Aug 12 15:19:20 2014 +0800 ipsec-tools: uprev it to 0.8.2 Remove 0001-Fix-warning-with-gcc-4.8.patch, it has been in 0.8.2 Signed-off-by: Roy Li <[email protected]> Signed-off-by: Martin Jansa <[email protected]> So I will rebase on that and re-send the patch. Thanks, Jackie > > commit 2ea5feedac7ba04417ce95ba0b14a8ce478614f6 > Author: Roy Li <[email protected]> > Date: Thu Jul 24 16:51:23 2014 +0800 > > ipsec-tools: several fixes > > Please check and send follow-up change if needed. > > > > > Signed-off-by: Xufeng Zhang <[email protected]> > > Signed-off-by: Jackie Huang <[email protected]> > > --- > > ...PDATE-message-when-received-EINTR-message.patch | 220 > > +++++++++++++++++++++ > > .../ipsec-tools/ipsec-tools_0.8.1.bb | 1 + > > 2 files changed, 221 insertions(+) > > create mode 100644 > > meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resend- > > UPDATE-message-when-received-EINTR-message.patch > > > > diff --git > > a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resen > > d-UPDATE-message-when-received-EINTR-message.patch > > b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resen > > d-UPDATE-message-when-received-EINTR-message.patch > > new file mode 100644 > > index 0000000..1ec5a41 > > --- /dev/null > > +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-R > > +++ esend-UPDATE-message-when-received-EINTR-message.patch > > @@ -0,0 +1,220 @@ > > +racoon: Resend UPDATE message when received EINTR message > > + > > +Upstream-Status: Pending > > + > > +While kernel is processing the UPDATE message which is sent from > > +racoon, it maybe interrupted by system signal and if this case > > +happens, kernel responds with an EINTR message to racoon and kernel > > +fails to establish the corresponding SA. > > +Fix this problem by resend the UPDATE message when EINTR(Interrupted > > +system call) error happens. > > + > > +Signed-off-by: Xufeng Zhang <[email protected]> > > +--- > > +--- a/src/libipsec/libpfkey.h > > ++++ b/src/libipsec/libpfkey.h > > +@@ -92,6 +92,12 @@ > > + u_int16_t ctxstrlen; /* length of security context string */ > > + }; > > + > > ++struct update_msg_info { > > ++ struct sadb_msg *update_msg; > > ++ int so; > > ++ int len; > > ++}; > > ++ > > + /* The options built into libipsec */ extern int libipsec_opt; > > + #define LIBIPSEC_OPT_NATT 0x01 > > +--- a/src/libipsec/pfkey.c > > ++++ b/src/libipsec/pfkey.c > > +@@ -1219,7 +1219,8 @@ > > + } > > + #endif > > + > > +- > > ++struct update_msg_info update_msg_send = {NULL, 0, 0}; > > ++ > > + /* sending SADB_ADD or SADB_UPDATE message to the kernel */ static > > +int pfkey_send_x1(struct pfkey_send_sa_args *sa_parms) @@ -1483,10 > > ++1484,24 @@ > > + > > + /* send message */ > > + len = pfkey_send(sa_parms->so, newmsg, len); > > +- free(newmsg); > > + > > +- if (len < 0) > > +- return -1; > > ++ if (newmsg->sadb_msg_type == SADB_UPDATE) { > > ++ if (update_msg_send.update_msg) > > ++ free(update_msg_send.update_msg); > > ++ update_msg_send.update_msg = newmsg; > > ++ update_msg_send.so = sa_parms->so; > > ++ update_msg_send.len = len; > > ++ > > ++ if (len < 0) { > > ++ free(update_msg_send.update_msg); > > ++ update_msg_send.update_msg = NULL; > > ++ return -1; > > ++ } > > ++ } else { > > ++ free(newmsg); > > ++ if (len < 0) > > ++ return -1; > > ++ } > > + > > + __ipsec_errcode = EIPSEC_NO_ERROR; > > + return len; > > +--- a/src/racoon/session.c > > ++++ b/src/racoon/session.c > > +@@ -100,6 +100,8 @@ > > + > > + #include "sainfo.h" > > + > > ++extern struct update_msg_info update_msg_send; > > ++ > > + struct fd_monitor { > > + int (*callback)(void *ctx, int fd); > > + void *ctx; > > +@@ -348,6 +350,11 @@ > > + close_sockets(); > > + backupsa_clean(); > > + > > ++ if (update_msg_send.update_msg) { > > ++ free(update_msg_send.update_msg); > > ++ update_msg_send.update_msg = NULL; > > ++ } > > ++ > > + plog(LLV_INFO, LOCATION, NULL, "racoon process %d shutdown\n", > > + getpid()); > > + > > + exit(0); > > +--- a/src/racoon/pfkey.c > > ++++ b/src/racoon/pfkey.c > > +@@ -103,10 +103,12 @@ > > + #include "crypto_openssl.h" > > + #include "grabmyaddr.h" > > ++#include "../libipsec/libpfkey.h" > > + > > + #if defined(SADB_X_EALG_RIJNDAELCBC) && !defined(SADB_X_EALG_AESCBC) > > + #define SADB_X_EALG_AESCBC SADB_X_EALG_RIJNDAELCBC #endif > > + > > ++extern struct update_msg_info update_msg_send; > > + /* prototype */ > > + static u_int ipsecdoi2pfkey_aalg __P((u_int)); static u_int > > +ipsecdoi2pfkey_ealg __P((u_int)); @@ -253,6 +255,13 @@ > > + s_pfkey_type(msg->sadb_msg_type), > > + strerror(msg->sadb_msg_errno)); > > + > > ++ if (msg->sadb_msg_errno == EINTR && > > ++ update_msg_send.update_msg) { > > ++ plog(LLV_DEBUG, LOCATION, NULL, > > ++ "pfkey update resend\n"); > > ++ send(update_msg_send.so, (void > > *)update_msg_send.update_msg, > (socklen_t)update_msg_send.len, 0); > > ++ } > > ++ > > + goto end; > > + } > > + > > +@@ -498,6 +507,11 @@ > > + { > > + flushsp(); > > + > > ++ if (update_msg_send.update_msg) { > > ++ free(update_msg_send.update_msg); > > ++ update_msg_send.update_msg = NULL; > > ++ } > > ++ > > + if (pfkey_send_spddump(lcconf->sock_pfkey) < 0) { > > + plog(LLV_ERROR, LOCATION, NULL, > > + "libipsec sending spddump failed: %s\n", @@ -1295,6 > > +1309,8 @@ > > + return 0; > > + } > > + > > ++int update_received = 0; > > ++ > > + static int > > + pk_recvupdate(mhp) > > + caddr_t *mhp; > > +@@ -1307,6 +1323,13 @@ > > + int incomplete = 0; > > + struct saproto *pr; > > + > > ++ update_received = 1; > > ++ > > ++ if (update_msg_send.update_msg) { > > ++ free(update_msg_send.update_msg); > > ++ update_msg_send.update_msg = NULL; > > ++ } > > ++ > > + /* ignore this message because of local test mode. */ > > + if (f_local) > > + return 0; > > +@@ -4163,3 +4186,8 @@ > > + > > + return buf; > > + } > > ++ > > ++int receive_from_isakmp() > > ++{ > > ++ return pfkey_handler(NULL, lcconf->sock_pfkey); } > > +--- a/src/racoon/pfkey.h > > ++++ b/src/racoon/pfkey.h > > +@@ -71,5 +71,6 @@ > > + extern u_int32_t pk_getseq __P((void)); extern const char > > +*sadbsecas2str > > + __P((struct sockaddr *, struct sockaddr *, int, u_int32_t, int)); > > ++extern int receive_from_isakmp __P((void)); > > + > > + #endif /* _PFKEY_H */ > > +--- a/src/racoon/isakmp_quick.c > > ++++ b/src/racoon/isakmp_quick.c > > +@@ -774,6 +774,8 @@ > > + return error; > > + } > > + > > ++extern int update_received; > > ++ > > + /* > > + * send to responder > > + * HDR*, HASH(3) > > +@@ -892,6 +894,11 @@ > > + } > > + plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n"); > > + > > ++ while (!update_received) > > ++ receive_from_isakmp(); > > ++ > > ++ update_received = 0; > > ++ > > + /* Do ADD for responder */ > > + if (pk_sendadd(iph2) < 0) { > > + plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n"); @@ > > -1035,6 > > ++1042,11 @@ > > + } > > + plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n"); > > + > > ++ while (!update_received) > > ++ receive_from_isakmp(); > > ++ > > ++ update_received = 0; > > ++ > > + /* Do ADD for responder */ > > + if (pk_sendadd(iph2) < 0) { > > + plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n"); @@ > > -1989,6 > > ++2001,11 @@ > > + } > > + plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n"); > > + > > ++ while (!update_received) > > ++ receive_from_isakmp(); > > ++ > > ++ update_received = 0; > > ++ > > + /* Do ADD for responder */ > > + if (pk_sendadd(iph2) < 0) { > > + plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n"); > > diff --git > > a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb > > b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb > > index 2e5c0a4..0332f7f 100644 > > --- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb > > +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb > > @@ -11,6 +11,7 @@ SRC_URI = > > "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools- > ${PV > > file://0001-Fix-warning-with-gcc-4.8.patch \ > > file://0002-Don-t-link-against-libfl.patch \ > > file://configure.patch \ > > + > > + file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patc > > + h \ > > " > > SRC_URI[md5sum] = "d38b39f291ba2962387c3232e7335dd8" > > SRC_URI[sha256sum] = > "fa4a95bb36842f001b84c4e7a1bb727e3ee06147edbc830a881d63abe8153dd4" > > -- > > 2.0.0 > > > > -- > > _______________________________________________ > > Openembedded-devel mailing list > > [email protected] > > http://lists.openembedded.org/mailman/listinfo/openembedded-devel > > -- > Martin 'JaMa' Jansa jabber: [email protected] -- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
