On Mon, Oct 10, 2016 at 21:13 +0000, Christian Weisgerber wrote:
> On 2016-10-09, Christian Weisgerber <na...@mips.inka.de> wrote:
>
> > Found by bisection. The culprit is this commit:
> >
> > ------------------------------------------------------------------------
> > CVSROOT: /cvs
> > Module name: src
> > Changes by: mar...@cvs.openbsd.org 2016/09/13 13:56:55
> >
> > Modified files:
> > sys/kern : uipc_mbuf.c
> > sys/netinet : ip_ah.c ip_esp.c ip_ipcomp.c ipsec_output.c
> > sys/sys : mbuf.h
> > share/man/man9 : mbuf.9
> >
> > Log message:
> > avoid extensive mbuf allocation for IPsec by replacing m_inject(4)
> > with m_makespace(4) from freebsd; ok mpi@, bluhm@, mikeb@, dlg@
> > ------------------------------------------------------------------------
>
> I don't see anything wrong in there. Maybe the problem is elsewhere
> and that change just triggers it.
>
> Meanwhile, here's a less invasive "backout" that neuters m_makespace()
> so it produces the same mbuf chains as m_inject() did. This makes
> the bug disappear.
>
I can't find any immediate deficiencies in the m_makespace.
It's also not clear what's wrong with those broken NS/ND
packets that you receive. Do you get any ESP errors?
We need to know what kind of chains are being affected.
Could you please try the following diff. Unfortunately,
it might produce too much output. If you could narrow it
down to affected packets this would help a lot.
diff --git sys/kern/uipc_mbuf.c sys/kern/uipc_mbuf.c
index d6b248f..cf9c650 100644
--- sys/kern/uipc_mbuf.c
+++ sys/kern/uipc_mbuf.c
@@ -996,10 +996,34 @@ extpacket:
n->m_next = m->m_next;
m->m_next = NULL;
return (n);
}
+static void
+m_hexdump(const char *where, struct mbuf *m)
+{
+ char *desc;
+ int len;
+
+ while (m != NULL) {
+ len = MLEN;
+ desc = "MBUF";
+ if (m->m_flags & M_EXT) {
+ len = m->m_ext.ext_size;
+ desc = "CLUSTER";
+ } else if (m->m_flags & M_PKTHDR) {
+ len = MHLEN;
+ desc = "PKTHDR";
+ }
+ printf("%s: %s (%p): len %d, total %d, leading(-) %d, "
+ "trailing(+) %d\n", where, desc, m, m->m_len, len,
+ m_leadingspace(m), m_trailingspace(m));
+ m = m->m_next;
+ }
+ printf("=======================\n");
+}
+
/*
* Make space for a new header of length hlen at skip bytes
* into the packet. When doing this we allocate new mbufs only
* when absolutely necessary. The mbuf where the new header
* is to go is returned together with an offset into the mbuf.
@@ -1032,10 +1056,11 @@ m_makespace(struct mbuf *m0, int skip, int hlen, int
*off)
if (skip)
memmove(m->m_data-hlen, m->m_data, skip);
m->m_data -= hlen;
m->m_len += hlen;
(*off) = skip;
+ m_hexdump("1", m0);
} else if (hlen > M_TRAILINGSPACE(m)) {
struct mbuf *n0, *n, **np;
int todo, len, done, alloc;
n0 = NULL;
@@ -1073,10 +1098,11 @@ m_makespace(struct mbuf *m0, int skip, int hlen, int
*off)
*off = skip;
if (n0 != NULL) {
*np = m->m_next;
m->m_next = n0;
}
+ m_hexdump("2", m0);
}
else {
n = m_get(M_DONTWAIT, m->m_type);
if (n == NULL) {
m_freem(n0);
@@ -1105,10 +1131,11 @@ m_makespace(struct mbuf *m0, int skip, int hlen, int
*off)
if (remain > 0)
memmove(mtod(m, caddr_t) + skip + hlen,
mtod(m, caddr_t) + skip, remain);
m->m_len += hlen;
*off = skip;
+ m_hexdump("3", m0);
}
m0->m_pkthdr.len += hlen; /* adjust packet length */
return m;
}
