Racoon and setkey problems

[Misak Khachatryan]

Hello there,

I 4 machines with ipsec confingured by racoon and running well by
several years. A three week ago 3 of them starting to fill the log
with messages like this:

Feb 19 10:17:57 rtr-1 racoon: [10.1.0.2] ERROR: failed to process ph2
packet (side: 1, status: 8).
  Feb 19 10:17:57 rtr-1 racoon: [10.1.0.2] ERROR: phase2
negotiation failed.
Feb 19 10:17:58 rtr-1 racoon: ERROR: libipsec failed send update (No
buffer space available)
Feb 19 10:17:58 rtr-1 racoon: ERROR: pfkey update failed.
Feb 19 10:17:58 rtr-1 racoon: [10.0.0.2] ERROR: failed to process ph2
packet (side: 0, status: 8).
Feb 19 10:17:58 rtr-1 racoon: [10.0.0.2] ERROR: phase2 negotiation failed.
Feb 19 10:18:00 rtr-1 racoon: ERROR: libipsec failed send update (No
buffer space available)
Feb 19 10:18:00 rtr-1 racoon: ERROR: pfkey update failed.

I see also increasing counter of "messages with memory allocation
failure" on "sent to userland" part.

# netstat -s -p pfkey
pfkey:
   3067523 requests sent from userland
   453974456 bytes sent from userland
   histogram by message type:
   getspi: 1533688
   update: 1533640
   add: 25
   delete: 1
   acquire: 42
   register: 16
   flush: 10
   dump: 18
   x_promisc: 23
   x_spdadd: 48
   x_spddump: 5
   x_spdflush: 7
   0 messages with invalid length field
   0 messages with invalid version field
   0 messages with invalid message type field
   0 messages too short
   0 messages with memory allocation failure
   0 messages with duplicate extension
   0 messages with invalid extension type
   0 messages with invalid sa type
   0 messages with invalid address extension
   7717719 requests sent to userland
   1461098984 bytes sent to userland
   histogram by message type:
   getspi: 1533688
   update: 1533640
   add: 25
   delete: 1
   acquire: 1569975
   register: 16
   expire: 2968244
   flush: 10
   dump: 111982
   x_promisc: 48
   x_spdadd: 48
   x_spddump: 60
   x_spdflush: 7
   1757766 messages toward single socket
   1533864 messages toward all sockets
   9076534 messages toward registered sockets
   1644111 messages with memory allocation failure

3 of machines running   10.4-RELEASE-p1, one 10.3.
Two of the machine almost the same, only ip addresses and few lines of
configs differ. One is OK, other one have problem.

Running almost any setkey command leads to:

 # setkey -x
setkey: send: No buffer space available

All packet versions are completely the same, binaries exactly same size.

Any help will be appreciated.

Best regards,
Misak Khachatryan
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 7556] [ppp] sl_compress_init() will fail if called anything else than -1 or >MAX_STATE

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=7556

Mark Linimon  changed:

   What|Removed |Added

   Assignee|freebsd-b...@freebsd.org|freebsd-net@FreeBSD.org

-- 
You are receiving this mail because:
You are the assignee for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #27 from commit-h...@freebsd.org ---
A commit references this bug:

Author: ae
Date: Sun Feb 18 11:36:46 UTC 2018
New revision: 329518
URL: https://svnweb.freebsd.org/changeset/base/329518

Log:
  MFC r329101:
Reinitialize IP header length after checksum calculation. It is used
later by TCP-MD5 code.

This fixes the problem with broken TCP-MD5 over IPv4 when NIC has
disabled TCP checksum offloading.

PR: 223835

Changes:
_U  stable/11/
  stable/11/sys/netinet/tcp_input.c

-- 
You are receiving this mail because:
You are on the CC list for the bug.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"