From: <tim...@ik...> - 2008-01-24 14:34:22
|
Hi all, Here's couple of bug fixes and an updated version of the event refactoring changes. 01-reload-spd.diff: - reload SPD when SIGHUP or adminport reload request is received 02-pfkey-recv-fix.diff: - unchanged, make pfkey socket read errors hard (workaround buggy kernels) 03-admin-events-refactored.diff.gz: - backwards binary compatible (e.g. old racoonctl can talk to new racoon) - modfied ac_errno field to be ac_version on requests when ADMIN_FLAG_VERSION is set - uses anonymous unions which is non-standard but widely supported; we can make it named union and add #defines for ac_version and ac_errno if unnamed unions are deemed too unportable - the global event queue is enabled only when some process uses the old protocol version to connect (helps to save memory) 04-admin-establish-ipsec-sa.diff: - just merged against the new version of event refactoring patch I also noticed that Linux kernels leave sadb_msg_satype uninitialized for SADB_X_SPDFLUSH notifications, which makes pfkey_check fail and thus ignored in Linux. Maybe we could relax pfkey_check a bit? Cheers, Timo |
From: VANHULLEBUS Y. <va...@fr...> - 2008-01-24 15:18:21
|
On Thu, Jan 24, 2008 at 04:36:20PM +0200, Timo Ter?s wrote: > Hi all, Hi. > Here's couple of bug fixes and an updated version of the event refactoring > changes. > > 01-reload-spd.diff: > - reload SPD when SIGHUP or adminport reload request is received Why ? Each SPD update should generate a notification to racoon, so racoon should always have an up to date copy of SPD. > 02-pfkey-recv-fix.diff: > - unchanged, make pfkey socket read errors hard (workaround buggy > kernels) I'll try to handle this one quickly. > 03-admin-events-refactored.diff.gz: > - backwards binary compatible (e.g. old racoonctl can talk to new racoon) > - modfied ac_errno field to be ac_version on requests when > ADMIN_FLAG_VERSION is set > - uses anonymous unions which is non-standard but widely supported; > we can make it named union and add #defines for ac_version and ac_errno > if unnamed unions are deemed too unportable > - the global event queue is enabled only when some process uses the old > protocol version to connect (helps to save memory) > > 04-admin-establish-ipsec-sa.diff: > - just merged against the new version of event refactoring patch I won't have time to have a look at that before a while, and I don't know really well the adminpport/ctl. Manu, Matthew, can one of you handle it ? > I also noticed that Linux kernels leave sadb_msg_satype uninitialized for > SADB_X_SPDFLUSH notifications, which makes pfkey_check fail and thus > ignored in Linux. Maybe we could relax pfkey_check a bit? Well... a correct detection in configure and some kind of BUGGED_PFKEY_SATYPE define may do the job.... Yvan. |
From: <tim...@ik...> - 2008-01-25 09:53:36
|
VANHULLEBUS Yvan wrote: > On Thu, Jan 24, 2008 at 04:36:20PM +0200, Timo Ter?s wrote: >> Here's couple of bug fixes and an updated version of the event refactoring >> changes. >> >> 01-reload-spd.diff: >> - reload SPD when SIGHUP or adminport reload request is received > > Why ? > > Each SPD update should generate a notification to racoon, so racoon > should always have an up to date copy of SPD. Yeah. But due to kernel limitations you don't always get those notifications. E.g. during SPD/SADB dump you might end up losing other messages. Also when setkey reads a huge file, the kernel might spam a lot notifications and make the socket receive queue full resulting lost notifications. This is a real problem at least on Linux and FreeBSD. >> I also noticed that Linux kernels leave sadb_msg_satype uninitialized for >> SADB_X_SPDFLUSH notifications, which makes pfkey_check fail and thus >> ignored in Linux. Maybe we could relax pfkey_check a bit? > > Well... a correct detection in configure and some kind of > BUGGED_PFKEY_SATYPE define may do the job.... I don't think the buggy kernel versions are easily detectable (and it hasn't been fixed yet). Maybe just #ifdef __linux__? Cheers, Timo |
From: Timo T. <tim...@ik...> - 2008-02-28 12:55:51
|
Timo Teräs wrote: > Here's couple of bug fixes and an updated version of the event refactoring > changes. > > 01-reload-spd.diff: > 02-pfkey-recv-fix.diff: > 03-admin-events-refactored.diff.gz: > 04-admin-establish-ipsec-sa.diff: Any chances of getting these committed or some feedback about required changes? - Timo |
From: Matthew G. <mg...@sh...> - 2008-03-01 07:35:22
|
Timo Teräs wrote: > Timo Teräs wrote: >> Here's couple of bug fixes and an updated version of the event refactoring >> changes. >> >> 01-reload-spd.diff: >> 02-pfkey-recv-fix.diff: >> 03-admin-events-refactored.diff.gz: >> 04-admin-establish-ipsec-sa.diff: > > Any chances of getting these committed or some feedback about required changes? > > - Timo > Timo, I should have time to look at them tomorrow. Thanks again for submitting the patches. -Matthew |
From: Matthew G. <mg...@sh...> - 2008-03-06 00:49:40
|
Timo Teräs wrote: > Hi all, > > Here's couple of bug fixes and an updated version of the event refactoring > changes. > > 01-reload-spd.diff: > - reload SPD when SIGHUP or adminport reload request is received > > 02-pfkey-recv-fix.diff: > - unchanged, make pfkey socket read errors hard (workaround buggy > kernels) > > 03-admin-events-refactored.diff.gz: > - backwards binary compatible (e.g. old racoonctl can talk to new racoon) > - modfied ac_errno field to be ac_version on requests when > ADMIN_FLAG_VERSION is set > - uses anonymous unions which is non-standard but widely supported; > we can make it named union and add #defines for ac_version and ac_errno > if unnamed unions are deemed too unportable > - the global event queue is enabled only when some process uses the old > protocol version to connect (helps to save memory) > > 04-admin-establish-ipsec-sa.diff: > - just merged against the new version of event refactoring patch > Timo, These have been committed to head ... 01-reload-spd.diff: 02-pfkey-recv-fix.diff: 03-admin-events-refactored.diff.gz: 04-admin-establish-ipsec-sa.diff: This was committed to 0.7 as well ... 02-pfkey-recv-fix.diff: Thanks, -Matthew |