From: Joe MacDonald <Joe_MacDonald@mentor.com>
To: <openembedded-devel@lists.openembedded.org>
Subject: Re: [meta-networking][PATCH v2] ipsec-tools: Fix pfkey UPDATE failure caused by EINTR
Date: Tue, 9 Sep 2014 09:08:43 -0400 [thread overview]
Message-ID: <20140909130842.GE2125@mentor.com> (raw)
In-Reply-To: <1409294700-20567-1-git-send-email-jackie.huang@windriver.com>
[-- Attachment #1: Type: text/plain, Size: 8580 bytes --]
Merged, with just a little bit of whitespace cleanup. Thanks.
-J.
[[oe] [meta-networking][PATCH v2] ipsec-tools: Fix pfkey UPDATE failure caused by EINTR] On 14.08.29 (Fri 02:45) jackie.huang@windriver.com wrote:
> From: Jackie Huang <jackie.huang@windriver.com>
>
> While kernel is processing the UPDATE message which is sent from racoon,
> it maybe interrupted by certain system signal and if this case happens,
> kernel responds with an EINTR message to racoon and kernel fails to
> establish the corresponding SA.
> Fix this problem by resend the UPDATE message when EINTR(Interrupted
> system call) error happens.
>
> Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
> Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
> ---
> ...PDATE-message-when-received-EINTR-message.patch | 220 +++++++++++++++++++++
> .../ipsec-tools/ipsec-tools_0.8.2.bb | 1 +
> 2 files changed, 221 insertions(+)
> create mode 100644 meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resend-UPDATE-message-when-received-EINTR-message.patch
>
> diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resend-UPDATE-message-when-received-EINTR-message.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resend-UPDATE-message-when-received-EINTR-message.patch
> new file mode 100644
> index 0000000..1ec5a41
> --- /dev/null
> +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resend-UPDATE-message-when-received-EINTR-message.patch
> @@ -0,0 +1,220 @@
> +racoon: Resend UPDATE message when received EINTR message
> +
> +Upstream-Status: Pending
> +
> +While kernel is processing the UPDATE message which is sent from racoon,
> +it maybe interrupted by system signal and if this case happens,
> +kernel responds with an EINTR message to racoon and kernel fails to
> +establish the corresponding SA.
> +Fix this problem by resend the UPDATE message when EINTR(Interrupted
> +system call) error happens.
> +
> +Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
> +---
> +--- a/src/libipsec/libpfkey.h
> ++++ b/src/libipsec/libpfkey.h
> +@@ -92,6 +92,12 @@
> + u_int16_t ctxstrlen; /* length of security context string */
> + };
> +
> ++struct update_msg_info {
> ++ struct sadb_msg *update_msg;
> ++ int so;
> ++ int len;
> ++};
> ++
> + /* The options built into libipsec */
> + extern int libipsec_opt;
> + #define LIBIPSEC_OPT_NATT 0x01
> +--- a/src/libipsec/pfkey.c
> ++++ b/src/libipsec/pfkey.c
> +@@ -1219,7 +1219,8 @@
> + }
> + #endif
> +
> +-
> ++struct update_msg_info update_msg_send = {NULL, 0, 0};
> ++
> + /* sending SADB_ADD or SADB_UPDATE message to the kernel */
> + static int
> + pfkey_send_x1(struct pfkey_send_sa_args *sa_parms)
> +@@ -1483,10 +1484,24 @@
> +
> + /* send message */
> + len = pfkey_send(sa_parms->so, newmsg, len);
> +- free(newmsg);
> +
> +- if (len < 0)
> +- return -1;
> ++ if (newmsg->sadb_msg_type == SADB_UPDATE) {
> ++ if (update_msg_send.update_msg)
> ++ free(update_msg_send.update_msg);
> ++ update_msg_send.update_msg = newmsg;
> ++ update_msg_send.so = sa_parms->so;
> ++ update_msg_send.len = len;
> ++
> ++ if (len < 0) {
> ++ free(update_msg_send.update_msg);
> ++ update_msg_send.update_msg = NULL;
> ++ return -1;
> ++ }
> ++ } else {
> ++ free(newmsg);
> ++ if (len < 0)
> ++ return -1;
> ++ }
> +
> + __ipsec_errcode = EIPSEC_NO_ERROR;
> + return len;
> +--- a/src/racoon/session.c
> ++++ b/src/racoon/session.c
> +@@ -100,6 +100,8 @@
> +
> + #include "sainfo.h"
> +
> ++extern struct update_msg_info update_msg_send;
> ++
> + struct fd_monitor {
> + int (*callback)(void *ctx, int fd);
> + void *ctx;
> +@@ -348,6 +350,11 @@
> + close_sockets();
> + backupsa_clean();
> +
> ++ if (update_msg_send.update_msg) {
> ++ free(update_msg_send.update_msg);
> ++ update_msg_send.update_msg = NULL;
> ++ }
> ++
> + plog(LLV_INFO, LOCATION, NULL, "racoon process %d shutdown\n", getpid());
> +
> + exit(0);
> +--- a/src/racoon/pfkey.c
> ++++ b/src/racoon/pfkey.c
> +@@ -103,10 +103,12 @@
> + #include "crypto_openssl.h"
> + #include "grabmyaddr.h"
> ++#include "../libipsec/libpfkey.h"
> +
> + #if defined(SADB_X_EALG_RIJNDAELCBC) && !defined(SADB_X_EALG_AESCBC)
> + #define SADB_X_EALG_AESCBC SADB_X_EALG_RIJNDAELCBC
> + #endif
> +
> ++extern struct update_msg_info update_msg_send;
> + /* prototype */
> + static u_int ipsecdoi2pfkey_aalg __P((u_int));
> + static u_int ipsecdoi2pfkey_ealg __P((u_int));
> +@@ -253,6 +255,13 @@
> + s_pfkey_type(msg->sadb_msg_type),
> + strerror(msg->sadb_msg_errno));
> +
> ++ if (msg->sadb_msg_errno == EINTR &&
> ++ update_msg_send.update_msg) {
> ++ plog(LLV_DEBUG, LOCATION, NULL,
> ++ "pfkey update resend\n");
> ++ send(update_msg_send.so, (void *)update_msg_send.update_msg, (socklen_t)update_msg_send.len, 0);
> ++ }
> ++
> + goto end;
> + }
> +
> +@@ -498,6 +507,11 @@
> + {
> + flushsp();
> +
> ++ if (update_msg_send.update_msg) {
> ++ free(update_msg_send.update_msg);
> ++ update_msg_send.update_msg = NULL;
> ++ }
> ++
> + if (pfkey_send_spddump(lcconf->sock_pfkey) < 0) {
> + plog(LLV_ERROR, LOCATION, NULL,
> + "libipsec sending spddump failed: %s\n",
> +@@ -1295,6 +1309,8 @@
> + return 0;
> + }
> +
> ++int update_received = 0;
> ++
> + static int
> + pk_recvupdate(mhp)
> + caddr_t *mhp;
> +@@ -1307,6 +1323,13 @@
> + int incomplete = 0;
> + struct saproto *pr;
> +
> ++ update_received = 1;
> ++
> ++ if (update_msg_send.update_msg) {
> ++ free(update_msg_send.update_msg);
> ++ update_msg_send.update_msg = NULL;
> ++ }
> ++
> + /* ignore this message because of local test mode. */
> + if (f_local)
> + return 0;
> +@@ -4163,3 +4186,8 @@
> +
> + return buf;
> + }
> ++
> ++int receive_from_isakmp()
> ++{
> ++ return pfkey_handler(NULL, lcconf->sock_pfkey);
> ++}
> +--- a/src/racoon/pfkey.h
> ++++ b/src/racoon/pfkey.h
> +@@ -71,5 +71,6 @@
> + extern u_int32_t pk_getseq __P((void));
> + extern const char *sadbsecas2str
> + __P((struct sockaddr *, struct sockaddr *, int, u_int32_t, int));
> ++extern int receive_from_isakmp __P((void));
> +
> + #endif /* _PFKEY_H */
> +--- a/src/racoon/isakmp_quick.c
> ++++ b/src/racoon/isakmp_quick.c
> +@@ -774,6 +774,8 @@
> + return error;
> + }
> +
> ++extern int update_received;
> ++
> + /*
> + * send to responder
> + * HDR*, HASH(3)
> +@@ -892,6 +894,11 @@
> + }
> + plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n");
> +
> ++ while (!update_received)
> ++ receive_from_isakmp();
> ++
> ++ update_received = 0;
> ++
> + /* Do ADD for responder */
> + if (pk_sendadd(iph2) < 0) {
> + plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n");
> +@@ -1035,6 +1042,11 @@
> + }
> + plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n");
> +
> ++ while (!update_received)
> ++ receive_from_isakmp();
> ++
> ++ update_received = 0;
> ++
> + /* Do ADD for responder */
> + if (pk_sendadd(iph2) < 0) {
> + plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n");
> +@@ -1989,6 +2001,11 @@
> + }
> + plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n");
> +
> ++ while (!update_received)
> ++ receive_from_isakmp();
> ++
> ++ update_received = 0;
> ++
> + /* Do ADD for responder */
> + if (pk_sendadd(iph2) < 0) {
> + plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n");
> diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
> index 208268f..5fb3e4f 100644
> --- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
> +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
> @@ -13,6 +13,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV
> file://0001-racoon-pfkey-avoid-potential-null-pointer-dereferenc.patch \
> file://racoon-check-invalid-pointers.patch \
> file://racoon-check-invalid-ivm.patch \
> + file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \
> "
> SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41"
> SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d"
> --
> 2.0.0
>
--
-Joe MacDonald.
:wq
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 501 bytes --]
prev parent reply other threads:[~2014-09-09 13:08 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-29 6:45 [meta-networking][PATCH v2] ipsec-tools: Fix pfkey UPDATE failure caused by EINTR jackie.huang
2014-09-09 13:08 ` Joe MacDonald [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140909130842.GE2125@mentor.com \
--to=joe_macdonald@mentor.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.