[oe] [meta-networking][PATCH] ipsec-tools: Fix pfkey UPDATE failure caused by EINTR
Huang, Jie (Jackie)
Jackie.Huang at windriver.com
Fri Aug 29 06:36:27 UTC 2014
> -----Original Message-----
> From: openembedded-devel-bounces at lists.openembedded.org [mailto:openembedded-devel-
> bounces at lists.openembedded.org] On Behalf Of Martin Jansa
> Sent: Wednesday, July 30, 2014 3:29 PM
> To: openembedded-devel at lists.openembedded.org
> Subject: Re: [oe] [meta-networking][PATCH] ipsec-tools: Fix pfkey UPDATE failure caused by EINTR
>
> On Mon, Jul 28, 2014 at 04:08:01AM -0400, jackie.huang at windriver.com wrote:
> > From: Xufeng Zhang <xufeng.zhang at windriver.com>
> >
> > While kernel is processing the UPDATE message which is sent from
> > racoon, it maybe interrupted by certain system signal and if this case
> > happens, kernel responds with an EINTR message to racoon and kernel
> > fails to establish the corresponding SA.
> > Fix this problem by resend the UPDATE message when EINTR(Interrupted
> > system call) error happens.
>
> Is this still needed after:
Sorry I missed this. I checked that this is still needed even after:
commit 4d7e174324d61c8da79152b67c4e8a434bd2d078
Author: Roy Li <rongqing.li at windriver.com>
Date: Tue Aug 12 15:19:20 2014 +0800
ipsec-tools: uprev it to 0.8.2
Remove 0001-Fix-warning-with-gcc-4.8.patch, it has been in 0.8.2
Signed-off-by: Roy Li <rongqing.li at windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
So I will rebase on that and re-send the patch.
Thanks,
Jackie
>
> commit 2ea5feedac7ba04417ce95ba0b14a8ce478614f6
> Author: Roy Li <rongqing.li at windriver.com>
> Date: Thu Jul 24 16:51:23 2014 +0800
>
> ipsec-tools: several fixes
>
> Please check and send follow-up change if needed.
>
> >
> > Signed-off-by: Xufeng Zhang <xufeng.zhang at windriver.com>
> > Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
> > ---
> > ...PDATE-message-when-received-EINTR-message.patch | 220 +++++++++++++++++++++
> > .../ipsec-tools/ipsec-tools_0.8.1.bb | 1 +
> > 2 files changed, 221 insertions(+)
> > create mode 100644
> > meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resend-
> > UPDATE-message-when-received-EINTR-message.patch
> >
> > diff --git
> > a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resen
> > d-UPDATE-message-when-received-EINTR-message.patch
> > b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resen
> > d-UPDATE-message-when-received-EINTR-message.patch
> > new file mode 100644
> > index 0000000..1ec5a41
> > --- /dev/null
> > +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-R
> > +++ esend-UPDATE-message-when-received-EINTR-message.patch
> > @@ -0,0 +1,220 @@
> > +racoon: Resend UPDATE message when received EINTR message
> > +
> > +Upstream-Status: Pending
> > +
> > +While kernel is processing the UPDATE message which is sent from
> > +racoon, it maybe interrupted by system signal and if this case
> > +happens, kernel responds with an EINTR message to racoon and kernel
> > +fails to establish the corresponding SA.
> > +Fix this problem by resend the UPDATE message when EINTR(Interrupted
> > +system call) error happens.
> > +
> > +Signed-off-by: Xufeng Zhang <xufeng.zhang at windriver.com>
> > +---
> > +--- a/src/libipsec/libpfkey.h
> > ++++ b/src/libipsec/libpfkey.h
> > +@@ -92,6 +92,12 @@
> > + u_int16_t ctxstrlen; /* length of security context string */
> > + };
> > +
> > ++struct update_msg_info {
> > ++ struct sadb_msg *update_msg;
> > ++ int so;
> > ++ int len;
> > ++};
> > ++
> > + /* The options built into libipsec */ extern int libipsec_opt;
> > + #define LIBIPSEC_OPT_NATT 0x01
> > +--- a/src/libipsec/pfkey.c
> > ++++ b/src/libipsec/pfkey.c
> > +@@ -1219,7 +1219,8 @@
> > + }
> > + #endif
> > +
> > +-
> > ++struct update_msg_info update_msg_send = {NULL, 0, 0};
> > ++
> > + /* sending SADB_ADD or SADB_UPDATE message to the kernel */ static
> > +int pfkey_send_x1(struct pfkey_send_sa_args *sa_parms) @@ -1483,10
> > ++1484,24 @@
> > +
> > + /* send message */
> > + len = pfkey_send(sa_parms->so, newmsg, len);
> > +- free(newmsg);
> > +
> > +- if (len < 0)
> > +- return -1;
> > ++ if (newmsg->sadb_msg_type == SADB_UPDATE) {
> > ++ if (update_msg_send.update_msg)
> > ++ free(update_msg_send.update_msg);
> > ++ update_msg_send.update_msg = newmsg;
> > ++ update_msg_send.so = sa_parms->so;
> > ++ update_msg_send.len = len;
> > ++
> > ++ if (len < 0) {
> > ++ free(update_msg_send.update_msg);
> > ++ update_msg_send.update_msg = NULL;
> > ++ return -1;
> > ++ }
> > ++ } else {
> > ++ free(newmsg);
> > ++ if (len < 0)
> > ++ return -1;
> > ++ }
> > +
> > + __ipsec_errcode = EIPSEC_NO_ERROR;
> > + return len;
> > +--- a/src/racoon/session.c
> > ++++ b/src/racoon/session.c
> > +@@ -100,6 +100,8 @@
> > +
> > + #include "sainfo.h"
> > +
> > ++extern struct update_msg_info update_msg_send;
> > ++
> > + struct fd_monitor {
> > + int (*callback)(void *ctx, int fd);
> > + void *ctx;
> > +@@ -348,6 +350,11 @@
> > + close_sockets();
> > + backupsa_clean();
> > +
> > ++ if (update_msg_send.update_msg) {
> > ++ free(update_msg_send.update_msg);
> > ++ update_msg_send.update_msg = NULL;
> > ++ }
> > ++
> > + plog(LLV_INFO, LOCATION, NULL, "racoon process %d shutdown\n",
> > + getpid());
> > +
> > + exit(0);
> > +--- a/src/racoon/pfkey.c
> > ++++ b/src/racoon/pfkey.c
> > +@@ -103,10 +103,12 @@
> > + #include "crypto_openssl.h"
> > + #include "grabmyaddr.h"
> > ++#include "../libipsec/libpfkey.h"
> > +
> > + #if defined(SADB_X_EALG_RIJNDAELCBC) && !defined(SADB_X_EALG_AESCBC)
> > + #define SADB_X_EALG_AESCBC SADB_X_EALG_RIJNDAELCBC #endif
> > +
> > ++extern struct update_msg_info update_msg_send;
> > + /* prototype */
> > + static u_int ipsecdoi2pfkey_aalg __P((u_int)); static u_int
> > +ipsecdoi2pfkey_ealg __P((u_int)); @@ -253,6 +255,13 @@
> > + s_pfkey_type(msg->sadb_msg_type),
> > + strerror(msg->sadb_msg_errno));
> > +
> > ++ if (msg->sadb_msg_errno == EINTR &&
> > ++ update_msg_send.update_msg) {
> > ++ plog(LLV_DEBUG, LOCATION, NULL,
> > ++ "pfkey update resend\n");
> > ++ send(update_msg_send.so, (void *)update_msg_send.update_msg,
> (socklen_t)update_msg_send.len, 0);
> > ++ }
> > ++
> > + goto end;
> > + }
> > +
> > +@@ -498,6 +507,11 @@
> > + {
> > + flushsp();
> > +
> > ++ if (update_msg_send.update_msg) {
> > ++ free(update_msg_send.update_msg);
> > ++ update_msg_send.update_msg = NULL;
> > ++ }
> > ++
> > + if (pfkey_send_spddump(lcconf->sock_pfkey) < 0) {
> > + plog(LLV_ERROR, LOCATION, NULL,
> > + "libipsec sending spddump failed: %s\n", @@ -1295,6 +1309,8 @@
> > + return 0;
> > + }
> > +
> > ++int update_received = 0;
> > ++
> > + static int
> > + pk_recvupdate(mhp)
> > + caddr_t *mhp;
> > +@@ -1307,6 +1323,13 @@
> > + int incomplete = 0;
> > + struct saproto *pr;
> > +
> > ++ update_received = 1;
> > ++
> > ++ if (update_msg_send.update_msg) {
> > ++ free(update_msg_send.update_msg);
> > ++ update_msg_send.update_msg = NULL;
> > ++ }
> > ++
> > + /* ignore this message because of local test mode. */
> > + if (f_local)
> > + return 0;
> > +@@ -4163,3 +4186,8 @@
> > +
> > + return buf;
> > + }
> > ++
> > ++int receive_from_isakmp()
> > ++{
> > ++ return pfkey_handler(NULL, lcconf->sock_pfkey); }
> > +--- a/src/racoon/pfkey.h
> > ++++ b/src/racoon/pfkey.h
> > +@@ -71,5 +71,6 @@
> > + extern u_int32_t pk_getseq __P((void)); extern const char
> > +*sadbsecas2str
> > + __P((struct sockaddr *, struct sockaddr *, int, u_int32_t, int));
> > ++extern int receive_from_isakmp __P((void));
> > +
> > + #endif /* _PFKEY_H */
> > +--- a/src/racoon/isakmp_quick.c
> > ++++ b/src/racoon/isakmp_quick.c
> > +@@ -774,6 +774,8 @@
> > + return error;
> > + }
> > +
> > ++extern int update_received;
> > ++
> > + /*
> > + * send to responder
> > + * HDR*, HASH(3)
> > +@@ -892,6 +894,11 @@
> > + }
> > + plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n");
> > +
> > ++ while (!update_received)
> > ++ receive_from_isakmp();
> > ++
> > ++ update_received = 0;
> > ++
> > + /* Do ADD for responder */
> > + if (pk_sendadd(iph2) < 0) {
> > + plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n"); @@ -1035,6
> > ++1042,11 @@
> > + }
> > + plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n");
> > +
> > ++ while (!update_received)
> > ++ receive_from_isakmp();
> > ++
> > ++ update_received = 0;
> > ++
> > + /* Do ADD for responder */
> > + if (pk_sendadd(iph2) < 0) {
> > + plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n"); @@ -1989,6
> > ++2001,11 @@
> > + }
> > + plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n");
> > +
> > ++ while (!update_received)
> > ++ receive_from_isakmp();
> > ++
> > ++ update_received = 0;
> > ++
> > + /* Do ADD for responder */
> > + if (pk_sendadd(iph2) < 0) {
> > + plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n");
> > diff --git
> > a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
> > b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
> > index 2e5c0a4..0332f7f 100644
> > --- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
> > +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
> > @@ -11,6 +11,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-
> ${PV
> > file://0001-Fix-warning-with-gcc-4.8.patch \
> > file://0002-Don-t-link-against-libfl.patch \
> > file://configure.patch \
> > +
> > + file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patc
> > + h \
> > "
> > SRC_URI[md5sum] = "d38b39f291ba2962387c3232e7335dd8"
> > SRC_URI[sha256sum] =
> "fa4a95bb36842f001b84c4e7a1bb727e3ee06147edbc830a881d63abe8153dd4"
> > --
> > 2.0.0
> >
> > --
> > _______________________________________________
> > Openembedded-devel mailing list
> > Openembedded-devel at lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>
> --
> Martin 'JaMa' Jansa jabber: Martin.Jansa at gmail.com
More information about the Openembedded-devel
mailing list