[oe] [meta-networking][PATCH] ipsec-tools: Fix pfkey UPDATE failure caused by EINTR

Martin Jansa martin.jansa at gmail.com
Wed Jul 30 07:29:11 UTC 2014 

On Mon, Jul 28, 2014 at 04:08:01AM -0400, jackie.huang at windriver.com wrote:
> From: Xufeng Zhang <xufeng.zhang at windriver.com>
> 
> While kernel is processing the UPDATE message which is sent from racoon,
> it maybe interrupted by certain system signal and if this case happens,
> kernel responds with an EINTR message to racoon and kernel fails to
> establish the corresponding SA.
> Fix this problem by resend the UPDATE message when EINTR(Interrupted
> system call) error happens.

Is this still needed after:

commit 2ea5feedac7ba04417ce95ba0b14a8ce478614f6
Author: Roy Li <rongqing.li at windriver.com>
Date:   Thu Jul 24 16:51:23 2014 +0800

    ipsec-tools: several fixes

Please check and send follow-up change if needed.

> 
> Signed-off-by: Xufeng Zhang <xufeng.zhang at windriver.com>
> Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
> ---
>  ...PDATE-message-when-received-EINTR-message.patch | 220 +++++++++++++++++++++
>  .../ipsec-tools/ipsec-tools_0.8.1.bb               |   1 +
>  2 files changed, 221 insertions(+)
>  create mode 100644 meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resend-UPDATE-message-when-received-EINTR-message.patch
> 
> diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resend-UPDATE-message-when-received-EINTR-message.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resend-UPDATE-message-when-received-EINTR-message.patch
> new file mode 100644
> index 0000000..1ec5a41
> --- /dev/null
> +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon-Resend-UPDATE-message-when-received-EINTR-message.patch
> @@ -0,0 +1,220 @@
> +racoon: Resend UPDATE message when received EINTR message
> +
> +Upstream-Status: Pending
> +
> +While kernel is processing the UPDATE message which is sent from racoon,
> +it maybe interrupted by system signal and if this case happens,
> +kernel responds with an EINTR message to racoon and kernel fails to
> +establish the corresponding SA.
> +Fix this problem by resend the UPDATE message when EINTR(Interrupted
> +system call) error happens.
> +
> +Signed-off-by: Xufeng Zhang <xufeng.zhang at windriver.com>
> +---
> +--- a/src/libipsec/libpfkey.h
> ++++ b/src/libipsec/libpfkey.h
> +@@ -92,6 +92,12 @@
> + 	u_int16_t ctxstrlen;		/* length of security context string */
> + };
> + 
> ++struct update_msg_info {
> ++        struct sadb_msg *update_msg;
> ++        int so;
> ++        int len;
> ++};
> ++
> + /* The options built into libipsec */
> + extern int libipsec_opt;
> + #define LIBIPSEC_OPT_NATT		0x01
> +--- a/src/libipsec/pfkey.c
> ++++ b/src/libipsec/pfkey.c
> +@@ -1219,7 +1219,8 @@
> + }
> + #endif
> + 
> +-
> ++struct update_msg_info update_msg_send = {NULL, 0, 0};
> ++	
> + /* sending SADB_ADD or SADB_UPDATE message to the kernel */
> + static int
> + pfkey_send_x1(struct pfkey_send_sa_args *sa_parms)
> +@@ -1483,10 +1484,24 @@
> + 
> + 	/* send message */
> + 	len = pfkey_send(sa_parms->so, newmsg, len);
> +-	free(newmsg);
> + 
> +-	if (len < 0)
> +-		return -1;
> ++	if (newmsg->sadb_msg_type == SADB_UPDATE) {
> ++		if (update_msg_send.update_msg)
> ++			free(update_msg_send.update_msg);
> ++		update_msg_send.update_msg = newmsg;
> ++		update_msg_send.so = sa_parms->so;
> ++		update_msg_send.len = len;
> ++
> ++		if (len < 0) {
> ++			free(update_msg_send.update_msg);
> ++			update_msg_send.update_msg = NULL;	
> ++			return -1;
> ++		}
> ++	} else {
> ++		free(newmsg);
> ++		if (len < 0)
> ++			return -1;
> ++	}
> + 
> + 	__ipsec_errcode = EIPSEC_NO_ERROR;
> + 	return len;
> +--- a/src/racoon/session.c
> ++++ b/src/racoon/session.c
> +@@ -100,6 +100,8 @@
> + 
> + #include "sainfo.h"
> + 
> ++extern struct update_msg_info update_msg_send;
> ++
> + struct fd_monitor {
> + 	int (*callback)(void *ctx, int fd);
> + 	void *ctx;
> +@@ -348,6 +350,11 @@
> + 	close_sockets();
> + 	backupsa_clean();
> + 
> ++	if (update_msg_send.update_msg) {
> ++		free(update_msg_send.update_msg);
> ++		update_msg_send.update_msg = NULL;
> ++	}
> ++
> + 	plog(LLV_INFO, LOCATION, NULL, "racoon process %d shutdown\n", getpid());
> + 
> + 	exit(0);
> +--- a/src/racoon/pfkey.c
> ++++ b/src/racoon/pfkey.c
> +@@ -103,10 +103,12 @@
> + #include "crypto_openssl.h"
> + #include "grabmyaddr.h"
> ++#include "../libipsec/libpfkey.h"
> + 
> + #if defined(SADB_X_EALG_RIJNDAELCBC) && !defined(SADB_X_EALG_AESCBC)
> + #define SADB_X_EALG_AESCBC  SADB_X_EALG_RIJNDAELCBC
> + #endif
> + 
> ++extern struct update_msg_info update_msg_send;
> + /* prototype */
> + static u_int ipsecdoi2pfkey_aalg __P((u_int));
> + static u_int ipsecdoi2pfkey_ealg __P((u_int));
> +@@ -253,6 +255,13 @@
> + 			s_pfkey_type(msg->sadb_msg_type),
> + 			strerror(msg->sadb_msg_errno));
> + 
> ++		if (msg->sadb_msg_errno == EINTR &&
> ++			update_msg_send.update_msg) {
> ++			plog(LLV_DEBUG, LOCATION, NULL,
> ++			"pfkey update resend\n");
> ++			send(update_msg_send.so, (void *)update_msg_send.update_msg, (socklen_t)update_msg_send.len, 0);
> ++		}
> ++
> + 		goto end;
> + 	}
> + 
> +@@ -498,6 +507,11 @@
> + {
> + 	flushsp();
> + 
> ++	if (update_msg_send.update_msg) {
> ++		free(update_msg_send.update_msg);
> ++		update_msg_send.update_msg = NULL;
> ++	}
> ++
> + 	if (pfkey_send_spddump(lcconf->sock_pfkey) < 0) {
> + 		plog(LLV_ERROR, LOCATION, NULL,
> + 			"libipsec sending spddump failed: %s\n",
> +@@ -1295,6 +1309,8 @@
> + 	return 0;
> + }
> + 
> ++int update_received = 0;
> ++
> + static int
> + pk_recvupdate(mhp)
> + 	caddr_t *mhp;
> +@@ -1307,6 +1323,13 @@
> + 	int incomplete = 0;
> + 	struct saproto *pr;
> + 
> ++	update_received = 1;
> ++
> ++	if (update_msg_send.update_msg) {
> ++                free(update_msg_send.update_msg);
> ++                update_msg_send.update_msg = NULL;
> ++        }
> ++
> + 	/* ignore this message because of local test mode. */
> + 	if (f_local)
> + 		return 0;
> +@@ -4163,3 +4186,8 @@
> + 
> + 	return buf;
> + }
> ++
> ++int receive_from_isakmp()
> ++{
> ++	return pfkey_handler(NULL, lcconf->sock_pfkey);
> ++}
> +--- a/src/racoon/pfkey.h
> ++++ b/src/racoon/pfkey.h
> +@@ -71,5 +71,6 @@
> + extern u_int32_t pk_getseq __P((void));
> + extern const char *sadbsecas2str
> + 	__P((struct sockaddr *, struct sockaddr *, int, u_int32_t, int));
> ++extern int receive_from_isakmp __P((void));
> + 
> + #endif /* _PFKEY_H */
> +--- a/src/racoon/isakmp_quick.c
> ++++ b/src/racoon/isakmp_quick.c
> +@@ -774,6 +774,8 @@
> + 	return error;
> + }
> + 
> ++extern int update_received;
> ++
> + /*
> +  * send to responder
> +  * 	HDR*, HASH(3)
> +@@ -892,6 +894,11 @@
> + 	}
> + 	plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n");
> + 
> ++	while (!update_received)
> ++		receive_from_isakmp();
> ++	
> ++	update_received = 0;
> ++
> + 	/* Do ADD for responder */
> + 	if (pk_sendadd(iph2) < 0) {
> + 		plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n");
> +@@ -1035,6 +1042,11 @@
> + 	}
> + 	plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n");
> + 
> ++	while (!update_received)
> ++		receive_from_isakmp();
> ++
> ++	update_received = 0;
> ++
> + 	/* Do ADD for responder */
> + 	if (pk_sendadd(iph2) < 0) {
> + 		plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n");
> +@@ -1989,6 +2001,11 @@
> + 	}
> + 	plog(LLV_DEBUG, LOCATION, NULL, "pfkey update sent.\n");
> + 
> ++	while (!update_received)
> ++		receive_from_isakmp();
> ++
> ++	update_received = 0;
> ++
> + 	/* Do ADD for responder */
> + 	if (pk_sendadd(iph2) < 0) {
> + 		plog(LLV_ERROR, LOCATION, NULL, "pfkey add failed.\n");
> diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
> index 2e5c0a4..0332f7f 100644
> --- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
> +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.1.bb
> @@ -11,6 +11,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV
>             file://0001-Fix-warning-with-gcc-4.8.patch \
>             file://0002-Don-t-link-against-libfl.patch \
>             file://configure.patch \
> +           file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \
>            "
>  SRC_URI[md5sum] = "d38b39f291ba2962387c3232e7335dd8"
>  SRC_URI[sha256sum] = "fa4a95bb36842f001b84c4e7a1bb727e3ee06147edbc830a881d63abe8153dd4"
> -- 
> 2.0.0
> 
> -- 
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://lists.openembedded.org/pipermail/openembedded-devel/attachments/20140730/c4c748ab/attachment-0002.sig>

More information about the Openembedded-devel mailing list