Re: Racoon and setkey problems

2018-02-22 Thread Misak Khachatryan
Here is changed output: # sysctl net.raw net.raw.recvspace: 8192 net.raw.sendspace: 8192 # sysctl net.raw.recvspace=65535 net.raw.recvspace: 8192 -> 65535 # sysctl net.raw.sendspace=65535 net.raw.sendspace: 8192 -> 65535 # # # # setkey -x setkey: send: No buffer space available # dtrace -s /tmp/ke

Re: Racoon and setkey problems

2018-02-22 Thread Andrey V. Elsukov
On 22.02.2018 18:28, Misak Khachatryan wrote: > # dtrace -s key.d > dtrace: script 'key.d' matched 14 probes > CPU IDFUNCTION:NAME So, what I can say: > 4 25400 soreserve:entry 8192 8192 > kernel`raw_attach+0x2a > kernel`key_att

Re: Racoon and setkey problems

2018-02-22 Thread Misak Khachatryan
# dtrace -s key.d dtrace: script 'key.d' matched 14 probes CPU IDFUNCTION:NAME 2 25400 soreserve:entry 2048 4096 kernel`uipc_attach+0x76 kernel`socreate+0x1af kernel`sys_socket+0xf7 3 25400 soreser

Re: Racoon and setkey problems

2018-02-22 Thread Andrey V. Elsukov
On 22.02.2018 16:27, Misak Khachatryan wrote: > Here is the result: > > # dtrace -s key.d > dtrace: script 'key.d' matched 8 probes > CPU IDFUNCTION:NAME > 3 25400 soreserve:entry 32768 65536 I hope the last update, to understand what is going on. -- W

Re: Racoon and setkey problems

2018-02-22 Thread Misak Khachatryan
Here is the result: # dtrace -s key.d dtrace: script 'key.d' matched 8 probes CPU IDFUNCTION:NAME 3 25400 soreserve:entry 32768 65536 7 25400 soreserve:entry 8192 8192 7 7957key_attach:return 0 7 12872

Re: Racoon and setkey problems

2018-02-22 Thread Andrey V. Elsukov
On 22.02.2018 15:13, Misak Khachatryan wrote: > I did this way: > > # dtrace -s key.d > dtrace: script 'key.d' matched 6 probes > CPU IDFUNCTION:NAME > 7 7957key_attach:return 0 > 7 7969 key_sendup0:return 0 > 7 7969 key_

Re: Racoon and setkey problems

2018-02-22 Thread Misak Khachatryan
I did this way: # dtrace -s key.d dtrace: script 'key.d' matched 6 probes CPU IDFUNCTION:NAME 7 7957key_attach:return 0 7 7969 key_sendup0:return 0 7 7969 key_sendup0:return 55 7 24402 key_sendup_mbuf:return 5

Re: Racoon and setkey problems

2018-02-22 Thread Misak Khachatryan
I'm getting this: # ./key.d : No such file or directory # which dtrace /usr/sbin/dtrace Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 3:42 PM, Andrey V. Elsukov wrote: > On 22.02.2018 12:08, Misak Khachatryan wrote: >> That didn help. >> >> Best regards, >> Misak Khachatryan > > Can

Re: Racoon and setkey problems

2018-02-22 Thread Andrey V. Elsukov
On 22.02.2018 12:08, Misak Khachatryan wrote: > That didn help. > > Best regards, > Misak Khachatryan Can you stop racoon and use the following commands and then show the output? # kldload dtraceall # chmod +x ./key.d # ./key.d and from another console run `setkey -x`, show what key.d will prin

Re: Racoon and setkey problems

2018-02-22 Thread Misak Khachatryan
That didn help. Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 11:50 AM, Eugene Grosbein wrote: > On 22.02.2018 14:10, Misak Khachatryan wrote: >> Hello there, >> >> just a quick feedback. I've added rules to my ipfw to block all isakmp >> ports on interfaces not involved in ipsec and