Re: Racoon and setkey problems

Hi Andrey, thanks for the patch! Is it safe to use it on 10.3? Best regards, Misak Khachatryan On Mon, Feb 26, 2018 at 4:39 PM, Andrey V. Elsukov wrote: > On 22.02.2018 22:12, Misak Khachatryan wrote: >>>> kernel`key_sendup0+0xee >>>> k

Re: Racoon and setkey problems

nd_generic+0x476 kernel`kern_sendit+0x245 5 11197 key_parse:return 55 ^C # Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 8:34 PM, Andrey V. Elsukov wrote: > On 22.02.2018 18:28, Misak Khachatryan wrote: >> # dtrace -s key.d >> dtrace: script 'ke

Re: Racoon and setkey problems

eric+0x476 kernel`kern_sendit+0x245 4 11197 key_parse:return 55 ^C # Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 5:54 PM, Andrey V. Elsukov wrote: > On 22.02.2018 16:27, Misak Khachatryan wrote: >> Here is the result: >> >> # dtrace -s key.d >

Re: Racoon and setkey problems

arse+0x87f kernel`sosend_generic+0x476 7 24402 key_sendup_mbuf:return 55 kernel`key_parse+0x87f kernel`sosend_generic+0x476 kernel`kern_sendit+0x245 7 11197 key_parse:return 55 ^C Best regards, Misak Khachatryan On Thu, Fe

Re: Racoon and setkey problems

buf:return 55 7 11197 key_parse:return 55 ^C Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 4:09 PM, Misak Khachatryan wrote: > I'm getting this: > > # ./key.d > : No such file or directory > # which dtrace > /usr/sbin/dtrace > > Best re

Re: Racoon and setkey problems

I'm getting this: # ./key.d : No such file or directory # which dtrace /usr/sbin/dtrace Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 3:42 PM, Andrey V. Elsukov wrote: > On 22.02.2018 12:08, Misak Khachatryan wrote: >> That didn help. >> >> Best regards, &g

Re: Racoon and setkey problems

That didn help. Best regards, Misak Khachatryan On Thu, Feb 22, 2018 at 11:50 AM, Eugene Grosbein wrote: > On 22.02.2018 14:10, Misak Khachatryan wrote: >> Hello there, >> >> just a quick feedback. I've added rules to my ipfw to block all isakmp >> ports on inte

Re: Racoon and setkey problems

from botnet which fills all my SAD and SPD entries or PFKEY sockets. All i need is to flush all SAD and SDP entries, but setkey can't do that. Is there any other way? Best regards, Misak Khachatryan On Tue, Feb 20, 2018 at 4:47 PM, Andrey V. Elsukov wrote: > On 20.02.2018 08:55, Eugene G

Re: Racoon and setkey problems

t;Eugene Grosbein" wrote: On 20.02.2018 00:44, Misak Khachatryan wrote: > Hi Andrey, > > yes, all output is from same machine. I'll recheck all configs again, > or, if it's OK, I can post them here. The most confusing thing is that > everything worked as a charm sever

Re: Racoon and setkey problems

i tried to play with some settings to troubleshoot. Best regards, Misak Khachatryan On Mon, Feb 19, 2018 at 2:56 PM, Andrey V. Elsukov wrote: > On 19.02.2018 12:28, Misak Khachatryan wrote: >> Hi, >> >> # vmstat -m | egrep "sec|sah|pol" >> inpcbpolicy

Re: Racoon and setkey problems

getpid 5499 setkey RET getpid 5499/0x157b 5499 setkey CALL sendto(0x3,0x7fffeb78,0x10,0,0,0) 5499 setkey RET sendto -1 errno 55 No buffer space available and tried to increase net.raw.recvspace & net.raw.sendspace with no luck Best regards, Misak Khachatryan On Mon, Fe

Re: Racoon and setkey problems

nf overall, IPv4 and IPv6, so 12 rules in setkey.conf Best regards, Misak Khachatryan On Mon, Feb 19, 2018 at 1:40 PM, Eugene Grosbein wrote: > 19.02.2018 16:28, Misak Khachatryan wrote: > >> # vmstat -m | egrep "sec|sah|pol" >> inpcbpolicy 122 4K - 49

Re: Racoon and setkey problems

0, 0, 0, 0 mbuf_ext_refcnt: 4, 0, 0, 0, 0, 0, 0 # sysctl kern.ipc.nmbclusters kern.ipc.nmbclusters: 524288 Nothing new in messages with net.inet.ipsec.debug=1 Best regards, Misak Khachatryan On Mon, Feb 19, 2018 at 1:25 PM, Eugene Grosbein wrote

Re: Racoon and setkey problems

Thanks, will try right now! Best regards, Misak Khachatryan On Mon, Feb 19, 2018 at 12:23 PM, Andrey V. Elsukov wrote: > On 19.02.2018 09:27, Misak Khachatryan wrote: >>1644111 messages with memory allocation failure >> >> 3 of machines running 10.4-RELEASE-p1

Racoon and setkey problems

t any setkey command leads to: # setkey -x setkey: send: No buffer space available All packet versions are completely the same, binaries exactly same size. Any help will be appreciated. Best regards, Misak Khachatryan ___ freebsd-net@freebsd.or