ipsec_address() is used to convert sockaddr structure to presentation format. The IPv6 part of this function returns pointer to the on-stack buffer and at the moment when it will be used by caller, it becames invalid. IPv4 version uses 4 static buffers and returns pointer to new buffer each time when it called. But anyway it is still possible to get corrupted data when several threads will use this function. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=185996 ipsec_logsastr() is used to format string describing SA entry. It also uses static buffer and has the same problem with concurrent threads. To fix these problems I added the buffer pointer and size of this buffer to arguments. Now each caller will pass buffer and its size to these functions. Also, I converted all places where these functions are used (except disabled code). And now ipsec_address() uses inet_ntop() function from libkern.
Details
Details
- Reviewers
gnn - Group Reviewers
network - Commits
- rS281695: Change ipsec_address() and ipsec_logsastr() functions to take two
Without patch and sysctl net.inet.ipsec.debug=1 we have such messages for IPv6 packets:
ipsec_common_input: no key association found for SA 0T\^S\^Z\^A����_/00005fb7/50 ipsec_common_input: no key association found for SA 0T\^S\^Z\^A����_/00005fb7/50 ipsec_common_input: no key association found for SA 0T\^S\^Z\^A����_/00005fb7/50
and with patch:
ipsec_common_input: no key association found for SA fe80::11/00005fb7/50 ipsec_common_input: no key association found for SA fe80::1:11/00003d59/50 ipsec_common_input: no key association found for SA fc00::11/00003d57/50 ipsec_common_input: no key association found for SA 10.9.8.11/00003d55/50 ipsec_common_input: no key association found for SA 10.9.8.11/00003d55/50
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Skipped - Unit
Tests Skipped