<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, May 7, 2021 at 9:04 AM Christian MAUDERER <<a href="mailto:christian.mauderer@embedded-brains.de">christian.mauderer@embedded-brains.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">It is a bit hard to see: The setkey programm uses the functions from <br>
this library. In pfkey_open, a socket is opened and returned to setkey. <br>
But setkey never closes it.<br></blockquote><div><br></div><div>This much I assumed from the words "socket" and "leak" :) </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
We already have wrappers around all of the "dangerous" functions that <br>
allocated resources. The wrappers register the resource allocation. If <br>
an application called with rtems_bsd_program_call_main_with_data_restore <br>
exits, it will close or free the resources.<br></blockquote><div><br></div><div>This makes sense. Is this documented?</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
There are some other functions in the pfkey that don't work well with <br>
that mechanism. Therefore I only added the one function that is <br>
responsible for the socket leak.<br></blockquote><div><br></div><div>How about add some more to the commit message along the lines of</div><div>what you explained here. It just isn't obvious how a change to a macro </div><div>without words like free or deallocate in it fixes anything.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Note that it is a bit of a hack but it works. I have planned to replace <br>
the ipsec-tools with the tools from racoon2 soon to support newer <br>
encryption protocols. So I think it's a reasonable intermediate solution.<br></blockquote><div><br></div><div>OK. One thing we have gotten better at is migrating to pick up better</div><div>things.</div><div><br></div><div>--joel</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Best regards<br>
<br>
Christian<br>
<br>
Am 07.05.21 um 15:56 schrieb Joel Sherrill:<br>
> How does this fix a leak?<br>
> <br>
> On Fri, May 7, 2021 at 7:09 AM Christian MAUDERER <br>
> <<a href="mailto:christian.mauderer@embedded-brains.de" target="_blank">christian.mauderer@embedded-brains.de</a> <br>
> <mailto:<a href="mailto:christian.mauderer@embedded-brains.de" target="_blank">christian.mauderer@embedded-brains.de</a>>> wrote:<br>
> <br>
> Note that I would like to push this patch on 5-freebsd-12 as well as on<br>
> master.<br>
> <br>
> Best regards<br>
> <br>
> Christian<br>
> <br>
> <br>
> Am 07.05.21 um 14:08 schrieb Christian Mauderer:<br>
> > Fixes #4404<br>
> > ---<br>
> > ipsec-tools/src/libipsec/pfkey.c | 7 +++++++<br>
> > 1 file changed, 7 insertions(+)<br>
> ><br>
> > diff --git a/ipsec-tools/src/libipsec/pfkey.c<br>
> b/ipsec-tools/src/libipsec/pfkey.c<br>
> > index a621be12..385a21a9 100644<br>
> > --- a/ipsec-tools/src/libipsec/pfkey.c<br>
> > +++ b/ipsec-tools/src/libipsec/pfkey.c<br>
> > @@ -1,5 +1,12 @@<br>
> > #include <machine/rtems-bsd-user-space.h><br>
> ><br>
> > +#ifdef __rtems__<br>
> > +/* Only need socket from rtems-bsd-program wrappers! */<br>
> > +int<br>
> > +rtems_bsd_program_socket(int domain, int type, int protocol);<br>
> > +#define socket(domain, type, protocol) \<br>
> > + rtems_bsd_program_socket(domain, type, protocol)<br>
> > +#endif /* __rtems__ */<br>
> > /* $NetBSD: pfkey.c,v 1.21.2.1 2011/11/14 13:25:06 tteras Exp<br>
> $ */<br>
> ><br>
> > /* $KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $ */<br>
> ><br>
> <br>
> -- <br>
> --------------------------------------------<br>
> embedded brains GmbH<br>
> Herr Christian MAUDERER<br>
> Dornierstr. 4<br>
> 82178 Puchheim<br>
> Germany<br>
> email: <a href="mailto:christian.mauderer@embedded-brains.de" target="_blank">christian.mauderer@embedded-brains.de</a><br>
> <mailto:<a href="mailto:christian.mauderer@embedded-brains.de" target="_blank">christian.mauderer@embedded-brains.de</a>><br>
> phone: +49-89-18 94 741 - 18<br>
> fax: +49-89-18 94 741 - 08<br>
> <br>
> Registergericht: Amtsgericht München<br>
> Registernummer: HRB 157899<br>
> Vertretungsberechtigte Geschäftsführer: Peter Rasmussen, Thomas Dörfler<br>
> Unsere Datenschutzerklärung finden Sie hier:<br>
> <a href="https://embedded-brains.de/datenschutzerklaerung/" rel="noreferrer" target="_blank">https://embedded-brains.de/datenschutzerklaerung/</a><br>
> <<a href="https://embedded-brains.de/datenschutzerklaerung/" rel="noreferrer" target="_blank">https://embedded-brains.de/datenschutzerklaerung/</a>><br>
> _______________________________________________<br>
> devel mailing list<br>
> <a href="mailto:devel@rtems.org" target="_blank">devel@rtems.org</a> <mailto:<a href="mailto:devel@rtems.org" target="_blank">devel@rtems.org</a>><br>
> <a href="http://lists.rtems.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.rtems.org/mailman/listinfo/devel</a><br>
> <<a href="http://lists.rtems.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.rtems.org/mailman/listinfo/devel</a>><br>
> <br>
<br>
-- <br>
--------------------------------------------<br>
embedded brains GmbH<br>
Herr Christian MAUDERER<br>
Dornierstr. 4<br>
82178 Puchheim<br>
Germany<br>
email: <a href="mailto:christian.mauderer@embedded-brains.de" target="_blank">christian.mauderer@embedded-brains.de</a><br>
phone: +49-89-18 94 741 - 18<br>
fax: +49-89-18 94 741 - 08<br>
<br>
Registergericht: Amtsgericht München<br>
Registernummer: HRB 157899<br>
Vertretungsberechtigte Geschäftsführer: Peter Rasmussen, Thomas Dörfler<br>
Unsere Datenschutzerklärung finden Sie hier:<br>
<a href="https://embedded-brains.de/datenschutzerklaerung/" rel="noreferrer" target="_blank">https://embedded-brains.de/datenschutzerklaerung/</a><br>
</blockquote></div></div>