kernel-pfkey: Clear receive buffer before sending request
Many of the messages sent by the kernel, including confirmations to our requests, are sent as broadcasts to all PF_KEY sockets. So if an external tool is used to manage SAs/policies (e.g. unrelated to IPsec) the receive buffer might be filled, resulting in errors like these: error sending to PF_KEY socket: No buffer space available To avoid this, just clear the buffer before sending any message. Fixes #3225.
This commit is contained in:
Tobias Brunner
parent
a463ef4435
commit
62e7c68b61
|
|
@ -1145,6 +1145,23 @@ static status_t pfkey_send_socket(private_kernel_pfkey_ipsec_t *this, int socket
|
|||
|
||||
this->mutex_pfkey->lock(this->mutex_pfkey);
|
||||
|
||||
/* the kernel may broadcast messages not related to our requests (e.g. when
|
||||
* managing SAs and policies via an external tool), so let's clear the
|
||||
* receive buffer so there is room for our request and its reply. */
|
||||
while (TRUE)
|
||||
{
|
||||
len = recv(socket, buf, sizeof(buf), MSG_DONTWAIT);
|
||||
|
||||
if (len < 0)
|
||||
{
|
||||
if (errno == EINTR)
|
||||
{ /* interrupted, try again */
|
||||
continue;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* FIXME: our usage of sequence numbers is probably wrong. check RFC 2367,
|
||||
* in particular the behavior in response to an SADB_ACQUIRE. */
|
||||
in->sadb_msg_seq = ++this->seq;
|
||||
|
|
|
|||
Loading…
Reference in New Issue