NetBSD Problem Report #30182
From www@netbsd.org Mon May 9 17:39:41 2005
Return-Path: <www@netbsd.org>
Received: by narn.netbsd.org (Postfix, from userid 31301)
id 19CA363B117; Mon, 9 May 2005 17:39:41 +0000 (UTC)
Message-Id: <20050509173941.19CA363B117@narn.netbsd.org>
Date: Mon, 9 May 2005 17:39:41 +0000 (UTC)
From: groy@qnx.com
Reply-To: groy@qnx.com
To: gnats-bugs@netbsd.org
Subject: With FAST_IPSEC option, some IPSEC stats aren't updated (setkey -D)
X-Send-Pr-Version: www-1.0
>Number: 30182
>Category: kern
>Synopsis: With FAST_IPSEC option, some IPSEC stats aren't updated (setkey -D)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon May 09 17:40:00 +0000 2005
>Closed-Date: Thu Jun 09 13:44:09 +0000 2011
>Last-Modified: Thu Jun 09 13:44:09 +0000 2011
>Originator: Gilles Roy
>Release: 2.0
>Organization:
QNX Software Systems
>Environment:
NetBSD 2.0 (standard release, but recompiled kernel with FAST_IPSEC) i386 platform.
>Description:
It looks like some of the SA stats aren't being updated. When I configure transport mode encryption between two machines and ping between them, setkey -D will display my two SAs, but the stats for the outoing SA don't get updated (i.e. the bytes field and the allocated field never get incremented). They do get incremented for the incoming SA.
This only occurs with the FAST_IPSEC option (it works OK when using IPSEC).
>How-To-Repeat:
1. Take generic kernel config and add FAST_IPSEC.
2. Configure simple transport mode encryption (see setkey options below, mirror spdadd lines for second host)
---------- Setkey --------------
flush;
spdflush;
# ESP
add 10.100.100.6 10.100.100.8 esp 1234 -E 3des-cbc "123456789012123456789012";
add 10.100.100.8 10.100.100.6 esp 4321 -E 3des-cbc "123456789012123456789012";
spdadd 10.100.100.8 10.100.100.6 any -P out ipsec
esp/transport//require;
spdadd 10.100.100.6 10.100.100.8 any -P in ipsec
esp/transport//require;
----------------------------------
3. ping -n peer IP
4. setkey -D to see stats.
>Fix:
>Release-Note:
>Audit-Trail:
From: Arto Selonen <arto@selonen.org>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: kern/30182: With FAST_IPSEC option, some IPSEC stats aren't
updated (setkey -D)
Date: Mon, 9 May 2005 22:31:53 +0300 (EEST)
Hi!
On Mon, 9 May 2005 groy@qnx.com wrote:
>> Number: 30182
>> Category: kern
>> Synopsis: With FAST_IPSEC option, some IPSEC stats aren't updated (setkey -D)
> It looks like some of the SA stats aren't being updated. When I configure transport mode encryption between two machines and ping between them, setkey -D will display my two SAs, but the stats for the outoing SA don't get updated (i.e. the bytes field and the allocated field never get incremented). They do get incremented for the incoming SA.
>
> This only occurs with the FAST_IPSEC option (it works OK when using IPSEC).
This sounds like it might be related to bin/25796, although I don't
think I've ever used FAST_IPSEC. Also, I'm strictly with -current.
Artsi
--
#######======------ http://www.selonen.org/arto/ --------========########
Everstinkuja 5 B 35 Don't mind doing it.
FIN-02600 Espoo arto@selonen.org Don't mind not doing it.
Finland tel +358 50 560 4826 Don't know anything about it.
State-Changed-From-To: open->feedback
State-Changed-By: drochner@NetBSD.org
State-Changed-When: Fri, 18 Feb 2011 16:14:21 +0000
State-Changed-Why:
should be fixed in ipsec_input.c rev.1.26 -- can you confirm?
From: "Matthias Drochner" <drochner@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/30182 CVS commit: src/sys/netipsec
Date: Fri, 18 Feb 2011 16:12:26 +0000
Module Name: src
Committed By: drochner
Date: Fri Feb 18 16:12:26 UTC 2011
Modified Files:
src/sys/netipsec: ipsec_output.c
Log Message:
do proper statistics counting for outbound packets, fixes PR kern/30182
by Gilles Roy
To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/sys/netipsec/ipsec_output.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: feedback->closed
State-Changed-By: drochner@NetBSD.org
State-Changed-When: Thu, 09 Jun 2011 13:44:09 +0000
State-Changed-Why:
feedback timeout
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home