Date: Thu, 15 Dec 2016 10:36:34 +0000 (UTC) From: "Andrey V. Elsukov" <ae@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r310107 - projects/ipsec/sys/netipsec Message-ID: <201612151036.uBFAaYmH045581@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ae Date: Thu Dec 15 10:36:34 2016 New Revision: 310107 URL: https://svnweb.freebsd.org/changeset/base/310107 Log: Count the replay counter overflow in corresponding counters. Modified: projects/ipsec/sys/netipsec/ipsec.c Modified: projects/ipsec/sys/netipsec/ipsec.c ============================================================================== --- projects/ipsec/sys/netipsec/ipsec.c Thu Dec 15 08:11:32 2016 (r310106) +++ projects/ipsec/sys/netipsec/ipsec.c Thu Dec 15 10:36:34 2016 (r310107) @@ -1647,8 +1647,13 @@ ok: replay->overflow++; /* Don't increment, no more packets accepted. */ - if ((sav->flags & SADB_X_EXT_CYCSEQ) == 0) + if ((sav->flags & SADB_X_EXT_CYCSEQ) == 0) { + if (sav->sah->saidx.proto == IPPROTO_AH) + AHSTAT_INC(ahs_wrap); + else if (sav->sah->saidx.proto == IPPROTO_ESP) + ESPSTAT_INC(esps_wrap); return (1); + } ipseclog((LOG_WARNING, "%s: replay counter made %d cycle. %s\n", __func__, replay->overflow,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612151036.uBFAaYmH045581>