Date: Wed, 12 Mar 2008 19:35:05 -0600 From: "Cyrus Rahman" <crahman@gmail.com> To: bz@freebsd.org Cc: freebsd-net@freebsd.org Subject: Re: kern/121374: [ipsec] SP refcnt increases with each packet in ipv6 with new IPSEC Message-ID: <9e77bdb50803121835u33b10d67i30b6f20ec833921@mail.gmail.com> In-Reply-To: <200803082305.m28N5DkU075120@freefall.freebsd.org> References: <200803082305.m28N5DkU075120@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Synopsis: [ipsec] SP refcnt increases with each packet in ipv6 with new IPSEC > > Wait for feedback if the patch presented is fine. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=121374 Ok, I've tested this patch. Exchanging packets through a policy works after a fashion, but after sending one packet the kernel deletes the policy, presumably because the refcnt goes to 0: hostB# setkey -DP hostA[any] hostB[any] any in ipsec esp/transport//require spid=22 seq=1 pid=1037 refcnt=1 hostB[any] hostA[any] any out ipsec esp/transport//require spid=21 seq=0 pid=1037 refcnt=1 hostB# ping6 hostA PING6(56=40+8+8 bytes) hostB --> hostA 16 bytes from hostA, icmp_seq=0 hlim=64 time=12.401 ms ^C --- hostA ping6 statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 12.401/12.401/12.401/0.000 ms hostB# setkey -DP hostA[any] hostB[any] any in ipsec esp/transport//require spid=22 seq=0 pid=1040 refcnt=1 **** So the outbound policy is gone!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9e77bdb50803121835u33b10d67i30b6f20ec833921>