From owner-freebsd-net@FreeBSD.ORG  Thu Mar 13 01:35:06 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5A82A106566C
	for <freebsd-net@freebsd.org>; Thu, 13 Mar 2008 01:35:06 +0000 (UTC)
	(envelope-from crahman@gmail.com)
Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.179])
	by mx1.freebsd.org (Postfix) with ESMTP id 3ED8D8FC1B
	for <freebsd-net@freebsd.org>; Thu, 13 Mar 2008 01:35:06 +0000 (UTC)
	(envelope-from crahman@gmail.com)
Received: by wa-out-1112.google.com with SMTP id k17so3671030waf.3
	for <freebsd-net@freebsd.org>; Wed, 12 Mar 2008 18:35:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	bh=vxQD0+rAIuFljdEB1NJL9Mw6HHtEFV63pCEFVwasEJc=;
	b=Wanub3klGiEeEuefDfwWA3H7X/y3VZ8WqX61mc9+P/u+iX2hTjMEn7DEX+6J+dMPx6T67g9mvhXMN2RqMdj5qaXIkudxaTYn2HsgVgu/WCiifiM4S/KPQ/w6qUTRalnTqFKnKOZMhmpoS65zpfCbYQ1R6/Ae2p1lkRQIQF8jNyg=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=pC5JgFFmrUm/96r2ztAq7Nb0TL5WvdJBBey2gNGpDFS32vCP8IBkEHNKbbTSizPCz0AkYjllIy/x3lDyX5xal/hbQ6xOWWWcMVMTNnxtM9xvpdEeiLyctEC4MHcRlQy1SYyl8eQ7NIunlwmBIv8/EnLOuTUt7IXFSoxWS1JoSJc=
Received: by 10.114.157.1 with SMTP id f1mr8302059wae.10.1205372105653;
	Wed, 12 Mar 2008 18:35:05 -0700 (PDT)
Received: by 10.115.19.7 with HTTP; Wed, 12 Mar 2008 18:35:05 -0700 (PDT)
Message-ID: <9e77bdb50803121835u33b10d67i30b6f20ec833921@mail.gmail.com>
Date: Wed, 12 Mar 2008 19:35:05 -0600
From: "Cyrus Rahman" <crahman@gmail.com>
To: bz@freebsd.org
In-Reply-To: <200803082305.m28N5DkU075120@freefall.freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <200803082305.m28N5DkU075120@freefall.freebsd.org>
Cc: freebsd-net@freebsd.org
Subject: Re: kern/121374: [ipsec] SP refcnt increases with each packet in
	ipv6 with new IPSEC
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Mar 2008 01:35:06 -0000

> Synopsis: [ipsec] SP refcnt increases with each packet in ipv6 with new IPSEC
>
>  Wait for feedback if the patch presented is fine.
>
>  http://www.freebsd.org/cgi/query-pr.cgi?pr=121374

Ok, I've tested this patch.  Exchanging packets through a policy works
after a fashion, but after sending one packet the kernel deletes the
policy, presumably because the refcnt goes to 0:

hostB# setkey -DP
hostA[any] hostB[any] any
        in ipsec
        esp/transport//require
        spid=22 seq=1 pid=1037
        refcnt=1
hostB[any] hostA[any] any
        out ipsec
        esp/transport//require
        spid=21 seq=0 pid=1037
        refcnt=1

hostB# ping6 hostA
PING6(56=40+8+8 bytes) hostB --> hostA
16 bytes from hostA, icmp_seq=0 hlim=64 time=12.401 ms
^C
--- hostA ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 12.401/12.401/12.401/0.000 ms

hostB# setkey -DP
hostA[any] hostB[any] any
        in ipsec
        esp/transport//require
        spid=22 seq=0 pid=1040
        refcnt=1

****

So the outbound policy is gone!