kern/121374: [ipsec] SP refcnt increases with each packet in
ipv6 with new IPSEC
Cyrus Rahman
crahman at gmail.com
Wed Mar 12 18:35:06 PDT 2008
> Synopsis: [ipsec] SP refcnt increases with each packet in ipv6 with new IPSEC
>
> Wait for feedback if the patch presented is fine.
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=121374
Ok, I've tested this patch. Exchanging packets through a policy works
after a fashion, but after sending one packet the kernel deletes the
policy, presumably because the refcnt goes to 0:
hostB# setkey -DP
hostA[any] hostB[any] any
in ipsec
esp/transport//require
spid=22 seq=1 pid=1037
refcnt=1
hostB[any] hostA[any] any
out ipsec
esp/transport//require
spid=21 seq=0 pid=1037
refcnt=1
hostB# ping6 hostA
PING6(56=40+8+8 bytes) hostB --> hostA
16 bytes from hostA, icmp_seq=0 hlim=64 time=12.401 ms
^C
--- hostA ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 12.401/12.401/12.401/0.000 ms
hostB# setkey -DP
hostA[any] hostB[any] any
in ipsec
esp/transport//require
spid=22 seq=0 pid=1040
refcnt=1
****
So the outbound policy is gone!
More information about the freebsd-net
mailing list