Page MenuHomeFreeBSD

Correct IPSec SA statistic keeping
ClosedPublic

Authored by eri on Jul 29 2015, 8:48 PM.

Details

Summary

The IPsec SA statistic keeping is used even for decision making on expiry/rekeying SAs.
When there are multiple transformations being done the statistic keeping might be wrong.

This mostly impacts multiple encapsulations on IPsec since the usual scenario it is not noticed due to the code path not taken.

Diff Detail

Repository
rS FreeBSD src repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

eri updated this revision to Diff 7483.Jul 29 2015, 8:48 PM
eri retitled this revision from to Correct IPSec SA statistic keeping.
eri updated this object.
eri edited the test plan for this revision. (Show Details)
eri added reviewers: ae, gnn.
eri set the repository for this revision to rS FreeBSD src repository.
eri added a project: network.
eri added a subscriber: network.
ae accepted this revision.Jul 30 2015, 7:29 AM
ae edited edge metadata.
This revision is now accepted and ready to land.Jul 30 2015, 7:29 AM
gnn accepted this revision.Jul 30 2015, 7:07 PM
gnn edited edge metadata.

Approved

This revision was automatically updated to reflect the committed changes.