Project

General

Profile

Bug #12319

ipsecah/ipsecesp: smatch errors

Added by Toomas Soome about 1 year ago. Updated 12 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Toomas Soome
Category:
networking
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:

Description

Build issues from sparc and intel.

    /code/illumos-gate/usr/src/tools/proto/root_i386-nd/opt/onbld/bin/i386/smatch: ../../common/inet/ip/sadb.c:6092 sadb_label_from_sens() warn: right shifting more than type allows 8 vs 8

    /code/illumos-gate/usr/src/tools/proto/root_sparc-nd/opt/onbld/bin/sparc/smatch: ../../common/inet/ip/ipsecah.c:222 ah_kstat_update() warn: variable dereferenced before check 'kp' (see line 218)

    /code/illumos-gate/usr/src/tools/proto/root_sparc-nd/opt/onbld/bin/sparc/smatch: ../../common/inet/ip/sadb.c:174 sadb_add_time() warn: signed overflow undefined. 'base + delta < base'
    /code/illumos-gate/usr/src/tools/proto/root_sparc-nd/opt/onbld/bin/sparc/smatch: ../../common/inet/ip/sadb.c:4384 sadb_update_lifetimes() warn: inconsistent indenting

    /code/illumos-gate/usr/src/tools/proto/root_sparc-nd/opt/onbld/bin/sparc/smatch: ../../common/inet/ip/ipsecesp.c:215 esp_kstat_update() warn: variable dereferenced before check 'kp' (see line 211)

Testing done: build/install/boot. However, I do not have ipsec setup to test with.

#1

Updated by Toomas Soome about 1 year ago

  • Description updated (diff)
#2

Updated by Dan McDonald about 1 year ago

Tested with three tests:

1.) Simple AH-protected pings to/from one peer, and simple ESP-protected pings to/from another peer. Ran "ipseckey dump" before and after the pings to show changes in SA counters.

2.) Used this script to test expiration-time update (pardon the use of DES, it is just a toy at this point):

add esp spi 0x1984 dst localhost encralg des encrkey 1234567890abcdef hard_addtime 90
get esp spi 0x1984 dst localhost 
update esp spi 0x1984 dst localhost hard_addtime 150
get esp spi 0x1984 dst localhost

3.) Did kstats on ipsecesp and ipsecah.

#3

Updated by Electric Monk 12 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 90 to 100

git commit a23b3b1bb4e08abaac9fb78fea486e678ce6d6de

commit  a23b3b1bb4e08abaac9fb78fea486e678ce6d6de
Author: Toomas Soome <tsoome@me.com>
Date:   2020-03-06T20:39:04.000Z

    12319 ipsecah/ipsecesp: smatch errors
    Reviewed by: Dan McDonald <danmcd@joyent.com>
    Reviewed by: Jason King <jason.king@joyent.com>
    Approved by: Robert Mustacchi <rm@fingolfin.org>

Also available in: Atom PDF