Bug #12319
ipsecah/ipsecesp: smatch errors
Start date:
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
Description
Build issues from sparc and intel.
/code/illumos-gate/usr/src/tools/proto/root_i386-nd/opt/onbld/bin/i386/smatch: ../../common/inet/ip/sadb.c:6092 sadb_label_from_sens() warn: right shifting more than type allows 8 vs 8 /code/illumos-gate/usr/src/tools/proto/root_sparc-nd/opt/onbld/bin/sparc/smatch: ../../common/inet/ip/ipsecah.c:222 ah_kstat_update() warn: variable dereferenced before check 'kp' (see line 218) /code/illumos-gate/usr/src/tools/proto/root_sparc-nd/opt/onbld/bin/sparc/smatch: ../../common/inet/ip/sadb.c:174 sadb_add_time() warn: signed overflow undefined. 'base + delta < base' /code/illumos-gate/usr/src/tools/proto/root_sparc-nd/opt/onbld/bin/sparc/smatch: ../../common/inet/ip/sadb.c:4384 sadb_update_lifetimes() warn: inconsistent indenting /code/illumos-gate/usr/src/tools/proto/root_sparc-nd/opt/onbld/bin/sparc/smatch: ../../common/inet/ip/ipsecesp.c:215 esp_kstat_update() warn: variable dereferenced before check 'kp' (see line 211)
Testing done: build/install/boot. However, I do not have ipsec setup to test with.
Updated by Dan McDonald about 1 year ago
Tested with three tests:
1.) Simple AH-protected pings to/from one peer, and simple ESP-protected pings to/from another peer. Ran "ipseckey dump" before and after the pings to show changes in SA counters.
2.) Used this script to test expiration-time update (pardon the use of DES, it is just a toy at this point):
add esp spi 0x1984 dst localhost encralg des encrkey 1234567890abcdef hard_addtime 90 get esp spi 0x1984 dst localhost update esp spi 0x1984 dst localhost hard_addtime 150 get esp spi 0x1984 dst localhost
3.) Did kstats on ipsecesp and ipsecah.
Updated by Electric Monk 12 months ago
- Status changed from In Progress to Closed
- % Done changed from 90 to 100
git commit a23b3b1bb4e08abaac9fb78fea486e678ce6d6de
commit a23b3b1bb4e08abaac9fb78fea486e678ce6d6de Author: Toomas Soome <tsoome@me.com> Date: 2020-03-06T20:39:04.000Z 12319 ipsecah/ipsecesp: smatch errors Reviewed by: Dan McDonald <danmcd@joyent.com> Reviewed by: Jason King <jason.king@joyent.com> Approved by: Robert Mustacchi <rm@fingolfin.org>