Bug #1915
closed
IPsec kstats shouldn't be persistent
100%
Description
Currently ipsec creates persistent kstats which are based upon the netstack id.
Having persistent kstats here doesn't actually make sense, because if we were to reuse this netstack id there is no guarantee that the same zone would use it.
Updated by John Sonnenschein over 10 years ago
[johns@johns ~/illumos-gate]$ git show HEAD
commit bac5707c79d544cbe6b186bea95003005ddb28d8
Author: Robert Mustacchi <rm@joyent.com>
Date: Fri Dec 16 01:57:56 2011 +0000
1915 IPsec esp kstats shouldn't be persistent
Reviewed by: Bryan Cantrill <bryan@joyent.com>
diff --git a/usr/src/uts/common/inet/ip/ipsecesp.c b/usr/src/uts/common/inet/ip/ipsecesp.c
index 47972a8..5e4e400 100644
--- a/usr/src/uts/common/inet/ip/ipsecesp.c
+++ b/usr/src/uts/common/inet/ip/ipsecesp.c
@@ -21,6 +21,8 @@
/*
* Copyright 2010 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
+ *
+ * Copyright 2011 Joyent, Inc. All rights reserved.
*/
#include <sys/types.h>
@@ -234,8 +236,7 @@ esp_kstat_init(ipsecesp_stack_t *espstack, netstackid_t stackid)
{
espstack->esp_ksp = kstat_create_netstack("ipsecesp", 0, "esp_stat",
"net", KSTAT_TYPE_NAMED,
- sizeof (esp_kstats_t) / sizeof (kstat_named_t),
- KSTAT_FLAG_PERSISTENT, stackid);
+ sizeof (esp_kstats_t) / sizeof (kstat_named_t), 0, stackid);
if (espstack->esp_ksp == NULL || espstack->esp_ksp->ks_data == NULL)
return (B_FALSE);
Updated by Rich Lowe over 10 years ago
- Subject changed from IPsec esp kstats shouldn't be persistent to IPsec kstats shouldn't be persistent
Updated by Dan McDonald about 8 years ago
A similar change will be needed in ipsecah as well.
Updated by Dan McDonald almost 5 years ago
This one is also known as SmartOS bugs https://smartos.org/bugview/OS-816 and https://smartos.org/bugview/OS-6334
Updated by Dan McDonald almost 5 years ago
The cause of this bug goes WAY back to before Stack Instances. Because of the IPsec loader thread, there was thought that maybe IPsec could be unloaded, and reloaded again, so persistent kstats were desirable in the face of such a possibility. Reality proved that once loaded, IPsec would stay up for the life of the system's boot.
Updated by Electric Monk over 4 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
git commit 281819e5f8b19cd8627541a22d261906fd190276
commit 281819e5f8b19cd8627541a22d261906fd190276
Author: Dan McDonald <danmcd@joyent.com>
Date: 2017-12-08T18:35:58.000Z
1915 IPsec kstats shouldn't be persistent
Reviewed by: Jason King <jason.king@joyent.com>
Reviewed by: ken mays <maybird1776@yahoo.com>
Reviewed by: Yuri Pankov <yuripv@gmx.com>
Reviewed by: Igor Kozhukhov <igor@dilos.org>
Approved by: Richard Lowe <richlowe@richlowe.net>