Bug #1915

IPsec kstats shouldn't be persistent

Added by John Sonnenschein almost 6 years ago. Updated 15 days ago.

Status:NewStart date:2011-12-21
Priority:NormalDue date:
Assignee:Dan McDonald% Done:


Target version:-
Difficulty:Medium Tags:needs-triage


Currently ipsec creates persistent kstats which are based upon the netstack id.

Having persistent kstats here doesn't actually make sense, because if we were to reuse this netstack id there is no guarantee that the same zone would use it.


#1 Updated by John Sonnenschein almost 6 years ago

[johns@johns ~/illumos-gate]$ git show HEAD
commit bac5707c79d544cbe6b186bea95003005ddb28d8
Author: Robert Mustacchi <rm@joyent.com>
Date:   Fri Dec 16 01:57:56 2011 +0000

    1915 IPsec esp kstats shouldn't be persistent
    Reviewed by: Bryan Cantrill <bryan@joyent.com>

diff --git a/usr/src/uts/common/inet/ip/ipsecesp.c b/usr/src/uts/common/inet/ip/ipsecesp.c
index 47972a8..5e4e400 100644
--- a/usr/src/uts/common/inet/ip/ipsecesp.c
+++ b/usr/src/uts/common/inet/ip/ipsecesp.c
@@ -21,6 +21,8 @@
  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ *
+ * Copyright 2011 Joyent, Inc. All rights reserved.

 #include <sys/types.h>
@@ -234,8 +236,7 @@ esp_kstat_init(ipsecesp_stack_t *espstack, netstackid_t stackid)
        espstack->esp_ksp = kstat_create_netstack("ipsecesp", 0, "esp_stat",
            "net", KSTAT_TYPE_NAMED,
-           sizeof (esp_kstats_t) / sizeof (kstat_named_t),
-           KSTAT_FLAG_PERSISTENT, stackid);
+           sizeof (esp_kstats_t) / sizeof (kstat_named_t), 0, stackid);

        if (espstack->esp_ksp == NULL || espstack->esp_ksp->ks_data == NULL)
                return (B_FALSE);

#2 Updated by Rich Lowe almost 6 years ago

  • Subject changed from IPsec esp kstats shouldn't be persistent to IPsec kstats shouldn't be persistent

#3 Updated by Dan McDonald over 3 years ago

A similar change will be needed in ipsecah as well.

#4 Updated by Dan McDonald over 3 years ago

  • Assignee set to Dan McDonald

#5 Updated by Dan McDonald 18 days ago

#6 Updated by Dan McDonald 15 days ago

The cause of this bug goes WAY back to before Stack Instances. Because of the IPsec loader thread, there was thought that maybe IPsec could be unloaded, and reloaded again, so persistent kstats were desirable in the face of such a possibility. Reality proved that once loaded, IPsec would stay up for the life of the system's boot.

Also available in: Atom