Bug #1915

IPsec kstats shouldn't be persistent

Added by John Sonnenschein over 6 years ago. Updated 5 months ago.

Status:ClosedStart date:2011-12-21
Priority:NormalDue date:
Assignee:Dan McDonald% Done:

100%

Category:-
Target version:-
Difficulty:Medium Tags:needs-triage

Description

Currently ipsec creates persistent kstats which are based upon the netstack id.

Having persistent kstats here doesn't actually make sense, because if we were to reuse this netstack id there is no guarantee that the same zone would use it.

History

#1 Updated by John Sonnenschein over 6 years ago 

[johns@johns ~/illumos-gate]$ git show HEAD
commit bac5707c79d544cbe6b186bea95003005ddb28d8
Author: Robert Mustacchi <rm@joyent.com>
Date:   Fri Dec 16 01:57:56 2011 +0000

    1915 IPsec esp kstats shouldn't be persistent
    Reviewed by: Bryan Cantrill <bryan@joyent.com>

diff --git a/usr/src/uts/common/inet/ip/ipsecesp.c b/usr/src/uts/common/inet/ip/ipsecesp.c
index 47972a8..5e4e400 100644
--- a/usr/src/uts/common/inet/ip/ipsecesp.c
+++ b/usr/src/uts/common/inet/ip/ipsecesp.c
@@ -21,6 +21,8 @@
 /*
  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ *
+ * Copyright 2011 Joyent, Inc. All rights reserved.
  */

 #include <sys/types.h>
@@ -234,8 +236,7 @@ esp_kstat_init(ipsecesp_stack_t *espstack, netstackid_t stackid)
 {
        espstack->esp_ksp = kstat_create_netstack("ipsecesp", 0, "esp_stat",
            "net", KSTAT_TYPE_NAMED,
-           sizeof (esp_kstats_t) / sizeof (kstat_named_t),
-           KSTAT_FLAG_PERSISTENT, stackid);
+           sizeof (esp_kstats_t) / sizeof (kstat_named_t), 0, stackid);

        if (espstack->esp_ksp == NULL || espstack->esp_ksp->ks_data == NULL)
                return (B_FALSE);

#2 Updated by Rich Lowe over 6 years ago

  • Subject changed from IPsec esp kstats shouldn't be persistent to IPsec kstats shouldn't be persistent

#3 Updated by Dan McDonald almost 4 years ago

A similar change will be needed in ipsecah as well.

#4 Updated by Dan McDonald almost 4 years ago

  • Assignee set to Dan McDonald

#5 Updated by Dan McDonald 8 months ago

#6 Updated by Dan McDonald 8 months ago

The cause of this bug goes WAY back to before Stack Instances. Because of the IPsec loader thread, there was thought that maybe IPsec could be unloaded, and reloaded again, so persistent kstats were desirable in the face of such a possibility. Reality proved that once loaded, IPsec would stay up for the life of the system's boot.

#7 Updated by Electric Monk 5 months ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 281819e5f8b19cd8627541a22d261906fd190276

commit  281819e5f8b19cd8627541a22d261906fd190276
Author: Dan McDonald <danmcd@joyent.com>
Date:   2017-12-08T18:35:58.000Z

    1915 IPsec kstats shouldn't be persistent
    Reviewed by: Jason King <jason.king@joyent.com>
    Reviewed by: ken mays <maybird1776@yahoo.com>
    Reviewed by: Yuri Pankov <yuripv@gmx.com>
    Reviewed by: Igor Kozhukhov <igor@dilos.org>
    Approved by: Richard Lowe <richlowe@richlowe.net>

Also available in: Atom