Project

General

Profile

Bug #1915

IPsec kstats shouldn't be persistent

Added by John Sonnenschein about 9 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Dan McDonald
Category:
-
Start date:
2011-12-21
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage
Gerrit CR:

Description

Currently ipsec creates persistent kstats which are based upon the netstack id.

Having persistent kstats here doesn't actually make sense, because if we were to reuse this netstack id there is no guarantee that the same zone would use it.

#1

Updated by John Sonnenschein about 9 years ago 

[johns@johns ~/illumos-gate]$ git show HEAD
commit bac5707c79d544cbe6b186bea95003005ddb28d8
Author: Robert Mustacchi <rm@joyent.com>
Date:   Fri Dec 16 01:57:56 2011 +0000

    1915 IPsec esp kstats shouldn't be persistent
    Reviewed by: Bryan Cantrill <bryan@joyent.com>

diff --git a/usr/src/uts/common/inet/ip/ipsecesp.c b/usr/src/uts/common/inet/ip/ipsecesp.c
index 47972a8..5e4e400 100644
--- a/usr/src/uts/common/inet/ip/ipsecesp.c
+++ b/usr/src/uts/common/inet/ip/ipsecesp.c
@@ -21,6 +21,8 @@
 /*
  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
+ *
+ * Copyright 2011 Joyent, Inc. All rights reserved.
  */

 #include <sys/types.h>
@@ -234,8 +236,7 @@ esp_kstat_init(ipsecesp_stack_t *espstack, netstackid_t stackid)
 {
        espstack->esp_ksp = kstat_create_netstack("ipsecesp", 0, "esp_stat",
            "net", KSTAT_TYPE_NAMED,
-           sizeof (esp_kstats_t) / sizeof (kstat_named_t),
-           KSTAT_FLAG_PERSISTENT, stackid);
+           sizeof (esp_kstats_t) / sizeof (kstat_named_t), 0, stackid);

        if (espstack->esp_ksp == NULL || espstack->esp_ksp->ks_data == NULL)
                return (B_FALSE);
#2

Updated by Rich Lowe about 9 years ago

  • Subject changed from IPsec esp kstats shouldn't be persistent to IPsec kstats shouldn't be persistent
#3

Updated by Dan McDonald almost 7 years ago

A similar change will be needed in ipsecah as well.

#4

Updated by Dan McDonald almost 7 years ago

  • Assignee set to Dan McDonald
#5

Updated by Dan McDonald over 3 years ago

#6

Updated by Dan McDonald over 3 years ago

The cause of this bug goes WAY back to before Stack Instances. Because of the IPsec loader thread, there was thought that maybe IPsec could be unloaded, and reloaded again, so persistent kstats were desirable in the face of such a possibility. Reality proved that once loaded, IPsec would stay up for the life of the system's boot.

#7

Updated by Electric Monk about 3 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 281819e5f8b19cd8627541a22d261906fd190276

commit  281819e5f8b19cd8627541a22d261906fd190276
Author: Dan McDonald <danmcd@joyent.com>
Date:   2017-12-08T18:35:58.000Z

    1915 IPsec kstats shouldn't be persistent
    Reviewed by: Jason King <jason.king@joyent.com>
    Reviewed by: ken mays <maybird1776@yahoo.com>
    Reviewed by: Yuri Pankov <yuripv@gmx.com>
    Reviewed by: Igor Kozhukhov <igor@dilos.org>
    Approved by: Richard Lowe <richlowe@richlowe.net>

Also available in: Atom PDF