summaryrefslogtreecommitdiffstats
path: root/sys/netipsec
diff options
context:
space:
mode:
authorae <ae@FreeBSD.org>2013-07-23 14:14:24 +0000
committerae <ae@FreeBSD.org>2013-07-23 14:14:24 +0000
commitafd48faca0b18683e07e39684afce0c5fa2b1d88 (patch)
tree98925344f506b8a40572aca1507117ad5b6e3e9a /sys/netipsec
parentf2b6d4ff8043c142ebc1952e5e9e82cebe630993 (diff)
downloadFreeBSD-src-afd48faca0b18683e07e39684afce0c5fa2b1d88.zip
FreeBSD-src-afd48faca0b18683e07e39684afce0c5fa2b1d88.tar.gz
Remove the large part of struct ipsecstat. Only few fields of this
structure is used, but they already have equal fields in the struct newipsecstat, that was introduced with FAST_IPSEC and then was merged together with old ipsecstat structure. This fixes kernel stack overflow on some architectures after migration ipsecstat to PCPU counters. Reported by: Taku YAMAMOTO, Maciej Milewski
Diffstat (limited to 'sys/netipsec')
-rw-r--r--sys/netipsec/ipsec.h34
1 files changed, 4 insertions, 30 deletions
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h
index d5bd4cd..0b92876 100644
--- a/sys/netipsec/ipsec.h
+++ b/sys/netipsec/ipsec.h
@@ -217,43 +217,17 @@ struct secspacq {
/* statistics for ipsec processing */
struct ipsecstat {
- uint64_t in_success; /* succeeded inbound process */
- uint64_t in_polvio;
- /* security policy violation for inbound process */
- uint64_t in_nosa; /* inbound SA is unavailable */
- uint64_t in_inval; /* inbound processing failed due to EINVAL */
- uint64_t in_nomem; /* inbound processing failed due to ENOBUFS */
- uint64_t in_badspi; /* failed getting a SPI */
- uint64_t in_ahreplay; /* AH replay check failed */
- uint64_t in_espreplay; /* ESP replay check failed */
- uint64_t in_ahauthsucc; /* AH authentication success */
- uint64_t in_ahauthfail; /* AH authentication failure */
- uint64_t in_espauthsucc; /* ESP authentication success */
- uint64_t in_espauthfail; /* ESP authentication failure */
- uint64_t in_esphist[256];
- uint64_t in_ahhist[256];
- uint64_t in_comphist[256];
- uint64_t out_success; /* succeeded outbound process */
- uint64_t out_polvio;
- /* security policy violation for outbound process */
- uint64_t out_nosa; /* outbound SA is unavailable */
- uint64_t out_inval; /* outbound process failed due to EINVAL */
- uint64_t out_nomem; /* inbound processing failed due to ENOBUFS */
- uint64_t out_noroute; /* there is no route */
- uint64_t out_esphist[256];
- uint64_t out_ahhist[256];
- uint64_t out_comphist[256];
-
- uint64_t spdcachelookup;
- uint64_t spdcachemiss;
-
uint64_t ips_in_polvio; /* input: sec policy violation */
+ uint64_t ips_in_nomem; /* input: no memory available */
+ uint64_t ips_in_inval; /* input: generic error */
+
uint64_t ips_out_polvio; /* output: sec policy violation */
uint64_t ips_out_nosa; /* output: SA unavailable */
uint64_t ips_out_nomem; /* output: no memory available */
uint64_t ips_out_noroute; /* output: no route available */
uint64_t ips_out_inval; /* output: generic error */
uint64_t ips_out_bundlesa; /* output: bundled SA processed */
+
uint64_t ips_mbcoalesced; /* mbufs coalesced during clone */
uint64_t ips_clcoalesced; /* clusters coalesced during clone */
uint64_t ips_clcopied; /* clusters copied during clone */
OpenPOWER on IntegriCloud