diff options
author | ae <ae@FreeBSD.org> | 2013-07-23 14:14:24 +0000 |
---|---|---|
committer | ae <ae@FreeBSD.org> | 2013-07-23 14:14:24 +0000 |
commit | afd48faca0b18683e07e39684afce0c5fa2b1d88 (patch) | |
tree | 98925344f506b8a40572aca1507117ad5b6e3e9a /sys/netipsec | |
parent | f2b6d4ff8043c142ebc1952e5e9e82cebe630993 (diff) | |
download | FreeBSD-src-afd48faca0b18683e07e39684afce0c5fa2b1d88.zip FreeBSD-src-afd48faca0b18683e07e39684afce0c5fa2b1d88.tar.gz |
Remove the large part of struct ipsecstat. Only few fields of this
structure is used, but they already have equal fields in the struct
newipsecstat, that was introduced with FAST_IPSEC and then was merged
together with old ipsecstat structure.
This fixes kernel stack overflow on some architectures after migration
ipsecstat to PCPU counters.
Reported by: Taku YAMAMOTO, Maciej Milewski
Diffstat (limited to 'sys/netipsec')
-rw-r--r-- | sys/netipsec/ipsec.h | 34 |
1 files changed, 4 insertions, 30 deletions
diff --git a/sys/netipsec/ipsec.h b/sys/netipsec/ipsec.h index d5bd4cd..0b92876 100644 --- a/sys/netipsec/ipsec.h +++ b/sys/netipsec/ipsec.h @@ -217,43 +217,17 @@ struct secspacq { /* statistics for ipsec processing */ struct ipsecstat { - uint64_t in_success; /* succeeded inbound process */ - uint64_t in_polvio; - /* security policy violation for inbound process */ - uint64_t in_nosa; /* inbound SA is unavailable */ - uint64_t in_inval; /* inbound processing failed due to EINVAL */ - uint64_t in_nomem; /* inbound processing failed due to ENOBUFS */ - uint64_t in_badspi; /* failed getting a SPI */ - uint64_t in_ahreplay; /* AH replay check failed */ - uint64_t in_espreplay; /* ESP replay check failed */ - uint64_t in_ahauthsucc; /* AH authentication success */ - uint64_t in_ahauthfail; /* AH authentication failure */ - uint64_t in_espauthsucc; /* ESP authentication success */ - uint64_t in_espauthfail; /* ESP authentication failure */ - uint64_t in_esphist[256]; - uint64_t in_ahhist[256]; - uint64_t in_comphist[256]; - uint64_t out_success; /* succeeded outbound process */ - uint64_t out_polvio; - /* security policy violation for outbound process */ - uint64_t out_nosa; /* outbound SA is unavailable */ - uint64_t out_inval; /* outbound process failed due to EINVAL */ - uint64_t out_nomem; /* inbound processing failed due to ENOBUFS */ - uint64_t out_noroute; /* there is no route */ - uint64_t out_esphist[256]; - uint64_t out_ahhist[256]; - uint64_t out_comphist[256]; - - uint64_t spdcachelookup; - uint64_t spdcachemiss; - uint64_t ips_in_polvio; /* input: sec policy violation */ + uint64_t ips_in_nomem; /* input: no memory available */ + uint64_t ips_in_inval; /* input: generic error */ + uint64_t ips_out_polvio; /* output: sec policy violation */ uint64_t ips_out_nosa; /* output: SA unavailable */ uint64_t ips_out_nomem; /* output: no memory available */ uint64_t ips_out_noroute; /* output: no route available */ uint64_t ips_out_inval; /* output: generic error */ uint64_t ips_out_bundlesa; /* output: bundled SA processed */ + uint64_t ips_mbcoalesced; /* mbufs coalesced during clone */ uint64_t ips_clcoalesced; /* clusters coalesced during clone */ uint64_t ips_clcopied; /* clusters copied during clone */ |