current-users: Re: IPSec tunnel broke with ~latest 1.6Z

Subject: Re: IPSec tunnel broke with ~latest 1.6Z
To: None <current-users@netbsd.org>
From: Arto Selonen <arto@selonen.org>
List: current-users
Date: 09/09/2003 20:46:57

Hi!

On Tue, 9 Sep 2003, Greg Troxel wrote:

> Look at the statistics counters with 'netbsd -s -p ipsec'.  If you see
> inbound packets with no SA available, you are probably having the same
> problem I am.

# netstat -s -p ipsec | grep SA
        102 inbound packets with no SA available
        0 outbound packets with no SA available

The above comes from the broken(?) 1.6Z, whereas the 1.6T shows zeros.
The number seems to increment even without actively testing the
non-working direction. The number is quite low (it was above 3000), since
I just found out that 'setkey -DP' panics. Did work at the 1.6T

Anyway, thanks for confirming my doubts. I guess I'll start waiting for
a fix. :)

Artsi
#######======------  http://www.selonen.org/arto/  --------========########
Everstinkuja 5 B 35                               Don't mind doing it.
FIN-02600 Espoo        arto@selonen.org         Don't mind not doing it.
Finland              tel +358 50 560 4826     Don't know anything about it.