Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports

[Egerváry Gergely <gergely%egervary.hu@localhost>]

>>    # netstat -s -p ipsec
> 
> On the server:

Ooops here too, nasty `head -n 50' was applied on the server.

Now in full version:

--- >8 ---- cut here ---- 8< ---
(Fast) IPsec:
        0 no SA found (output)
        0 no memory available (output)
        0 no route available (output)
        0 generic errors (output)
        0 bundled SA processed (output)
        522 SPD cache lookups
        522 SPD cache misses

IPsec ah:
        0 ah input packets processed
        0 ah output packets processed
        0 ah headers too short
        0 ah headers for unsupported address family
        0 ah packets with no SA
        0 ah packets dropped by crypto returning NULL mbuf
        0 ah packets with bad authentication
        0 ah packets with no xform
        0 ah packets dropped due to queue full
        0 ah packets dropped for replay counter wrap
        0 ah packets dropped for possible replay
        0 ah packets dropped for bad authenticator length
        0 ah packets with an invalid SA
        0 ah packets too big
        0 ah packets blocked due to policy
        0 ah failed crypto requests
        0 ah tunnel sanity check failures
        ah histogram:
                ah packets with hmac-sha1: 18
        0 ah bytes received
        0 ah bytes transmitted

IPsec esp:
        9 esp input packets processed
        9 esp output packets processed
        0 esp headers too short
        0 esp headers for unsupported address family
        0 esp packets with no SA
        0 esp packets dropped by crypto returning NULL mbuf
        0 esp packets dropped due to queue full
        0 esp packets with no xform
        0 esp packets with bad ilen
        0 esp packets with bad encryption
        0 esp packets with bad authentication
        0 esp packets dropped for replay counter wrap
        0 esp packets dropped for possible replay
        0 esp packets with an invalid SA
        0 esp packets too big
        0 esp packets blocked due to policy
        0 esp failed crypto requests
        0 esp tunnel sanity check failures
        esp histogram:
                esp packets with aes-cbc: 18
        432 esp bytes received
        180 esp bytes transmitted
IPsec ipip:
        0 ipip total input packets
        0 ipip total output packets
        0 ipip packets too short for header length
        0 ipip packets dropped due to queue full
        0 ipip packets blocked due to policy
        0 ipip IP spoofing attempts
        0 ipip protocol family mismatched
        0 ipip missing tunnel-endpoint address
        0 ipip input bytes received
        0 ipip output bytes processed
IPsec ipcomp:
        0 ipcomp packets too short for header length
        0 ipcomp protocol family not supported
        0 ipcomp packets with no SA
        0 ipcomp packets dropped by crypto returning NULL mbuf
        0 ipcomp queue full
        0 ipcomp no support for transform
        0 ipcomp packets dropped for replay counter wrap
        0 ipcomp input IPcomp packets
        0 ipcomp output IPcomp packets
        0 ipcomp packets with an invalid SA
        0 ipcomp packets decompressed as too big
        0 ipcomp packets too short to be compressed
        0 ipcomp packet for which compression was useless
        0 ipcomp packets blocked due to policy
        0 ipcomp failed crypto requests
        IPcomp histogram:
        0 ipcomp input bytes
        0 ipcomp output bytes
--- >8 ---- cut here ---- 8< ---

-- 
Egerváry Gergely
<gergely%egervary.hu@localhost>