>Number:         25526
>Category:       kern
>Synopsis:       standard ipsec sysctl infrastructure not coherent after recent fastipsec changes
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon May 10 15:36:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     TheMan
>Release:        2.0E
>Organization:
none
>Environment:
	
System: NetBSD this 2.0E NetBSD 2.0E (THAT) #318: Sat May 8 01:33:58 EDT 2004 andrew@noc:/usr/src/sys/arch/i386/compile/THAT i386


>Description:

	the recent fast ipsec changes wrt to sysctl have somewhat
	broken the standard ipsec infrastructure.  in particular, some
	mib paths now lead to different objects, meaning that the two
	cannot be used interchangeably, and that the same name (if
	sysctlbyname() is used) may return completely different data.

	for example, netstat can no longer deal with the data from
	net.inet.ipsec.stats.

>How-To-Repeat:

	% netstat
	...
	netstat: net.inet.ipsec.stats: Cannot allocate memory

>Fix:

	working.  will advise.
>Release-Note:
>Audit-Trail:
>Unformatted: