NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/47894: racoon w/NAT-T - pfkey update: wrong ports

>  Let me see your ipsec statistics.
>    # netstat -s -p ipsec

On the server:

--->8 ---- cut here ---- 8< ---
(Fast) IPsec:
        0 no SA found (output)
        0 no memory available (output)
        0 no route available (output)
        0 generic errors (output)
        0 bundled SA processed (output)
        469 SPD cache lookups
        469 SPD cache misses

IPsec ah:
        0 ah input packets processed
        0 ah output packets processed
        0 ah headers too short
        0 ah headers for unsupported address family
        0 ah packets with no SA
        0 ah packets dropped by crypto returning NULL mbuf
        0 ah packets with bad authentication
        0 ah packets with no xform
        0 ah packets dropped due to queue full
        0 ah packets dropped for replay counter wrap
        0 ah packets dropped for possible replay
        0 ah packets dropped for bad authenticator length
        0 ah packets with an invalid SA
        0 ah packets too big
        0 ah packets blocked due to policy
        0 ah failed crypto requests
        0 ah tunnel sanity check failures
        ah histogram:
                ah packets with hmac-sha1: 8
        0 ah bytes received
        0 ah bytes transmitted

IPsec esp:
        4 esp input packets processed
        4 esp output packets processed
        0 esp headers too short
        0 esp headers for unsupported address family
        0 esp packets with no SA
        0 esp packets dropped by crypto returning NULL mbuf
        0 esp packets dropped due to queue full
        0 esp packets with no xform
        0 esp packets with bad ilen
        0 esp packets with bad encryption
        0 esp packets with bad authentication
        0 esp packets dropped for replay counter wrap
        0 esp packets dropped for possible replay
        0 esp packets with an invalid SA
        0 esp packets too big
        0 esp packets blocked due to policy
        0 esp failed crypto requests
--->8 ---- cut here ---- 8< ---

on the client:

--->8 ---- cut here ---- 8< ---
(Fast) IPsec:
        1 no SA found (output)
        0 no memory available (output)
        0 no route available (output)
        0 generic errors (output)
        0 bundled SA processed (output)
        294 SPD cache lookups
        281 SPD cache misses

IPsec ah:
        0 ah input packets processed
        0 ah output packets processed
        0 ah headers too short
        0 ah headers for unsupported address family
        0 ah packets with no SA
        0 ah packets dropped by crypto returning NULL mbuf
        0 ah packets with bad authentication
        0 ah packets with no xform
        0 ah packets dropped due to queue full
        0 ah packets dropped for replay counter wrap
        0 ah packets dropped for possible replay
        0 ah packets dropped for bad authenticator length
        0 ah packets with an invalid SA
        0 ah packets too big
        0 ah packets blocked due to policy
        0 ah failed crypto requests
        0 ah tunnel sanity check failures
        ah histogram:
                ah packets with hmac-sha1: 14
        0 ah bytes received
        0 ah bytes transmitted

IPsec esp:
        7 esp input packets processed
        7 esp output packets processed
        0 esp headers too short
        0 esp headers for unsupported address family
        0 esp packets with no SA
        0 esp packets dropped by crypto returning NULL mbuf
        0 esp packets dropped due to queue full
        0 esp packets with no xform
        0 esp packets with bad ilen
        0 esp packets with bad encryption
        0 esp packets with bad authentication
        0 esp packets dropped for replay counter wrap
        0 esp packets dropped for possible replay
        0 esp packets with an invalid SA
        0 esp packets too big
        0 esp packets blocked due to policy
        0 esp failed crypto requests
        0 esp tunnel sanity check failures
        esp histogram:
                esp packets with aes-cbc: 14
        224 esp bytes received
        308 esp bytes transmitted
IPsec ipip:
        0 ipip total input packets
        0 ipip total output packets
        0 ipip packets too short for header length
        0 ipip packets dropped due to queue full
        0 ipip packets blocked due to policy
        0 ipip IP spoofing attempts
        0 ipip protocol family mismatched
        0 ipip missing tunnel-endpoint address
        0 ipip input bytes received
        0 ipip output bytes processed
IPsec ipcomp:
        0 ipcomp packets too short for header length
        0 ipcomp protocol family not supported
        0 ipcomp packets with no SA
        0 ipcomp packets dropped by crypto returning NULL mbuf
        0 ipcomp queue full
        0 ipcomp no support for transform
        0 ipcomp packets dropped for replay counter wrap
        0 ipcomp input IPcomp packets
        0 ipcomp output IPcomp packets
        0 ipcomp packets with an invalid SA
        0 ipcomp packets decompressed as too big
        0 ipcomp packets too short to be compressed
        0 ipcomp packet for which compression was useless
        0 ipcomp packets blocked due to policy
        0 ipcomp failed crypto requests
        IPcomp histogram:
        0 ipcomp input bytes
        0 ipcomp output bytes
--->8 ---- cut here ---- 8< ---

-- 
Egerváry Gergely
<gergely%egervary.hu@localhost>
Home | Main Index | Thread Index | Old Index