tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Recent IPSEC changes

On Fri, Oct 13, 2017 at 4:41 PM, Robert Swindells <> wrote:
> Ryota Ozaki <> wrote:
>>On Fri, Oct 13, 2017 at 5:49 AM, Robert Swindells <> wrote:
>>> I think something in the recent IPSEC changes is setting the ipsec_used
>>> flag to be always true.
>>Not really on my machine. I guess it depends on environments.
> My environment is INET, INET6 & IPSEC in the kernel config, no modules.
> I have taken out any other protocols.

My config is similar to GENERIC in in terms of network protocols.

>>There is a change that affects the ipsec_used flag:
> Ok.
>>It turns on the flag when a socket is enabled the IP_IPSEC_POLICY option.
>>There was a bug that having such a socket didn't turn on the flag; the
>>above commit fixed the bug.
> The flag is on at boot for me.

Heh. ipsec_used is initially 0. And only key_update_used() changes the
value. Could you add KASSERT(0) to at the beginning of key_update_used,
rebuild a kernel and try to boot it? Then, we can know who changes it
(or it's initialized with 1 unexpectedly).

>>Do you have any processes having a socket with IP_IPSEC_POLICY on your
>>machine in mind?
> No.



Home | Main Index | Thread Index | Old Index