svn commit: r310107 - projects/ipsec/sys/netipsec
Andrey V. Elsukov
ae at FreeBSD.org
Thu Dec 15 10:36:35 UTC 2016
Author: ae
Date: Thu Dec 15 10:36:34 2016
New Revision: 310107
URL: https://svnweb.freebsd.org/changeset/base/310107
Log:
Count the replay counter overflow in corresponding counters.
Modified:
projects/ipsec/sys/netipsec/ipsec.c
Modified: projects/ipsec/sys/netipsec/ipsec.c
==============================================================================
--- projects/ipsec/sys/netipsec/ipsec.c Thu Dec 15 08:11:32 2016 (r310106)
+++ projects/ipsec/sys/netipsec/ipsec.c Thu Dec 15 10:36:34 2016 (r310107)
@@ -1647,8 +1647,13 @@ ok:
replay->overflow++;
/* Don't increment, no more packets accepted. */
- if ((sav->flags & SADB_X_EXT_CYCSEQ) == 0)
+ if ((sav->flags & SADB_X_EXT_CYCSEQ) == 0) {
+ if (sav->sah->saidx.proto == IPPROTO_AH)
+ AHSTAT_INC(ahs_wrap);
+ else if (sav->sah->saidx.proto == IPPROTO_ESP)
+ ESPSTAT_INC(esps_wrap);
return (1);
+ }
ipseclog((LOG_WARNING, "%s: replay counter made %d cycle. %s\n",
__func__, replay->overflow,
More information about the svn-src-projects
mailing list