artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8831ce9) | patch
Do not queue crypto operations for IPsec. The packet entries in
authorbluhm <bluhm@openbsd.org>
Mon, 26 Jul 2021 21:27:56 +0000 (21:27 +0000)
committerbluhm <bluhm@openbsd.org>
Mon, 26 Jul 2021 21:27:56 +0000 (21:27 +0000)
commit0ae952208f54c8830b58d4facb9561e2e34af873
tree6de9d041ee15e49a15bf16d770c2d8e45b6f6caetree | snapshot
parent8831ce958a73402383b566dc1aa3ab9b97c46475commit | diff
Do not queue crypto operations for IPsec.  The packet entries in
task queues were unlimited and could overflow during havy traffic.
Even if we still use hardware drivers that sleep, softnet task
instead of soft interrupt can handle this now.  Without queues net
lock is inherited and kernel lock is only needed once per packet.
This results in less lock contention and faster IPsec.
Also protect tdb drop counters with net lock and avoid a leak in
crypto dispatch error handling.
intense testing Hrvoje Popovski; OK mpi@
sys/crypto/crypto.c diff | blob | history
sys/crypto/cryptodev.h diff | blob | history
sys/netinet/ip_ah.c diff | blob | history
sys/netinet/ip_esp.c diff | blob | history
sys/netinet/ip_ipcomp.c diff | blob | history
sys/netinet/ipsec_input.c diff | blob | history
sys/netinet/ipsec_output.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim