artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ad8c1dd) | patch
IPsec is not MP safe yet. To allow forwarding in parallel without
authorbluhm <bluhm@openbsd.org>
Thu, 23 Dec 2021 12:21:48 +0000 (12:21 +0000)
committerbluhm <bluhm@openbsd.org>
Thu, 23 Dec 2021 12:21:48 +0000 (12:21 +0000)
commit5ee194bcd8bfa6219caf45714af6917cd66341c5
treec5739562da28971db95f3eea0803774f0dcf2282tree | snapshot
parentad8c1ddc23041075f0773e086b5936ce2d34b007commit | diff
IPsec is not MP safe yet.  To allow forwarding in parallel without
dirty hacks, it is better to protect IPsec input and output with
kernel lock.  Not much is lost as crypto needs the kernel lock
anyway.  From here we can refine the lock later.
Note that there is no kernel lock in the SPD lockup path.  Goal is
to keep that lock free to allow fast forwarding with non IPsec
traffic.
tested by Hrvoje Popovski; OK tobhe@
sys/net/if_bridge.c diff | blob | history
sys/netinet/ip_ah.c diff | blob | history
sys/netinet/ip_esp.c diff | blob | history
sys/netinet/ip_ipcomp.c diff | blob | history
sys/netinet/ip_output.c diff | blob | history
sys/netinet/ipsec_input.c diff | blob | history
sys/netinet/ipsec_output.c diff | blob | history
sys/netinet6/ip6_output.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim