Christophe, > However, the hash calculation is not reentrant because a single hasher > is used for the whole IKE SA manager. It leads to bogus calculations > under high load
I agree, this bug should be addressed. Some hasher implementations, such as the default, actually store hash context on the stack, so this is an issue for IKEv1 only. Others, such as the one from the openssl plugin, does not and can't handle multiple simultaneous users. > Don't share a single hasher in the IKE SA manager, create a transient > one whenever a message must be hashed. Thanks for the patch, looks good. Not sure if it would be better performance-wise to use locking instead, but I'm fine with that approach. > - return FALSE; > + goto end; I'm no fan of goto-programming, hence I took the liberty to adjust your patch slightly [1]. Queued for mainline. Regards Martin [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=595389f9 _______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
