Dan McDonald wrote:
> I think my last request on this got lost, so let me try again.
>
> I've got two kernel bugfixes:
>
> 6777776 NAT-T keepalive transmission shouldn't directly call
> ipsec_wput_ipsec_out()
> 6779183 AH and ESP taskq handlers have to remember the netstack ID.
>
> that need review.
>
> Last time I put these out, people reminded me of netstack hold/release
> issues. I think I nailed those. Also (more importantly) I've followed suit
> with the asynchronous EF calls and preserved the instance number, knowing
> that I need to guard against a zone's destruction during the setup and
> asynchronous return.
>
> Here's the webrev:
>
> http://cr.opensolaris.org/~danmcd/6777776/
ipsecesp.c would hit an assertion failure if you were to run this,
because db_type can't be both a M_CTL and an M_DATA.
2307 ASSERT(ipsec_mp->b_datap->db_type == M_CTL);
2308 ASSERT(io->ipsec_out_type == IPSEC_OUT);
2309 ASSERT(ipsec_mp->b_cont != NULL);
2310 ASSERT(ipsec_mp->b_datap->db_type == M_DATA);
For the inbound_task using ipsec_in_stackid I'm having a hard time
convincing myself that ipsec_in_stackid is always set. Does it need to
be set before we kick off inbound_task? Or would it be better to only
set ipsec_in_stackid in the 3 or so places where we set ipsec_in_ns?
(i.e., remove the two places we currently set it in favor of those three.)
Erik
_______________________________________________
networking-discuss mailing list
[email protected]
