Module Name: src Committed By: knakahara Date: Mon Oct 5 09:51:25 UTC 2020
Modified Files: src/sys/netipsec: xform_esp.c Log Message: Make sequence number of esp header MP-safe for IPsec Tx side. reviewed by ozaki-r@n.o In IPsec Tx side, one Security Association can be used by multiple CPUs. On the other hand, in IPsec Rx side, one Security Association is used by only one CPU. XXX pullup-{8,9} To generate a diff of this commit: cvs rdiff -u -r1.100 -r1.101 src/sys/netipsec/xform_esp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/xform_esp.c diff -u src/sys/netipsec/xform_esp.c:1.100 src/sys/netipsec/xform_esp.c:1.101 --- src/sys/netipsec/xform_esp.c:1.100 Tue Jun 30 04:14:55 2020 +++ src/sys/netipsec/xform_esp.c Mon Oct 5 09:51:25 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: xform_esp.c,v 1.100 2020/06/30 04:14:55 riastradh Exp $ */ +/* $NetBSD: xform_esp.c,v 1.101 2020/10/05 09:51:25 knakahara Exp $ */ /* $FreeBSD: xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */ /* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */ @@ -39,7 +39,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.100 2020/06/30 04:14:55 riastradh Exp $"); +__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.101 2020/10/05 09:51:25 knakahara Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -796,11 +796,12 @@ esp_output(struct mbuf *m, const struct #ifdef IPSEC_DEBUG /* Emulate replay attack when ipsec_replay is TRUE. */ - if (!ipsec_replay) + if (ipsec_replay) + replay = htonl(sav->replay->count); + else #endif - sav->replay->count++; + replay = htonl(atomic_inc_32_nv(&sav->replay->count)); - replay = htonl(sav->replay->count); memcpy(mtod(mo,char *) + roff + sizeof(uint32_t), &replay, sizeof(uint32_t)); }