Module Name: src Committed By: ozaki-r Date: Wed Aug 2 01:28:03 UTC 2017
Modified Files: src/sys/netinet6: ip6_forward.c ip6_output.c src/sys/netipsec: ipsec.c ipsec.h key.c key.h xform_ah.c xform_esp.c xform_ipcomp.c src/sys/rump/librump/rumpnet: net_stub.c Log Message: Make IPsec SPD MP-safe We use localcount(9), not psref(9), to make the sptree and secpolicy (SP) entries MP-safe because SPs need to be referenced over opencrypto processing that executes a callback in a different context. SPs on sockets aren't managed by the sptree and can be destroyed in softint. localcount_drain cannot be used in softint so we delay the destruction of such SPs to a thread context. To do so, a list to manage such SPs is added (key_socksplist) and key_timehandler_spd deletes dead SPs in the list. For more details please read the locking notes in key.c. Proposed on tech-kern@ and tech-net@ To generate a diff of this commit: cvs rdiff -u -r1.87 -r1.88 src/sys/netinet6/ip6_forward.c cvs rdiff -u -r1.192 -r1.193 src/sys/netinet6/ip6_output.c cvs rdiff -u -r1.112 -r1.113 src/sys/netipsec/ipsec.c cvs rdiff -u -r1.57 -r1.58 src/sys/netipsec/ipsec.h cvs rdiff -u -r1.196 -r1.197 src/sys/netipsec/key.c cvs rdiff -u -r1.25 -r1.26 src/sys/netipsec/key.h cvs rdiff -u -r1.69 -r1.70 src/sys/netipsec/xform_ah.c cvs rdiff -u -r1.67 -r1.68 src/sys/netipsec/xform_esp.c cvs rdiff -u -r1.48 -r1.49 src/sys/netipsec/xform_ipcomp.c cvs rdiff -u -r1.26 -r1.27 src/sys/rump/librump/rumpnet/net_stub.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.