CVSROOT: /cvs
Module name: src
Changes by: m...@cvs.openbsd.org 2021/07/18 12:19:22
Modified files:
sys/netinet : ip_ipsp.c ip_ipsp.h
Log message:
Introduce and use garbage collector for 'ipsec_ids' struct entities
destruction instead of using per-entity timeout. This fixes the races
between ipsp_ids_insert(), ipsp_ids_free() and ipsp_ids_timeout().
ipsp_ids_insert() can't stop ipsp_ids_timeout() timeout handler which is
already running and awaiting netlock to be released, so reused `ids' will
be silently removed in this case.
ipsp_ids_free() can't determine is ipsp_ids_timeout() timeout handler
running because timeout_del(9) called by ipsp_ids_insert() clears it's
triggered state. So ipsp_ids_timeout() could be scheduled to run twice in
this case.
Also hrvoje@ reported about ipsec(4) throughput increased with this diff
so it seems we caught significant count of ipsp_ids_insert() races.
tests and feedback by hrvoje@
ok bluhm@
