On Wed, Apr 21, 2021 at 11:27:15PM +0300, Vitaliy Makkoveev wrote: > Did you tested your diff with ipsec(4) enabled?
I enable it for the IPsec tests, but disable it for the others. Doing IPsec policy checks would also slow down non IPsec network traffic if there is any flow in the kernel. > I'm asking because we have this in net/pfkeyv2.c: I did test IPsec with flows in the kernel. So ipsec_in_use was set with this test. But the others did not set it. http://bluhm.genua.de/perform/results/2021-04-21T10%3A50%3A37Z/gnuplot/ipsec.png > 1108 pfkeyv2_send(struct socket *so, void *message, int len) > 1109 { > .... > 2013 ipsec_in_use++; > 2014 /* > 2015 * XXXSMP IPsec data structures are not ready to be > 2016 * accessed by multiple Network threads in parallel, > 2017 * so force all packets to be processed by the first > 2018 * one. > 2019 */ > 2020 extern int nettaskqs; > 2021 nettaskqs = 1; What an evil hack! I will remove this and we will see if it crashes. The problematic call seems to be ipsec_forward_check(), the other parts of IPsec are under exclusive netlock. Thanks for spotting this. bluhm
