Some missing splnet() in key.c
VANHULLEBUS Yvan
yvan.vanhullebus at netasq.com
Wed Aug 17 18:59:09 GMT 2005
Looks like there were some problems with SMIME signature and the
attachment (my MUA confirms that the attachement was in the sent mail,
but I can't see it on the received mail from freebsd-net ML), do here
is another try without the SMIME signature...
On Wed, Aug 17, 2005 at 08:23:49PM +0200, VANHULLEBUS Yvan wrote:
> Hi all.
>
> A few months ago, I reported some missing splnet() in key.c to
> snap-users at kame.net. I found them by tracking some random and strange
> problems, which are more likely to happen when running on a "slow"
> CPU, when having some heavy PFKey activity and when having high IPSec
> traffic.
>
> The attached patch (made against FreeBSD6 version, but should be easy
> to port to other versions) fixes at least most splnet problems (well,
> at least, I didn't have any more report for customers which use the
> latest version including all those locks....).
>
> Please note that mixing this patch and the FreeBSD NAT-T patch
> available on ipsec-tools web site will have a possible dead lock in
> key_add(), when handling NAT-T extensions (Manu: check that for
> NetBSD, there is probably the same code !).
>
> I'll update quickly FreeBSD6 NAT-T patchset on ipsec-tools web site if
> this patch is commited on FreeBSD6 source.
Yvan.
--
NETASQ - Secure Internet Connectivity
http://www.netasq.com
More information about the freebsd-net
mailing list