Date: Wed, 17 Aug 2005 20:59:05 +0200 From: VANHULLEBUS Yvan <yvan.vanhullebus@netasq.com> To: freebsd-net@freebsd.org Cc: manu@netbsd.org, snap-users@kame.net Subject: Re: Some missing splnet() in key.c Message-ID: <20050817185905.GA2682@yvan.netasq.int> In-Reply-To: <20050817182349.GB2349@yvan.netasq.int> References: <20050817182349.GB2349@yvan.netasq.int>
next in thread | previous in thread | raw e-mail | index | archive | help
--UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Looks like there were some problems with SMIME signature and the attachment (my MUA confirms that the attachement was in the sent mail, but I can't see it on the received mail from freebsd-net ML), do here is another try without the SMIME signature... On Wed, Aug 17, 2005 at 08:23:49PM +0200, VANHULLEBUS Yvan wrote: > Hi all. > > A few months ago, I reported some missing splnet() in key.c to > snap-users@kame.net. I found them by tracking some random and strange > problems, which are more likely to happen when running on a "slow" > CPU, when having some heavy PFKey activity and when having high IPSec > traffic. > > The attached patch (made against FreeBSD6 version, but should be easy > to port to other versions) fixes at least most splnet problems (well, > at least, I didn't have any more report for customers which use the > latest version including all those locks....). > > Please note that mixing this patch and the FreeBSD NAT-T patch > available on ipsec-tools web site will have a possible dead lock in > key_add(), when handling NAT-T extensions (Manu: check that for > NetBSD, there is probably the same code !). > > I'll update quickly FreeBSD6 NAT-T patchset on ipsec-tools web site if > this patch is commited on FreeBSD6 source. Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com --UlVJffcvxoiEqYs2--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050817185905.GA2682>