From owner-freebsd-net@FreeBSD.ORG Wed Aug 17 18:59:09 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A666C16A41F for ; Wed, 17 Aug 2005 18:59:09 +0000 (GMT) (envelope-from yvan.vanhullebus@netasq.com) Received: from smtp.netasq.com (netasq.netasq.com [213.30.137.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4E4243D45 for ; Wed, 17 Aug 2005 18:59:08 +0000 (GMT) (envelope-from yvan.vanhullebus@netasq.com) Received: from [10.2.0.3] (f1000c001440400601.netasq.com [10.0.0.126]) by smtp.netasq.com (Postfix) with ESMTP id 85B5646D50; Wed, 17 Aug 2005 20:55:47 +0200 (CEST) Received: by yvan.netasq.int (Postfix, from userid 1000) id B22E254A8; Wed, 17 Aug 2005 20:59:05 +0200 (CEST) Date: Wed, 17 Aug 2005 20:59:05 +0200 From: VANHULLEBUS Yvan To: freebsd-net@freebsd.org Message-ID: <20050817185905.GA2682@yvan.netasq.int> References: <20050817182349.GB2349@yvan.netasq.int> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="UlVJffcvxoiEqYs2" Content-Disposition: inline In-Reply-To: <20050817182349.GB2349@yvan.netasq.int> User-Agent: Mutt/1.5.9i X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: manu@netbsd.org, snap-users@kame.net Subject: Re: Some missing splnet() in key.c X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2005 18:59:09 -0000 --UlVJffcvxoiEqYs2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Looks like there were some problems with SMIME signature and the attachment (my MUA confirms that the attachement was in the sent mail, but I can't see it on the received mail from freebsd-net ML), do here is another try without the SMIME signature... On Wed, Aug 17, 2005 at 08:23:49PM +0200, VANHULLEBUS Yvan wrote: > Hi all. > > A few months ago, I reported some missing splnet() in key.c to > snap-users@kame.net. I found them by tracking some random and strange > problems, which are more likely to happen when running on a "slow" > CPU, when having some heavy PFKey activity and when having high IPSec > traffic. > > The attached patch (made against FreeBSD6 version, but should be easy > to port to other versions) fixes at least most splnet problems (well, > at least, I didn't have any more report for customers which use the > latest version including all those locks....). > > Please note that mixing this patch and the FreeBSD NAT-T patch > available on ipsec-tools web site will have a possible dead lock in > key_add(), when handling NAT-T extensions (Manu: check that for > NetBSD, there is probably the same code !). > > I'll update quickly FreeBSD6 NAT-T patchset on ipsec-tools web site if > this patch is commited on FreeBSD6 source. Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com --UlVJffcvxoiEqYs2--