| created | 2021-06-20T20:13:24Z |
|---|---|
| begin | 2021-06-18T12:12:22Z |
| end | 2021-06-18T15:34:21Z |
| path | src/sys |
| commits | 1 |
| date | 2021-06-18T15:34:21Z | |||
|---|---|---|---|---|
| author | bluhm | |||
| files | src/sys/netinet/ip_ah.c | log | diff | annotate |
| src/sys/netinet/ip_esp.c | log | diff | annotate | |
| src/sys/netinet/ip_ipcomp.c | log | diff | annotate | |
| src/sys/netinet/ipsec_input.c | log | diff | annotate | |
| src/sys/netinet/ipsec_output.c | log | diff | annotate | |
| message |
The crypto(9) framework used by IPsec runs on a kernel task that is protected by kernel lock. There were crashes in swcr_authenc() when it was accessing swcr_sessions. As a quick fix, protect all calls from network stack to crypto with kernel lock. This also covers the rekeying case that is called from pfkey via tdb_init(). OK mvs@ |
|||