created | 2021-06-20T20:13:24Z |
---|---|
begin | 2021-06-18T12:12:22Z |
end | 2021-06-18T15:34:21Z |
path | src/sys |
commits | 1 |
date | 2021-06-18T15:34:21Z | |||
---|---|---|---|---|
author | bluhm | |||
files | src/sys/netinet/ip_ah.c | log | diff | annotate |
src/sys/netinet/ip_esp.c | log | diff | annotate | |
src/sys/netinet/ip_ipcomp.c | log | diff | annotate | |
src/sys/netinet/ipsec_input.c | log | diff | annotate | |
src/sys/netinet/ipsec_output.c | log | diff | annotate | |
message |
The crypto(9) framework used by IPsec runs on a kernel task that is protected by kernel lock. There were crashes in swcr_authenc() when it was accessing swcr_sessions. As a quick fix, protect all calls from network stack to crypto with kernel lock. This also covers the rekeying case that is called from pfkey via tdb_init(). OK mvs@ |