OpenBSD cvs log

created 2021-12-27T06:45:30Z
begin 2021-12-23T12:14:15Z
end 2021-12-23T12:21:48Z
path src/sys
commits 1

date 2021-12-23T12:21:48Z
author bluhm
files src/sys/net/if_bridge.c log diff annotate
src/sys/netinet/ip_ah.c log diff annotate
src/sys/netinet/ip_esp.c log diff annotate
src/sys/netinet/ip_ipcomp.c log diff annotate
src/sys/netinet/ip_output.c log diff annotate
src/sys/netinet/ipsec_input.c log diff annotate
src/sys/netinet/ipsec_output.c log diff annotate
src/sys/netinet6/ip6_output.c log diff annotate
message IPsec is not MP safe yet. To allow forwarding in parallel without
dirty hacks, it is better to protect IPsec input and output with
kernel lock. Not much is lost as crypto needs the kernel lock
anyway. From here we can refine the lock later.
Note that there is no kernel lock in the SPD lockup path. Goal is
to keep that lock free to allow fast forwarding with non IPsec
traffic.
tested by Hrvoje Popovski; OK tobhe@