SPDUPDATE is implemented using a del/add mechanism.
Unfortunately it is not atomic: the SP tree lock is released after the SP is removed and taken again before the SP is inserted.
Depending on the configuration, some packets may leak (e.g. using the default route)
Details
Details
In a network-to-network IPSec configuration, I set up an aggressive ping between two hosts.
tcpdump on the public interface shows ping packets from time to time (during the SPDUPDATE events triggered by the IKE daemon).
After the patch, there is no more packet leak.
Diff Detail
Diff Detail
- Repository
- rS FreeBSD src repository - subversion
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
Comment Actions
I have two questions:
- is it OK to leave the old SP in case of error? I guess it is but in the previous implementation the SP is removed if it cannot be updated, and I think it is really questionable.
- is it OK to hold a mutex during a printf? I guess not but there are already some examples doing that in this file