Page MenuHomeFreeBSD

Rework if_ipsec(4) to use epoch(9)-based locking model.
ClosedPublic

Authored by ae on Sep 17 2018, 10:38 AM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 28, 2:18 PM
Unknown Object (File)
Thu, Nov 28, 4:51 AM
Unknown Object (File)
Sun, Nov 24, 11:40 AM
Unknown Object (File)
Nov 14 2024, 4:23 PM
Unknown Object (File)
Nov 7 2024, 9:15 PM
Unknown Object (File)
Oct 4 2024, 6:56 PM
Unknown Object (File)
Sep 29 2024, 11:16 AM
Unknown Object (File)
Sep 27 2024, 5:07 PM
Subscribers

Details

Summary

Rework if_ipsec(4) to used epoch(9) instead of rmlock.

  • use CK_LIST and FNV hash to keep chains of softc;
  • read access to soft is protected by epoch();
  • write access is protected by ipsec_ioctl_sx. Change of softc fields allowed only when softc is unlinked from CK_LIST chains. And linking/unlinking is allowed only when ipsec_ioctl_sx is exclusive locked.
  • the plain LIST of all softc is replaced by hash table that uses ingress address of tunnels as key.
  • added support for appearing/disappearing of ingress address handling D17134. Now it is allowed configure non-local ingress IP address, and thus the problem with if_ipsec(4) configuration that happens on boot, when ingress address is not yet configured, is solved.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

ae edited the summary of this revision. (Show Details)

Deduplicate the code that deletes softc from srchash.
And add another IPSEC_WAIT() to fix possible race in ipsec_if_input().

This revision was not accepted when it landed; it landed in state Needs Review.Oct 21 2018, 6:24 PM
This revision was automatically updated to reflect the committed changes.