Page MenuHomeFreeBSD

Rework if_ipsec(4) to use epoch(9)-based locking model.
ClosedPublic

Authored by ae on Sep 17 2018, 10:38 AM.

Details

Summary

Rework if_ipsec(4) to used epoch(9) instead of rmlock.

  • use CK_LIST and FNV hash to keep chains of softc;
  • read access to soft is protected by epoch();
  • write access is protected by ipsec_ioctl_sx. Change of softc fields allowed only when softc is unlinked from CK_LIST chains. And linking/unlinking is allowed only when ipsec_ioctl_sx is exclusive locked.
  • the plain LIST of all softc is replaced by hash table that uses ingress address of tunnels as key.
  • added support for appearing/disappearing of ingress address handling D17134. Now it is allowed configure non-local ingress IP address, and thus the problem with if_ipsec(4) configuration that happens on boot, when ingress address is not yet configured, is solved.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

ae edited the summary of this revision. (Show Details)

Deduplicate the code that deletes softc from srchash.
And add another IPSEC_WAIT() to fix possible race in ipsec_if_input().

This revision was not accepted when it landed; it landed in state Needs Review.Oct 21 2018, 6:24 PM
This revision was automatically updated to reflect the committed changes.