Page MenuHomeFreeBSD

Enter and exit the network epoch for async IPsec callbacks.

Authored by jhb on Jun 25 2020, 12:49 AM.



When an IPsec packet has been encrypted or decrypted, the next step in
the packet's traversal through the network stack is invoked from a
crypto worker thread, not from the original calling thread. These
threads need to enter the network epoch before passing packets down to
IP output routines or up to transport protocols.

Test Plan
  • tried IPsec with a kernel with INVARIANTS on head and it promptly fell over with assertion failures (not sure why I didn't see this previously since the assertions went in)
  • tested with IPv4 (AES-GCM, IPcomp (sort of, I was able to get a single ping reply back, but not others), AES-CBC + SHA1), and IPv6 (AES-GCM)

Diff Detail

rS FreeBSD src repository - subversion
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.