diff options
| author | Martin Pieuchot <mpi@cvs.openbsd.org> | 2017-10-26 15:13:41 +0000 |
|---|---|---|
| committer | Martin Pieuchot <mpi@cvs.openbsd.org> | 2017-10-26 15:13:41 +0000 |
| commit | 330046d92075d868d7ef7be8878e1a656127b9d1 (patch) | |
| tree | 3e54fe3ed2c78f6d75b85dd13f8cbed44d2bb085 /sys/netinet | |
| parent | 4ddb3c290aad6182191ad24babc5bc01f57b75a3 (diff) | |
Stop grabbing the KERNEL_LOCK() in network tasks when `ipsec_in_use'
is set.
Accesses to IPsec global data structure are now serialized by the
NET_LOCK().
Tested by many, ok visa@, bluhm@
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_input.c | 28 | ||||
| -rw-r--r-- | sys/netinet/ip_output.c | 4 |
2 files changed, 2 insertions, 30 deletions
diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index bf07a950b15..95c9194efcb 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.323 2017/10/09 08:35:38 mpi Exp $ */ +/* $OpenBSD: ip_input.c,v 1.324 2017/10/26 15:13:40 mpi Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -482,8 +482,6 @@ ip_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp) if (ipsec_in_use) { int rv; - KERNEL_ASSERT_LOCKED(); - rv = ipsec_forward_check(m, hlen, AF_INET); if (rv != 0) { ipstat_inc(ips_cantforward); @@ -1825,40 +1823,16 @@ ip_send_dispatch(void *xmq) struct mbuf_queue *mq = xmq; struct mbuf *m; struct mbuf_list ml; -#ifdef IPSEC - int locked = 0; -#endif /* IPSEC */ mq_delist(mq, &ml); if (ml_empty(&ml)) return; NET_LOCK(); - -#ifdef IPSEC - /* - * IPsec is not ready to run without KERNEL_LOCK(). So all - * the traffic on your machine is punished if you have IPsec - * enabled. - */ - extern int ipsec_in_use; - if (ipsec_in_use) { - NET_UNLOCK(); - KERNEL_LOCK(); - NET_LOCK(); - locked = 1; - } -#endif /* IPSEC */ - while ((m = ml_dequeue(&ml)) != NULL) { ip_output(m, NULL, NULL, 0, NULL, NULL, 0); } NET_UNLOCK(); - -#ifdef IPSEC - if (locked) - KERNEL_UNLOCK(); -#endif /* IPSEC */ } void diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 028b7a67653..ef3f0abbef4 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.342 2017/09/20 16:22:02 visa Exp $ */ +/* $OpenBSD: ip_output.c,v 1.343 2017/10/26 15:13:40 mpi Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -233,7 +233,6 @@ reroute: #ifdef IPSEC if (ipsec_in_use || inp != NULL) { - KERNEL_ASSERT_LOCKED(); /* Do we have any pending SAs to apply ? */ tdb = ip_output_ipsec_lookup(m, hlen, &error, inp, ipsecflowinfo); @@ -404,7 +403,6 @@ sendit: * Check if the packet needs encapsulation. */ if (tdb != NULL) { - KERNEL_ASSERT_LOCKED(); /* Callee frees mbuf */ error = ip_output_ipsec_send(tdb, m, ifp, ro); goto done; |