Fwd: Fwd: IPSEC

To: "debian-bsd@lists.debian.org" <debian-bsd@lists.debian.org>
Cc: Eitan Adler <lists@eitanadler.com>, Steven Chamberlain <steven@pyro.eu.org>
Subject: Fwd: Fwd: IPSEC
From: Robert Millan <rmh@debian.org>
Date: Sun, 15 Dec 2013 13:06:45 +0100
Message-id: <[🔎] 52AD9B55.2060703@debian.org>
In-reply-to: <CAF6rxgkK5bNeqMCQ6ASK9o642w0Me_NJEJ3mmwy00wyL21J2aQ@mail.gmail.com>
References: <CAF6rxgkK5bNeqMCQ6ASK9o642w0Me_NJEJ3mmwy00wyL21J2aQ@mail.gmail.com>

Thanks Eitan. Forwarding to -bsd ....

<<On Sat, 14 Dec 2013 16:09:55 -0500, Eitan Adler <lists@eitanadler.com> said:

> On Sat, Dec 14, 2013 at 4:08 PM, Garrett Wollman wrote:
>> In article <mit.lcs.mail.freebsd-arch/[🔎] CAF6rxgmDJZVrzaNScjNqB8YJbHK2MXaYW3BVCu7DVMcZmwPiyw@mail.gmail.com> you write:
>>> The question below has been unanswered since Sat, Sep 14, 2013.
>>>
>>> Are there any known concerns with enabling IPSEC?  Is there any reason
>>> to not do so in GENERIC?
>>
>> In 9.1 I found that it was racy and would panic a server under heavy
>> load.  Don't know if this has been fixed since then.

> Was this only true when used with IPSEC, or did this affect other sub-systems?

It was only true when IPsec was compiled into the kernel; we never
actually used it.  The race is in the IP-input path where packets are
checked against the (nonexistent) IPsec policy.

Come to think of it, it may not technically be a race, but a
cache-coherence issue, since the memory in question is being DMA'ed
into.

-GAWollman

-- 
Eitan Adler

Reply to:

Prev by Date: Re: debian-ports.org getting relatively unstable (hppa)
Next by Date: Re: Release sprint results - team changes, auto-rm and arch status
Previous by thread: Re: IPSEC
Next by thread: Using wifi via a smart phone/USB tethering
Index(es):
- Date
- Thread