Bug 202092

Summary: IPsec replay counter is probably not MP safe
Product: Base System Reporter: John-Mark Gurney <jmg>
Component: kernAssignee: George V. Neville-Neil <gnn>
Status: Closed Overcome By Events    
Severity: Affects Only Me CC: ae, markj
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   

Description John-Mark Gurney freebsd_committer freebsd_triage 2015-08-04 20:21:13 UTC 
It is likely that the IPsec replay counters are not MP safe.  There is a lock in the SA, but not around the replay counters.  This could cause issues w/ high PPS and RSS which is becoming more common.
Comment 1 Andrey V. Elsukov freebsd_committer freebsd_triage 2019-05-20 10:37:32 UTC 
It seems this is no longer the problem in the current code.
Comment 2 Mark Johnston freebsd_committer freebsd_triage 2024-10-17 21:43:26 UTC 
Indeed, ipsec_chkreplay() and related functions are serialized now.