202092 – IPsec replay counter is probably not MP safe

Bug 202092 - IPsec replay counter is probably not MP safe

Summary: IPsec replay counter is probably not MP safe

Status:	Closed Overcome By Events

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	George V. Neville-Neil

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-08-04 20:21 UTC by John-Mark Gurney
Modified:	2024-10-17 21:43 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John-Mark Gurney freebsd_committer

2015-08-04 20:21:13 UTC

It is likely that the IPsec replay counters are not MP safe.  There is a lock in the SA, but not around the replay counters.  This could cause issues w/ high PPS and RSS which is becoming more common.

Comment 1 Andrey V. Elsukov freebsd_committer

2019-05-20 10:37:32 UTC

It seems this is no longer the problem in the current code.

Comment 2 Mark Johnston freebsd_committer

2024-10-17 21:43:26 UTC

Indeed, ipsec_chkreplay() and related functions are serialized now.