Module Name:src
Committed By: martin
Date: Thu Oct 8 17:49:03 UTC 2020
Modified Files:
src/sys/netipsec [netbsd-9]: xform_esp.c
Log Message:
Pull up following revision(s) (requested by knakahara in ticket #1103):
sys/netipsec/xform_esp.c: revision 1.101
Make sequence number of esp header MP-safe for IPsec Tx side. reviewed by
ozaki-r@n.o
In IPsec Tx side, one Security Association can be used by multiple CPUs.
On the other hand, in IPsec Rx side, one Security Association is used
by only one CPU.
XXX pullup-{8,9}
To generate a diff of this commit:
cvs rdiff -u -r1.98 -r1.98.2.1 src/sys/netipsec/xform_esp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/netipsec/xform_esp.c
diff -u src/sys/netipsec/xform_esp.c:1.98 src/sys/netipsec/xform_esp.c:1.98.2.1
--- src/sys/netipsec/xform_esp.c:1.98 Wed Jun 12 22:23:50 2019
+++ src/sys/netipsec/xform_esp.c Thu Oct 8 17:49:03 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.98 2019/06/12 22:23:50 christos Exp $ */
+/* $NetBSD: xform_esp.c,v 1.98.2.1 2020/10/08 17:49:03 martin Exp $ */
/* $FreeBSD: xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
#include
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.98 2019/06/12 22:23:50 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.98.2.1 2020/10/08 17:49:03 martin Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -796,11 +796,12 @@ esp_output(struct mbuf *m, const struct
#ifdef IPSEC_DEBUG
/* Emulate replay attack when ipsec_replay is TRUE. */
- if (!ipsec_replay)
+ if (ipsec_replay)
+ replay = htonl(sav->replay->count);
+ else
#endif
- sav->replay->count++;
+ replay = htonl(atomic_inc_32_nv(>replay->count));
- replay = htonl(sav->replay->count);
memcpy(mtod(mo,char *) + roff + sizeof(uint32_t), ,
sizeof(uint32_t));
}