CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2021/07/26 15:27:57
Modified files:
sys/crypto : crypto.c cryptodev.h
sys/netinet : ip_ah.c ip_esp.c ip_ipcomp.c ipsec_input.c
ipsec_output.c
Log message:
Do not queue crypto operations for IPsec. The packet entries in
task queues were unlimited and could overflow during havy traffic.
Even if we still use hardware drivers that sleep, softnet task
instead of soft interrupt can handle this now. Without queues net
lock is inherited and kernel lock is only needed once per packet.
This results in less lock contention and faster IPsec.
Also protect tdb drop counters with net lock and avoid a leak in
crypto dispatch error handling.
intense testing Hrvoje Popovski; OK mpi@
