CVSROOT: /cvs Module name: src Changes by: bl...@cvs.openbsd.org 2021/07/26 15:27:57
Modified files: sys/crypto : crypto.c cryptodev.h sys/netinet : ip_ah.c ip_esp.c ip_ipcomp.c ipsec_input.c ipsec_output.c Log message: Do not queue crypto operations for IPsec. The packet entries in task queues were unlimited and could overflow during havy traffic. Even if we still use hardware drivers that sleep, softnet task instead of soft interrupt can handle this now. Without queues net lock is inherited and kernel lock is only needed once per packet. This results in less lock contention and faster IPsec. Also protect tdb drop counters with net lock and avoid a leak in crypto dispatch error handling. intense testing Hrvoje Popovski; OK mpi@