Hi, On 2017/06/12 21:51, Taylor R Campbell wrote: >> Date: Mon, 12 Jun 2017 10:53:52 +0900 >> From: Kengo NAKAHARA <k-nakah...@iij.ad.jp> >> >> I want to avoid detaching the encryption device while it is used by IPsec. >> That is, once someone creates Security Assocatation(SA) to call >> crypto_newsession(), the encryption device related the SA must not be >> detached until the SA is flushed(done crypto_freesession()) and the SA >> is not used(done crypto_dispatch() and cryptointr()). > > Why don't you just use a global reference count first? Is the latency > and scalability of crypto_newsession and crypto_freesession critical? > > I am not familiar with opencrypto -- maybe the answer is yes. But in > crypto_newsession, crypto_freesession, and cryptointr, you're still > acquiring a global lock. That defeats the purpose of using > localcount, which is to make the latency and scalability of > acquire/release no more than a CPU-local integer increment.
Exactly. At first, I tried to remove global lock in a single step using localcount(9) and other tools, however I could not completely fix bugs. So, I changed my policy. I restructure locks and define lock-orders at first, and then I will remove global locks. # This lock restructure also has the purpose to fix packet reordering. # Yes, there are many tasks about opencrypto... That is also the reason why I suspend implementation the patches shown in my previous mail. Sorry to lack of talk again. I will read your next mail, but I think it take time for me to read it and consider the implementation. I reply this answer as soon as possible. Thanks, -- ////////////////////////////////////////////////////////////////////// Internet Initiative Japan Inc. Device Engineering Section, IoT Platform Development Department, Network Division, Technology Unit Kengo NAKAHARA <k-nakah...@iij.ad.jp>
