Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 8e4ed52)
ipsec: Add/Del SA not MP safe 99/26799/1
authorNeale Ranns <[email protected]>
Thu, 30 Apr 2020 13:30:57 +0000 (13:30 +0000)
committerAndrew Yourtchenko <[email protected]>
Thu, 30 Apr 2020 17:20:00 +0000 (17:20 +0000)
Type: fix

some crytto engines store key data indexed by SA index. Creating new SAs
means this store reallocs with packets inflight; bad stuff ensues.

Signed-off-by: Neale Ranns <[email protected]>
Change-Id: Ia23c3a59e2d05fb006bdbd9922d01ee192e22853

src/vnet/ipsec/ipsec_api.c patch | blob | history

diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index abebd5b..5dfd670 100644 (file)
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -1012,13 +1012,6 @@ ipsec_api_hookup (vlib_main_t * vm)
   foreach_vpe_api_msg;
 #undef _
 
-  /*
-   * Adding and deleting SAs is MP safe since when they are added/delete
-   * no traffic is using them
-   */
-  am->is_mp_safe[VL_API_IPSEC_SAD_ENTRY_ADD_DEL] = 1;
-  am->is_mp_safe[VL_API_IPSEC_SAD_ENTRY_ADD_DEL_REPLY] = 1;
-
   /*
    * Set up the (msg_name, crc, message-id) table
    */
Vector Packet Processing