On Mon, Jul 19, 2021 at 05:53:40PM +0200, Alexander Bluhm wrote: > Hi, > > I found why the IPsec workaround did not work. > > At init time we set ifiq->ifiq_softnet = net_tq(ifp->if_index + > idx), but the workaround modifies net_tq() at runtime. Modifying > net_tq() at runtime is bad anyway as task_add() and task_del() could > be called with different task queues. > > So better use exclusive lock if IPsec is in use. For me this is > running stable. > > bluhm >
Hi, pipex(4) is also not ready for parallel access. In the chunk below it will be accessed through (*ifp->if_input)() -> ether_input() -> pipex_pppoe_input(). This looks not fatal but makes at least session statistics inconsistent. > @@ -834,10 +839,25 @@ if_input_process(struct ifnet *ifp, stru > * to PF globals, pipex globals, unicast and multicast addresses > * lists and the socket layer. > */ > - NET_LOCK(); > + > + /* > + * XXXSMP IPsec data structures are not ready to be > + * accessed by multiple Network threads in parallel. > + */ > + if (ipsec_in_use) -----------------------^ So I like to check at least `pipe_enable' here. Or introduce sessions counter `pipex_in_use' for better performance. > + exclusive_lock = 1; > + if (exclusive_lock) > + NET_LOCK(); > + else > + NET_RLOCK_IN_SOFTNET(); > + > while ((m = ml_dequeue(ml)) != NULL) > (*ifp->if_input)(ifp, m); > - NET_UNLOCK();
