crypto error ipsec counter

Tue, 20 Jul 2021 17:32:29 -0700 

Hi,

Propagate the crypto errors and count them in ipsec.  This is part
of a larger diff where I disable the crypto queues for ipsec.  I
think it cannot happen, but errors should always be checked.

tq is never NULL.

I know that tdb->tdb_odrops++ is not MP safe.  I have just copied
the code.  My plan is to address this in multiple places later.

ok?

bluhm

Index: crypto/crypto.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/crypto/crypto.c,v
retrieving revision 1.83
diff -u -p -r1.83 crypto.c
--- crypto/crypto.c     30 Jun 2021 12:21:02 -0000      1.83
+++ crypto/crypto.c     20 Jul 2021 22:51:56 -0000
@@ -388,7 +388,7 @@ int
 crypto_dispatch(struct cryptop *crp)
 {
        struct taskq *tq = crypto_taskq;
-       int s;
+       int error = 0, s;
        u_int32_t hid;
 
        s = splvm();
@@ -399,14 +399,14 @@ crypto_dispatch(struct cryptop *crp)
        }
        splx(s);
 
-       if (tq && !(crp->crp_flags & CRYPTO_F_NOQUEUE)) {
+       if ((crp->crp_flags & CRYPTO_F_NOQUEUE) == 0) {
                task_set(&crp->crp_task, (void (*))crypto_invoke, crp);
                task_add(tq, &crp->crp_task);
        } else {
-               crypto_invoke(crp);
+               error = crypto_invoke(crp);
        }
 
-       return 0;
+       return error;
 }
 
 /*
Index: netinet/ipsec_output.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ipsec_output.c,v
retrieving revision 1.82
diff -u -p -r1.82 ipsec_output.c
--- netinet/ipsec_output.c      8 Jul 2021 15:13:14 -0000       1.82
+++ netinet/ipsec_output.c      20 Jul 2021 23:09:06 -0000
@@ -418,7 +418,12 @@ ipsec_output_cb(struct cryptop *crp)
                        if (tdb->tdb_cryptoid != 0)
                                tdb->tdb_cryptoid = crp->crp_sid;
                        NET_UNLOCK();
-                       crypto_dispatch(crp);
+                       error = crypto_dispatch(crp);
+                       if (error) {
+                               DPRINTF("crypto dispatch error %d", error);
+                               ipsecstat_inc(ipsec_odrops);
+                               tdb->tdb_odrops++;
+                       }
                        return;
                }
                DPRINTF("crypto error %d", crp->crp_etype);

Reply via email to