Hi all. A few months ago, I reported some missing splnet() in key.c to [EMAIL PROTECTED] I found them by tracking some random and strange problems, which are more likely to happen when running on a "slow" CPU, when having some heavy PFKey activity and when having high IPSec traffic.
The attached patch (made against FreeBSD6 version, but should be easy to port to other versions) fixes at least most splnet problems (well, at least, I didn't have any more report for customers which use the latest version including all those locks....). Please note that mixing this patch and the FreeBSD NAT-T patch available on ipsec-tools web site will have a possible dead lock in key_add(), when handling NAT-T extensions (Manu: check that for NetBSD, there is probably the same code !). I'll update quickly FreeBSD6 NAT-T patchset on ipsec-tools web site if this patch is commited on FreeBSD6 source. Yvan. -- NETASQ - Secure Internet Connectivity http://www.netasq.com
smime.p7s
Description: S/MIME cryptographic signature
