Hi, I agree that there is an unlikely corner case which could result in vpp assert. I don't think there is a real chance to hit this in a production image, since it would require you to successfully make two API calls (drop old entry, replace with new entry) while there are packets in flight. Just deleting the old entry would cause re-use of existing entry (which is marked as freed, but the code does not clear the memory or invalidate it some other way) and the packet would be handled the same way as if the delete came after it left vpp.
Based on this, I'm not sure whether fixing this is worth the cost.. Thanks, Klement On Wed, 2018-06-27 at 11:15 +0530, Vamsi Krishna wrote: > Hi , > > I have looked at the ipsec code in VPP and trying to understand how > it > works in a multi threaded environment. Noticed that the > datastructures for > spd, sad and tunnel interface are pools and there are no locks to > prevent > race conditions. > > For instance the ipsec-input node passes SA index to the esp-encrypt > node, > and esp-encrypt node looks up the SA from sad pool. But during the > time in > which the packet is passed from one node to another the entry at SA > index > may be changed or deleted. Same seems to be true for dpdk-esp-encrypt > and > dpdk-esp-decrypt. How are these cases handled? Can the implementation > be > used in multi-threaded environment? > > Please help understand the IPSec implementation. > > Thanks > Krishna > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > > View/Reply Online (#9709): https://lists.fd.io/g/vpp-dev/message/9709 > Mute This Topic: https://lists.fd.io/mt/22720913/675704 > Group Owner: vpp-dev+ow...@lists.fd.io > Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [ksek...@cisco.com] > -=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9711): https://lists.fd.io/g/vpp-dev/message/9711 Mute This Topic: https://lists.fd.io/mt/22720913/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
