[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: IPsec: stack problems
On Thu, Mar 01, 2018 at 07:31:13AM +0100, Maxime Villard wrote:
> I'm a little concerned about the stack usage in the IPsec code. Note that what
> I'm talking about here occurs _after_ authentication.
I think that is a known design issue of the IPsec code. FreeBSD has been
talking about similar issues for years, too.
> Typically, when an IPv4-AH packet is received, the code path is:
> (*pr_input) = ipsec_common_input
> [several crypto functions are called]
> (*pr_input) = depends on the packet
I wonder if the best appoach wouldn't be to cut the stack at this point
and defer the packet back to a netisr.
Main Index |
Thread Index |