[Swan-dev] Leaks when killing states during crypto; time to drop WIRE_*?

Paul Wouters paul at nohats.ca
Fri Dec 15 17:27:31 UTC 2017

On Fri, 15 Dec 2017, Andrew Cagney wrote:

Thanks for these updates!

> - 'inline' is gone; if there are no threads then the work is thrown
> onto the main event loop

That's good news, we have had too many weird issues with STF_INLINE.

> I think the too-much-crypto code path should either be deleted and/or
> handled by generating a crypto timeout event with delay 0.  The above
> code ignores the problem, if there is too much crypto then low
> priority tasks will timeout anyway.
> I suspect there's a bug in the 'importance' code (variable defaulting
> to 0) - on east the KE computation gets scheduled with no priority at
> all and I suspect that is wrong.  Anyone?

The original idea was to de-prioritize CPU intensive operations on a
first received packet which could be a spoofed packet. However, that
now is handled by the code counting half-open IKE SA's and activating the
IKEv2 COOKIEs code, and on further overload just stop accepting I1
packets completely until the load has dropped. I have no problem cutting
out all this "importance" code.

Another improvement that could be done in the future, is to
pre-calculate some of this work when pluto is being idle anyway, and
grab these precalculated items when needed.

> Antony pointed out on IRC that, often, crypto is performed in little
> chunks (compute KE, compute DH,...).  This has to slow down an
> individual state's throughput.  Doing all the work as a single
> operation would also simplify code.

I'm fine with that. Especially because the original design was done when
these calculations could take up seconds and that is no longer the case.


More information about the Swan-dev mailing list