summaryrefslogtreecommitdiffstats
path: root/src/plugins/cnat/cnat_node_feature.c
diff options
context:
space:
mode:
authorMatthew Smith <mgsmith@netgate.com>2021-06-04 09:18:37 -0500
committerMatthew Smith <mgsmith@netgate.com>2021-06-08 16:05:37 +0000
commit51d56bab707965399d524c350eaaa33d20b55244 (patch)
tree06faf8d070cae252b9af810d3ae23371d6e501e4 /src/plugins/cnat/cnat_node_feature.c
parent4de5f9be88857197ddf17e3bff66318f78f4b6bb (diff)
ipsec: fix async crypto frame leak
Type: fix If an async crypto frame is allocated during ESP encrypt/decrypt but a buffer/op is not subsequently added to the frame, the frame leaks. It is not submitted if the count of async ops is zero nor is it returned to the frame pool. This happens frequently if >= 2 worker threads are configured and a vector of buffers all have to be handed off to other threads. Wait until it is almost certain that the buffer will be added to the frame before allocating the frame to make it more unlikely that an allocated frame will not have any operations added to it. For encrypt this is sufficient to ressolve the leak. For decrypt there is still a chance that the buffer will fail to be added to the frame, so remove the counter of async ops and ensure that all frames that were allocated get either submitted or freed at the end. Change-Id: I4778c3265359b192d8a88ab9f8c53519d46285a2 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
Diffstat (limited to 'src/plugins/cnat/cnat_node_feature.c')
0 files changed, 0 insertions, 0 deletions