Due to an unprotected incrementation, two load-tester initiators occasionally
use the same SPI under high load, and hence generate 2 IPsec SAs with the same
identifier. The responder IPsec stack will refuse to configure the second SA.
Use an atomic incrementation to avoid this race condition.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
/**
* faked SPI counter
*/
- u_int32_t spi;
+ refcount_t spi;
};
METHOD(kernel_ipsec_t, get_spi, status_t,
private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
{
- *spi = ++this->spi;
+ *spi = (uint32_t)ref_get(&this->spi);
return SUCCESS;
}
projects / thirdparty / strongswan.git / commitdiff
