[strongSwan-dev] [PATCH 2/2] load-tester: fix race condition issuing same SPI

Christophe Gouault christophe.gouault at 6wind.com
Tue Apr 8 17:11:14 CEST 2014


Due to an unprotected incrementation, two load-tester initiators occasionally
use the same SPI under high load, and hence generate 2 IPsec SAs with the same
identifier. The responder IPsec stack will refuse to configure the second SA.

Use an atomic incrementation to avoid this race condition.

Signed-off-by: Christophe Gouault <christophe.gouault at 6wind.com>
---
 src/libcharon/plugins/load_tester/load_tester_ipsec.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
index 02b1d42..5edd3b8 100644
--- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c
+++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c
@@ -31,14 +31,14 @@ struct private_load_tester_ipsec_t {
 	/**
 	 * faked SPI counter
 	 */
-	u_int32_t spi;
+	refcount_t spi;
 };
 
 METHOD(kernel_ipsec_t, get_spi, status_t,
 	private_load_tester_ipsec_t *this, host_t *src, host_t *dst,
 	u_int8_t protocol, u_int32_t reqid, u_int32_t *spi)
 {
-	*spi = ++this->spi;
+	*spi = (uint32_t)ref_get(&this->spi);
 	return SUCCESS;
 }
 
-- 
1.7.10.4



More information about the Dev mailing list