From owner-freebsd-current@FreeBSD.ORG Thu Jul 31 15:45:39 2008 Return-Path: Delivered-To: current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5F057106567A; Thu, 31 Jul 2008 15:45:39 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from smtp.lamaiziere.net (net.lamaiziere.net [91.121.44.19]) by mx1.freebsd.org (Postfix) with ESMTP id 2130B8FC16; Thu, 31 Jul 2008 15:45:39 +0000 (UTC) (envelope-from patfbsd@davenulle.org) Received: from baby-jane.lamaiziere.net (106.6.192-77.rev.gaoland.net [77.192.6.106]) by smtp.lamaiziere.net (Postfix) with ESMTPA id EFEE463365B; Thu, 31 Jul 2008 17:40:38 +0200 (CEST) Received: from baby-jane-lamaiziere-net.local (localhost [127.0.0.1]) by baby-jane.lamaiziere.net (Postfix) with ESMTP id 5A5B45790A4; Thu, 31 Jul 2008 17:45:37 +0200 (CEST) Date: Thu, 31 Jul 2008 17:45:36 +0200 From: Patrick =?ISO-8859-15?Q?Lamaizi=E8re?= To: Pawel Jakub Dawidek Message-ID: <20080731174536.243579d1@baby-jane-lamaiziere-net.local> In-Reply-To: <20080731132136.GC4088@garage.freebsd.pl> References: <20080722081449.GA3241@garage.freebsd.pl> <20080731123246.365d0b1f@baby-jane-lamaiziere-net.local> <20080731132136.GC4088@garage.freebsd.pl> Organization: /dave/nulle X-Mailer: Claws Mail 3.3.1 (GTK+ 2.12.9; i386-apple-darwin9.3.0) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 8bit Cc: current@freebsd.org Subject: Re: Recent Padlock changes break ssh X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Jul 2008 15:45:39 -0000 Le Thu, 31 Jul 2008 15:21:36 +0200, Pawel Jakub Dawidek a écrit : Hello, > > I think that one problem is that the session id (ses->ses_id) is not > > updated when a free session is reused. The session id is set to > > zero by bzero() in padlock_freesession(). So we can have several > > active sessions with the same ses->ses_id == 0 if the sessions are > > reused. > > Great catch! What do you think about using old sessid? I think it's ok > to do so and a bit safer, because session ID is only 32bit long so we > may get collision once we start from 0 again. I agree, so just: padlock_freession() padlock_hash_free(ses); bzero(ses, sizeof(*ses)); ses->ses_used = 0; + ses->ses_id = sid; TAILQ_INSERT_HEAD(&sc->sc_sessions, ses, ses_next); I've made some tests with ipsec and openssl on the glxsb driver (it is quite the same code) and it looks good. Regards.