diff options
| author | sam <sam@FreeBSD.org> | 2003-09-01 05:35:55 +0000 |
|---|---|---|
| committer | sam <sam@FreeBSD.org> | 2003-09-01 05:35:55 +0000 |
| commit | 7a8c89dde15c19a8c1e8eb2976dc9936d9b7329c (patch) | |
| tree | c44de6fcda02feb74d7dccf3bde0ea476169307f /sys/netipsec/ipsec.c | |
| parent | 591fec46c46db5741955ea71f2571001a039f4d0 (diff) | |
| download | FreeBSD-src-7a8c89dde15c19a8c1e8eb2976dc9936d9b7329c.zip FreeBSD-src-7a8c89dde15c19a8c1e8eb2976dc9936d9b7329c.tar.gz | |
Locking and misc cleanups; most of which I've been running for >4 months:
o add locking
o strip irrelevant spl's
o split malloc types to better account for memory use
o remove unused IPSEC_NONBLOCK_ACQUIRE code
o remove dead code
Sponsored by: FreeBSD Foundation
Diffstat (limited to 'sys/netipsec/ipsec.c')
| -rw-r--r-- | sys/netipsec/ipsec.c | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/sys/netipsec/ipsec.c b/sys/netipsec/ipsec.c index bbbe0ce..8bead8e 100644 --- a/sys/netipsec/ipsec.c +++ b/sys/netipsec/ipsec.c @@ -202,6 +202,8 @@ static int ipsec_get_policy __P((struct secpolicy *pcb_sp, struct mbuf **mp)); static void vshiftl __P((unsigned char *, int, int)); static size_t ipsec_hdrsiz __P((struct secpolicy *)); +MALLOC_DEFINE(M_IPSEC_INPCB, "inpcbpolicy", "inpcb-resident ipsec policy"); + /* * Return a held reference to the default SP. */ @@ -836,7 +838,7 @@ static void ipsec_delpcbpolicy(p) struct inpcbpolicy *p; { - free(p, M_SECA); + free(p, M_IPSEC_INPCB); } /* initialize policy in PCB */ @@ -852,7 +854,7 @@ ipsec_init_policy(so, pcb_sp) panic("ipsec_init_policy: NULL pointer was passed.\n"); new = (struct inpcbpolicy *) malloc(sizeof(struct inpcbpolicy), - M_SECA, M_NOWAIT|M_ZERO); + M_IPSEC_INPCB, M_NOWAIT|M_ZERO); if (new == NULL) { ipseclog((LOG_DEBUG, "ipsec_init_policy: No more memory.\n")); return ENOBUFS; @@ -909,6 +911,24 @@ ipsec_copy_policy(old, new) return 0; } +struct ipsecrequest * +ipsec_newisr(void) +{ + struct ipsecrequest *p; + + p = malloc(sizeof(struct ipsecrequest), M_IPSEC_SR, M_NOWAIT|M_ZERO); + if (p != NULL) + mtx_init(&p->lock, "ipsec request", NULL, MTX_DEF); + return p; +} + +void +ipsec_delisr(struct ipsecrequest *p) +{ + mtx_destroy(&p->lock); + free(p, M_IPSEC_SR); +} + /* deep-copy a policy in PCB */ static struct secpolicy * ipsec_deepcopy_policy(src) @@ -932,13 +952,9 @@ ipsec_deepcopy_policy(src) */ q = &newchain; for (p = src->req; p; p = p->next) { - *q = (struct ipsecrequest *)malloc(sizeof(struct ipsecrequest), - M_SECA, M_NOWAIT); + *q = ipsec_newisr(); if (*q == NULL) goto fail; - bzero(*q, sizeof(**q)); - (*q)->next = NULL; - (*q)->saidx.proto = p->saidx.proto; (*q)->saidx.mode = p->saidx.mode; (*q)->level = p->level; @@ -947,7 +963,6 @@ ipsec_deepcopy_policy(src) bcopy(&p->saidx.src, &(*q)->saidx.src, sizeof((*q)->saidx.src)); bcopy(&p->saidx.dst, &(*q)->saidx.dst, sizeof((*q)->saidx.dst)); - (*q)->sav = NULL; (*q)->sp = dst; q = &((*q)->next); @@ -963,7 +978,7 @@ ipsec_deepcopy_policy(src) fail: for (p = newchain; p; p = r) { r = p->next; - free(p, M_SECA); + ipsec_delisr(p); p = NULL; } return NULL; |
