diff options
| author | sam <sam@FreeBSD.org> | 2003-09-01 05:35:55 +0000 |
|---|---|---|
| committer | sam <sam@FreeBSD.org> | 2003-09-01 05:35:55 +0000 |
| commit | 7a8c89dde15c19a8c1e8eb2976dc9936d9b7329c (patch) | |
| tree | c44de6fcda02feb74d7dccf3bde0ea476169307f /sys/netipsec/xform_esp.c | |
| parent | 591fec46c46db5741955ea71f2571001a039f4d0 (diff) | |
| download | FreeBSD-src-7a8c89dde15c19a8c1e8eb2976dc9936d9b7329c.zip FreeBSD-src-7a8c89dde15c19a8c1e8eb2976dc9936d9b7329c.tar.gz | |
Locking and misc cleanups; most of which I've been running for >4 months:
o add locking
o strip irrelevant spl's
o split malloc types to better account for memory use
o remove unused IPSEC_NONBLOCK_ACQUIRE code
o remove dead code
Sponsored by: FreeBSD Foundation
Diffstat (limited to 'sys/netipsec/xform_esp.c')
| -rw-r--r-- | sys/netipsec/xform_esp.c | 19 |
1 files changed, 7 insertions, 12 deletions
diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c index b92d843..62c7ac1 100644 --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -447,7 +447,7 @@ static int esp_input_cb(struct cryptop *crp) { u_int8_t lastthree[3], aalg[AH_HMAC_HASHLEN]; - int s, hlen, skip, protoff, error; + int hlen, skip, protoff, error; struct mbuf *m; struct cryptodesc *crd; struct auth_hash *esph; @@ -468,8 +468,6 @@ esp_input_cb(struct cryptop *crp) mtag = (struct m_tag *) tc->tc_ptr; m = (struct mbuf *) crp->crp_buf; - s = splnet(); - sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi); if (sav == NULL) { espstat.esps_notdb++; @@ -497,7 +495,6 @@ esp_input_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { KEY_FREESAV(&sav); - splx(s); return crypto_dispatch(crp); } @@ -610,12 +607,10 @@ DPRINTF(("esp_input_cb: %x %x\n", lastthree[0], lastthree[1])); IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag); KEY_FREESAV(&sav); - splx(s); return error; bad: if (sav) KEY_FREESAV(&sav); - splx(s); if (m != NULL) m_freem(m); if (tc != NULL) @@ -868,15 +863,14 @@ esp_output_cb(struct cryptop *crp) struct ipsecrequest *isr; struct secasvar *sav; struct mbuf *m; - int s, err, error; + int err, error; tc = (struct tdb_crypto *) crp->crp_opaque; KASSERT(tc != NULL, ("esp_output_cb: null opaque data area!")); m = (struct mbuf *) crp->crp_buf; - s = splnet(); - isr = tc->tc_isr; + mtx_lock(&isr->lock); sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi); if (sav == NULL) { espstat.esps_notdb++; @@ -897,7 +891,7 @@ esp_output_cb(struct cryptop *crp) if (crp->crp_etype == EAGAIN) { KEY_FREESAV(&sav); - splx(s); + mtx_unlock(&isr->lock); return crypto_dispatch(crp); } @@ -925,12 +919,13 @@ esp_output_cb(struct cryptop *crp) /* NB: m is reclaimed by ipsec_process_done. */ err = ipsec_process_done(m, isr); KEY_FREESAV(&sav); - splx(s); + mtx_unlock(&isr->lock); + return err; bad: if (sav) KEY_FREESAV(&sav); - splx(s); + mtx_unlock(&isr->lock); if (m) m_freem(m); free(tc, M_XDATA); |
