diff options
| author |   angelos <angelos@openbsd.org> | 2001-06-26 18:56:30 +0000 |
|---|---|---|
| committer | angelos <angelos@openbsd.org> | 2001-06-26 18:56:30 +0000 |
| commit | ab3b75e702e0bca635604e76a707040e0915d450 (patch) | |
| tree | c2d155079c45f870b6b3ad439dc88855e0f87cbc | |
| parent | Lazy binding for shared libraries. (diff) | |
| download | wireguard-openbsd-ab3b75e702e0bca635604e76a707040e0915d450.tar.xz wireguard-openbsd-ab3b75e702e0bca635604e76a707040e0915d450.zip | |
Use pool(9) for IPsec policy structures.
| -rw-r--r-- | sys/net/pfkeyv2.c | 23 | ||||
| -rw-r--r-- | sys/netinet/ip_ipsp.h | 4 | ||||
| -rw-r--r-- | sys/netinet/ip_spd.c | 21 |
3 files changed, 34 insertions, 14 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index a628e7ee10a..cb37ee43350 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.c,v 1.69 2001/06/26 18:34:41 angelos Exp $ */ +/* $OpenBSD: pfkeyv2.c,v 1.70 2001/06/26 18:56:31 angelos Exp $ */ /* * @(#)COPYRIGHT 1.1 (NRL) 17 January 1995 @@ -112,6 +112,8 @@ static struct sadb_alg aalgs[] = extern uint32_t sadb_exts_allowed_out[SADB_MAX+1]; extern uint32_t sadb_exts_required_out[SADB_MAX+1]; +extern struct pool ipsec_policy_pool; + /* * Wrapper around m_devget(); copy data from contiguous buffer to mbuf * chain. @@ -1494,9 +1496,16 @@ pfkeyv2_send(struct socket *socket, void *message, int len) if (!exists) { + if (ipsec_policy_pool_initialized == 0) + { + ipsec_policy_pool_initialized = 1; + pool_init(&ipsec_policy_pool, sizeof(struct ipsec_policy), + 0, 0, PR_FREEHEADER, "ipsec policy", 0, NULL, + NULL, M_IPSEC_POLICY); + } + /* Allocate policy entry */ - MALLOC(ipo, struct ipsec_policy *, sizeof(struct ipsec_policy), - M_IPSEC_POLICY, M_NOWAIT); + ipo = pool_get(&ipsec_policy_pool, 0); if (ipo == NULL) { splx(s); @@ -1547,7 +1556,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len) default: if (!exists) - FREE(ipo, M_IPSEC_POLICY); + pool_put(&ipsec_policy_pool, ipo); else ipsec_delete_policy(ipo); @@ -1607,7 +1616,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len) if (exists) ipsec_delete_policy(ipo); else - FREE(ipo, M_IPSEC_POLICY); + pool_put(&ipsec_policy_pool, ipo); splx(s); rval = ENOBUFS; goto ret; @@ -1636,7 +1645,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len) { if (ipo->ipo_dstid) ipsp_reffree(ipo->ipo_dstid); - FREE(ipo, M_IPSEC_POLICY); + pool_put(&ipsec_policy_pool, ipo); } splx(s); @@ -1666,7 +1675,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len) ipsp_reffree(ipo->ipo_srcid); if (ipo->ipo_dstid) ipsp_reffree(ipo->ipo_dstid); - FREE(ipo, M_IPSEC_POLICY); /* Free policy entry */ + pool_put(&ipsec_policy_pool, ipo); splx(s); goto ret; diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index c0f74b15629..c26de99af46 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.111 2001/06/26 18:34:40 angelos Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.112 2001/06/26 18:56:30 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -438,6 +438,8 @@ extern u_int64_t ipsec_last_added; extern int ipsec_require_pfs; extern int ipsec_expire_acquire; +extern int ipsec_policy_pool_initialized; + extern int ipsec_soft_allocations; extern int ipsec_exp_allocations; extern int ipsec_soft_bytes; diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c index a61794a2b9a..6b83c7e0297 100644 --- a/sys/netinet/ip_spd.c +++ b/sys/netinet/ip_spd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_spd.c,v 1.27 2001/06/26 18:34:40 angelos Exp $ */ +/* $OpenBSD: ip_spd.c,v 1.28 2001/06/26 18:56:30 angelos Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -54,6 +54,9 @@ #define DPRINTF(x) #endif +struct pool ipsec_policy_pool; +int ipsec_policy_pool_initialized = 0; + /* * Lookup at the SPD based on the headers contained on the mbuf. The second * argument indicates what protocol family the header at the beginning of @@ -581,7 +584,7 @@ ipsec_delete_policy(struct ipsec_policy *ipo) if (ipo->ipo_local_auth) ipsp_reffree(ipo->ipo_local_cred); - FREE(ipo, M_IPSEC_POLICY); + pool_put(&ipsec_policy_pool, ipo); ipsec_in_use--; @@ -593,13 +596,19 @@ ipsec_delete_policy(struct ipsec_policy *ipo) */ struct ipsec_policy * ipsec_add_policy(struct sockaddr_encap *dst, struct sockaddr_encap *mask, - union sockaddr_union *sdst, int type, int sproto) + union sockaddr_union *sdst, int type, int sproto) { struct sockaddr_encap encapgw; struct ipsec_policy *ipon; - MALLOC(ipon, struct ipsec_policy *, sizeof(struct ipsec_policy), - M_IPSEC_POLICY, M_NOWAIT); + if (ipsec_policy_pool_initialized == 0) { + ipsec_policy_pool_initialized = 1; + pool_init(&ipsec_policy_pool, sizeof(struct ipsec_policy), + 0, 0, PR_FREEHEADER, "ipsec policy", 0, NULL, NULL, + M_IPSEC_POLICY); + } + + ipon = pool_get(&ipsec_policy_pool, 0); if (ipon == NULL) return NULL; @@ -616,7 +625,7 @@ ipsec_add_policy(struct sockaddr_encap *dst, struct sockaddr_encap *mask, RTF_UP | RTF_GATEWAY | RTF_STATIC, (struct rtentry **) 0) != 0) { DPRINTF(("ipsec_add_policy: failed to add policy\n")); - FREE(ipon, M_IPSEC_POLICY); + pool_put(&ipsec_policy_pool, ipon); return NULL; } |