Module Name: src Committed By: ozaki-r Date: Tue Sep 19 02:44:14 UTC 2017
Modified Files: src/sys/netipsec: ipsec.c Log Message: Share a global dummy SP between PCBs It's never be changed so it can be pre-allocated and shared safely between PCBs. To generate a diff of this commit: cvs rdiff -u -r1.118 -r1.119 src/sys/netipsec/ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/netipsec/ipsec.c diff -u src/sys/netipsec/ipsec.c:1.118 src/sys/netipsec/ipsec.c:1.119 --- src/sys/netipsec/ipsec.c:1.118 Thu Aug 10 06:11:24 2017 +++ src/sys/netipsec/ipsec.c Tue Sep 19 02:44:14 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: ipsec.c,v 1.118 2017/08/10 06:11:24 ozaki-r Exp $ */ +/* $NetBSD: ipsec.c,v 1.119 2017/09/19 02:44:14 ozaki-r Exp $ */ /* $FreeBSD: /usr/local/www/cvsroot/FreeBSD/src/sys/netipsec/ipsec.c,v 1.2.2.2 2003/07/01 01:38:13 sam Exp $ */ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ @@ -32,7 +32,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.118 2017/08/10 06:11:24 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.119 2017/09/19 02:44:14 ozaki-r Exp $"); /* * IPsec controller part. @@ -139,6 +139,12 @@ int ip4_esp_randpad = -1; u_int ipsec_spdgen = 1; /* SPD generation # */ +static struct secpolicy ipsec_dummy_sp __read_mostly = { + .state = IPSEC_SPSTATE_ALIVE, + /* If ENTRUST, the dummy SP never be used. See ipsec_getpolicybysock. */ + .policy = IPSEC_POLICY_ENTRUST, +}; + static struct secpolicy *ipsec_checkpcbcache (struct mbuf *, struct inpcbpolicy *, int); static int ipsec_fillpcbcache (struct inpcbpolicy *, struct mbuf *, @@ -1247,27 +1253,10 @@ ipsec_init_policy(struct socket *so, str new->priv = 0; /* - * These SPs are dummy. Never be used because the policy - * is ENTRUST. See ipsec_getpolicybysock. + * Set dummy SPs. Actual SPs will be allocated later if needed. */ - new->sp_in = kmem_intr_zalloc(sizeof(struct secpolicy), KM_NOSLEEP); - if (new->sp_in == NULL) { - ipsec_delpcbpolicy(new); - return ENOBUFS; - } - new->sp_in->state = IPSEC_SPSTATE_ALIVE; - new->sp_in->policy = IPSEC_POLICY_ENTRUST; - new->sp_in->created = 0; /* Indicates dummy */ - - new->sp_out = kmem_intr_zalloc(sizeof(struct secpolicy), KM_NOSLEEP); - if (new->sp_out == NULL) { - kmem_intr_free(new->sp_in, sizeof(struct secpolicy)); - ipsec_delpcbpolicy(new); - return ENOBUFS; - } - new->sp_out->state = IPSEC_SPSTATE_ALIVE; - new->sp_out->policy = IPSEC_POLICY_ENTRUST; - new->sp_out->created = 0; /* Indicates dummy */ + new->sp_in = &ipsec_dummy_sp; + new->sp_out = &ipsec_dummy_sp; *policy = new; @@ -1350,9 +1339,8 @@ static void ipsec_destroy_policy(struct secpolicy *sp) { - if (sp->created == 0) - /* It's dummy. We can simply free it */ - kmem_intr_free(sp, sizeof(*sp)); + if (sp == &ipsec_dummy_sp) + ; /* It's dummy. No need to free it. */ else { /* * We cannot destroy here because it can be called in