diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2016-09-13 19:56:56 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2016-09-13 19:56:56 +0000 |
| commit | 571dad3c0c7ba0b066da13dfd90668145436c480 (patch) | |
| tree | 24a219cfa78e35b08997228b913b15321d12e699 /sys/netinet | |
| parent | bc62bd577dcef773d31ce17ddd35e8cecdf80184 (diff) | |
avoid extensive mbuf allocation for IPsec by replacing m_inject(4)
with m_makespace(4) from freebsd; ok mpi@, bluhm@, mikeb@, dlg@
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_ah.c | 12 | ||||
| -rw-r--r-- | sys/netinet/ip_esp.c | 17 | ||||
| -rw-r--r-- | sys/netinet/ip_ipcomp.c | 8 | ||||
| -rw-r--r-- | sys/netinet/ipsec_output.c | 9 |
4 files changed, 23 insertions, 23 deletions
diff --git a/sys/netinet/ip_ah.c b/sys/netinet/ip_ah.c index 222a6ee7ffc..0d5adfc526e 100644 --- a/sys/netinet/ip_ah.c +++ b/sys/netinet/ip_ah.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah.c,v 1.121 2016/08/18 06:01:10 dlg Exp $ */ +/* $OpenBSD: ip_ah.c,v 1.122 2016/09/13 19:56:55 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -932,7 +932,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, struct mbuf *mi; struct cryptop *crp; u_int16_t iplen; - int len, rplen; + int len, rplen, roff; u_int8_t prot; struct ah *ah; #if NBPFILTER > 0 @@ -1057,7 +1057,7 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, } /* Inject AH header. */ - mi = m_inject(m, skip, rplen + ahx->authsize, M_DONTWAIT); + mi = m_makespace(m, skip, rplen + ahx->authsize, &roff); if (mi == NULL) { DPRINTF(("ah_output(): failed to inject AH header for SA " "%s/%08x\n", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), @@ -1069,10 +1069,10 @@ ah_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, } /* - * The AH header is guaranteed by m_inject() to be in - * contiguous memory, at the beginning of the returned mbuf. + * The AH header is guaranteed by m_makespace() to be in + * contiguous memory, at 'roff' of the returned mbuf. */ - ah = mtod(mi, struct ah *); + ah = (struct ah *)(mtod(mi, caddr_t) + roff); /* Initialize the AH header. */ m_copydata(m, protoff, sizeof(u_int8_t), (caddr_t) &ah->ah_nh); diff --git a/sys/netinet/ip_esp.c b/sys/netinet/ip_esp.c index 2c7b988e73f..48408e316e1 100644 --- a/sys/netinet/ip_esp.c +++ b/sys/netinet/ip_esp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp.c,v 1.139 2016/08/18 06:01:10 dlg Exp $ */ +/* $OpenBSD: ip_esp.c,v 1.140 2016/09/13 19:56:55 markus Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr) and @@ -775,7 +775,7 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, { struct enc_xform *espx = (struct enc_xform *) tdb->tdb_encalgxform; struct auth_hash *esph = (struct auth_hash *) tdb->tdb_authalgxform; - int ilen, hlen, rlen, padding, blks, alen; + int ilen, hlen, rlen, padding, blks, alen, roff; u_int32_t replay; struct mbuf *mi, *mo = (struct mbuf *) NULL; struct tdb_crypto *tc; @@ -907,7 +907,7 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, } /* Inject ESP header. */ - mo = m_inject(m, skip, hlen, M_DONTWAIT); + mo = m_makespace(m, skip, hlen, &roff); if (mo == NULL) { DPRINTF(("esp_output(): failed to inject ESP header for " "SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf, @@ -918,10 +918,11 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, } /* Initialize ESP header. */ - bcopy((caddr_t) &tdb->tdb_spi, mtod(mo, caddr_t), sizeof(u_int32_t)); + bcopy((caddr_t) &tdb->tdb_spi, mtod(mo, caddr_t) + roff, + sizeof(u_int32_t)); tdb->tdb_rpl++; replay = htonl((u_int32_t)tdb->tdb_rpl); - bcopy((caddr_t) &replay, mtod(mo, caddr_t) + sizeof(u_int32_t), + bcopy((caddr_t) &replay, mtod(mo, caddr_t) + roff + sizeof(u_int32_t), sizeof(u_int32_t)); #if NPFSYNC > 0 @@ -932,15 +933,15 @@ esp_output(struct mbuf *m, struct tdb *tdb, struct mbuf **mp, int skip, * Add padding -- better to do it ourselves than use the crypto engine, * although if/when we support compression, we'd have to do that. */ - mo = m_inject(m, m->m_pkthdr.len, padding + alen, M_DONTWAIT); + mo = m_makespace(m, m->m_pkthdr.len, padding + alen, &roff); if (mo == NULL) { - DPRINTF(("esp_output(): m_inject failed for SA %s/%08x\n", + DPRINTF(("esp_output(): m_makespace() failed for SA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf, sizeof(buf)), ntohl(tdb->tdb_spi))); m_freem(m); return ENOBUFS; } - pad = mtod(mo, u_char *); + pad = mtod(mo, caddr_t) + roff; /* Apply self-describing padding */ for (ilen = 0; ilen < padding - 2; ilen++) diff --git a/sys/netinet/ip_ipcomp.c b/sys/netinet/ip_ipcomp.c index 120511bf37e..721fe0f40e0 100644 --- a/sys/netinet/ip_ipcomp.c +++ b/sys/netinet/ip_ipcomp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipcomp.c,v 1.46 2016/08/18 06:01:10 dlg Exp $ */ +/* $OpenBSD: ip_ipcomp.c,v 1.47 2016/09/13 19:56:55 markus Exp $ */ /* * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) @@ -540,7 +540,7 @@ ipcomp_output_cb(struct cryptop *crp) struct tdb_crypto *tc; struct tdb *tdb; struct mbuf *m, *mo; - int error, s, skip, rlen; + int error, s, skip, rlen, roff; u_int16_t cpi; struct ip *ip; #ifdef INET6 @@ -605,7 +605,7 @@ ipcomp_output_cb(struct cryptop *crp) } /* Inject IPCOMP header */ - mo = m_inject(m, skip, IPCOMP_HLENGTH, M_DONTWAIT); + mo = m_makespace(m, skip, IPCOMP_HLENGTH, &roff); if (mo == NULL) { DPRINTF(("ipcomp_output_cb(): failed to inject IPCOMP header " "for IPCA %s/%08x\n", ipsp_address(&tdb->tdb_dst, buf, @@ -616,7 +616,7 @@ ipcomp_output_cb(struct cryptop *crp) } /* Initialize the IPCOMP header */ - ipcomp = mtod(mo, struct ipcomp *); + ipcomp = (struct ipcomp *)(mtod(mo, caddr_t) + roff); memset(ipcomp, 0, sizeof(struct ipcomp)); cpi = (u_int16_t) ntohl(tdb->tdb_spi); ipcomp->ipcomp_cpi = htons(cpi); diff --git a/sys/netinet/ipsec_output.c b/sys/netinet/ipsec_output.c index 10119faccc9..532d7daf607 100644 --- a/sys/netinet/ipsec_output.c +++ b/sys/netinet/ipsec_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec_output.c,v 1.62 2016/02/28 16:16:10 mikeb Exp $ */ +/* $OpenBSD: ipsec_output.c,v 1.63 2016/09/13 19:56:55 markus Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -362,13 +362,12 @@ int ipsp_process_done(struct mbuf *m, struct tdb *tdb) { struct ip *ip; - #ifdef INET6 struct ip6_hdr *ip6; #endif /* INET6 */ - struct tdb_ident *tdbi; struct m_tag *mtag; + int roff; tdb->tdb_last_used = time_second; @@ -398,12 +397,12 @@ ipsp_process_done(struct mbuf *m, struct tdb *tdb) return ENXIO; } - mi = m_inject(m, iphlen, sizeof(struct udphdr), M_DONTWAIT); + mi = m_makespace(m, iphlen, sizeof(struct udphdr), &roff); if (mi == NULL) { m_freem(m); return ENOMEM; } - uh = mtod(mi, struct udphdr *); + uh = (struct udphdr *)(mtod(mi, caddr_t) + roff); uh->uh_sport = uh->uh_dport = htons(udpencap_port); if (tdb->tdb_udpencap_port) uh->uh_dport = tdb->tdb_udpencap_port; |