diff options
| author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-06-26 18:56:32 +0000 |
|---|---|---|
| committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-06-26 18:56:32 +0000 |
| commit | f0fe9f395caae06c5f4ca2fe8b5534d6bd97fcb4 (patch) | |
| tree | 09e7fcacc40abb00df4c0ef8b460dbc027df2eab /sys/netinet | |
| parent | bad460060180064bc08a00c589581bf5f43ebfa8 (diff) | |
Use pool(9) for IPsec policy structures.
Diffstat (limited to 'sys/netinet')
| -rw-r--r-- | sys/netinet/ip_ipsp.h | 4 | ||||
| -rw-r--r-- | sys/netinet/ip_spd.c | 21 |
2 files changed, 18 insertions, 7 deletions
diff --git a/sys/netinet/ip_ipsp.h b/sys/netinet/ip_ipsp.h index c0f74b15629..c26de99af46 100644 --- a/sys/netinet/ip_ipsp.h +++ b/sys/netinet/ip_ipsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.h,v 1.111 2001/06/26 18:34:40 angelos Exp $ */ +/* $OpenBSD: ip_ipsp.h,v 1.112 2001/06/26 18:56:30 angelos Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), * Angelos D. Keromytis (kermit@csd.uch.gr), @@ -438,6 +438,8 @@ extern u_int64_t ipsec_last_added; extern int ipsec_require_pfs; extern int ipsec_expire_acquire; +extern int ipsec_policy_pool_initialized; + extern int ipsec_soft_allocations; extern int ipsec_exp_allocations; extern int ipsec_soft_bytes; diff --git a/sys/netinet/ip_spd.c b/sys/netinet/ip_spd.c index a61794a2b9a..6b83c7e0297 100644 --- a/sys/netinet/ip_spd.c +++ b/sys/netinet/ip_spd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_spd.c,v 1.27 2001/06/26 18:34:40 angelos Exp $ */ +/* $OpenBSD: ip_spd.c,v 1.28 2001/06/26 18:56:30 angelos Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu) * @@ -54,6 +54,9 @@ #define DPRINTF(x) #endif +struct pool ipsec_policy_pool; +int ipsec_policy_pool_initialized = 0; + /* * Lookup at the SPD based on the headers contained on the mbuf. The second * argument indicates what protocol family the header at the beginning of @@ -581,7 +584,7 @@ ipsec_delete_policy(struct ipsec_policy *ipo) if (ipo->ipo_local_auth) ipsp_reffree(ipo->ipo_local_cred); - FREE(ipo, M_IPSEC_POLICY); + pool_put(&ipsec_policy_pool, ipo); ipsec_in_use--; @@ -593,13 +596,19 @@ ipsec_delete_policy(struct ipsec_policy *ipo) */ struct ipsec_policy * ipsec_add_policy(struct sockaddr_encap *dst, struct sockaddr_encap *mask, - union sockaddr_union *sdst, int type, int sproto) + union sockaddr_union *sdst, int type, int sproto) { struct sockaddr_encap encapgw; struct ipsec_policy *ipon; - MALLOC(ipon, struct ipsec_policy *, sizeof(struct ipsec_policy), - M_IPSEC_POLICY, M_NOWAIT); + if (ipsec_policy_pool_initialized == 0) { + ipsec_policy_pool_initialized = 1; + pool_init(&ipsec_policy_pool, sizeof(struct ipsec_policy), + 0, 0, PR_FREEHEADER, "ipsec policy", 0, NULL, NULL, + M_IPSEC_POLICY); + } + + ipon = pool_get(&ipsec_policy_pool, 0); if (ipon == NULL) return NULL; @@ -616,7 +625,7 @@ ipsec_add_policy(struct sockaddr_encap *dst, struct sockaddr_encap *mask, RTF_UP | RTF_GATEWAY | RTF_STATIC, (struct rtentry **) 0) != 0) { DPRINTF(("ipsec_add_policy: failed to add policy\n")); - FREE(ipon, M_IPSEC_POLICY); + pool_put(&ipsec_policy_pool, ipon); return NULL; } |