Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/netipsec Use pool to allocate tdb_crypto
details: https://anonhg.NetBSD.org/src/rev/4015c3a79c5e
branches: trunk
changeset: 355235:4015c3a79c5e
user: ozaki-r <ozaki-r%NetBSD.org@localhost>
date: Thu Jul 20 08:07:14 2017 +0000
description:
Use pool to allocate tdb_crypto
For ESP and AH, we need to allocate an extra variable space in addition
to struct tdb_crypto. The fixed size of pool items may be larger than
an actual requisite size of a buffer, but still the performance
improvement by replacing malloc with pool wins.
diffstat:
sys/netipsec/xform_ah.c | 36 +++++++++++++++++++++++++-----------
sys/netipsec/xform_esp.c | 34 ++++++++++++++++++++++++----------
sys/netipsec/xform_ipcomp.c | 24 +++++++++++++++---------
3 files changed, 64 insertions(+), 30 deletions(-)
diffs (truncated from 364 to 300 lines):
diff -r 8f6401f18efc -r 4015c3a79c5e sys/netipsec/xform_ah.c
--- a/sys/netipsec/xform_ah.c Thu Jul 20 07:42:54 2017 +0000
+++ b/sys/netipsec/xform_ah.c Thu Jul 20 08:07:14 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ah.c,v 1.67 2017/07/20 03:17:59 ozaki-r Exp $ */
+/* $NetBSD: xform_ah.c,v 1.68 2017/07/20 08:07:14 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */
/*
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.67 2017/07/20 03:17:59 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.68 2017/07/20 08:07:14 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -54,6 +54,7 @@
#include <sys/kernel.h>
#include <sys/sysctl.h>
#include <sys/socketvar.h> /* for softnet_lock */
+#include <sys/pool.h>
#include <net/if.h>
@@ -61,6 +62,7 @@
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <netinet/ip_ecn.h>
+#include <netinet/ip_var.h>
#include <netinet/ip6.h>
#include <net/route.h>
@@ -114,13 +116,16 @@
static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */
-static int ah_max_authsize; /* max authsize over all algorithms */
+int ah_max_authsize; /* max authsize over all algorithms */
static int ah_input_cb(struct cryptop *);
static int ah_output_cb(struct cryptop *);
const uint8_t ah_stats[256] = { SADB_AALG_STATS_INIT };
+static struct pool ah_tdb_crypto_pool;
+static size_t ah_pool_item_size;
+
/*
* NB: this is public for use by the PF_KEY support.
*/
@@ -695,7 +700,9 @@
size_t extra = skip + rplen + authsize;
size += extra;
- tc = malloc(size, M_XDATA, M_NOWAIT|M_ZERO);
+ KASSERTMSG(size <= ah_pool_item_size,
+ "size=%zu > ah_pool_item_size=%zu\n", size, ah_pool_item_size);
+ tc = pool_get(&ah_tdb_crypto_pool, PR_NOWAIT);
if (tc == NULL) {
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
stat = AH_STAT_CRYPTO;
@@ -753,7 +760,7 @@
bad:
if (tc != NULL)
- free(tc, M_XDATA);
+ pool_put(&ah_tdb_crypto_pool, tc);
if (crp != NULL)
crypto_freereq(crp);
if (m != NULL)
@@ -888,7 +895,8 @@
/* Copyback the saved (uncooked) network headers. */
m_copyback(m, 0, skip, ptr);
- free(tc, M_XDATA), tc = NULL; /* No longer needed */
+ pool_put(&ah_tdb_crypto_pool, tc);
+ tc = NULL;
/*
* Header is now authenticated.
@@ -937,7 +945,7 @@
if (m != NULL)
m_freem(m);
if (tc != NULL)
- free(tc, M_XDATA);
+ pool_put(&ah_tdb_crypto_pool, tc);
if (crp != NULL)
crypto_freereq(crp);
return error;
@@ -1097,7 +1105,7 @@
crda->crd_klen = _KEYBITS(sav->key_auth);
/* Allocate IPsec-specific opaque crypto info. */
- tc = malloc(sizeof(*tc) + skip, M_XDATA, M_NOWAIT|M_ZERO);
+ tc = pool_get(&ah_tdb_crypto_pool, PR_NOWAIT);
if (tc == NULL) {
crypto_freereq(crp);
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
@@ -1131,7 +1139,7 @@
skip, ahx->type, 1);
if (error != 0) {
m = NULL; /* mbuf was free'd by ah_massage_headers. */
- free(tc, M_XDATA);
+ pool_put(&ah_tdb_crypto_pool, tc);
crypto_freereq(crp);
goto bad;
}
@@ -1232,7 +1240,7 @@
m_copyback(m, 0, skip, ptr);
/* No longer needed. */
- free(tc, M_XDATA);
+ pool_put(&ah_tdb_crypto_pool, tc);
crypto_freereq(crp);
#ifdef IPSEC_DEBUG
@@ -1264,7 +1272,7 @@
splx(s);
if (m)
m_freem(m);
- free(tc, M_XDATA);
+ pool_put(&ah_tdb_crypto_pool, tc);
crypto_freereq(crp);
return error;
}
@@ -1312,5 +1320,11 @@
#undef MAXAUTHSIZE
+ ah_pool_item_size = sizeof(struct tdb_crypto) +
+ sizeof(struct ip) + MAX_IPOPTLEN +
+ sizeof(struct ah) + sizeof(uint32_t) + ah_max_authsize;
+ pool_init(&ah_tdb_crypto_pool, ah_pool_item_size,
+ 0, 0, 0, "ah_tdb_crypto", NULL, IPL_SOFTNET);
+
xform_register(&ah_xformsw);
}
diff -r 8f6401f18efc -r 4015c3a79c5e sys/netipsec/xform_esp.c
--- a/sys/netipsec/xform_esp.c Thu Jul 20 07:42:54 2017 +0000
+++ b/sys/netipsec/xform_esp.c Thu Jul 20 08:07:14 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_esp.c,v 1.65 2017/07/19 10:26:09 ozaki-r Exp $ */
+/* $NetBSD: xform_esp.c,v 1.66 2017/07/20 08:07:14 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_esp.c,v 1.2.2.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_esp.c,v 1.69 2001/06/26 06:18:59 angelos Exp $ */
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.65 2017/07/19 10:26:09 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_esp.c,v 1.66 2017/07/20 08:07:14 ozaki-r Exp $");
#if defined(_KERNEL_OPT)
#include "opt_inet.h"
@@ -55,6 +55,7 @@
#include <sys/sysctl.h>
#include <sys/socketvar.h> /* for softnet_lock */
#include <sys/cprng.h>
+#include <sys/pool.h>
#include <net/if.h>
@@ -103,6 +104,9 @@
const uint8_t esp_stats[256] = { SADB_EALG_STATS_INIT };
+static struct pool esp_tdb_crypto_pool;
+static size_t esp_pool_item_size;
+
/*
* NB: this is public for use by the PF_KEY support.
* NB: if you add support here; be sure to add code to esp_attach below!
@@ -375,8 +379,11 @@
}
/* Get IPsec-specific opaque pointer */
- size_t extra = esph == NULL ? 0 : alen;
- tc = malloc(sizeof(*tc) + extra, M_XDATA, M_NOWAIT|M_ZERO);
+ size_t extra __diagused = esph == NULL ? 0 : alen;
+ KASSERTMSG(sizeof(*tc) + extra <= esp_pool_item_size,
+ "sizeof(*tc) + extra=%zu > esp_pool_item_size=%zu\n",
+ sizeof(*tc) + extra, esp_pool_item_size);
+ tc = pool_get(&esp_tdb_crypto_pool, PR_NOWAIT);
if (tc == NULL) {
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
error = ENOBUFS;
@@ -458,7 +465,7 @@
return crypto_dispatch(crp);
out2:
- free(tc, M_XDATA);
+ pool_put(&esp_tdb_crypto_pool, tc);
out1:
crypto_freereq(crp);
out:
@@ -586,7 +593,8 @@
}
/* Release the crypto descriptors */
- free(tc, M_XDATA), tc = NULL;
+ pool_put(&esp_tdb_crypto_pool, tc);
+ tc = NULL;
crypto_freereq(crp), crp = NULL;
/*
@@ -678,7 +686,7 @@
if (m != NULL)
m_freem(m);
if (tc != NULL)
- free(tc, M_XDATA);
+ pool_put(&esp_tdb_crypto_pool, tc);
if (crp != NULL)
crypto_freereq(crp);
return error;
@@ -884,7 +892,7 @@
crda = crp->crp_desc;
/* IPsec-specific opaque crypto info. */
- tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT|M_ZERO);
+ tc = pool_get(&esp_tdb_crypto_pool, PR_NOWAIT);
if (tc == NULL) {
crypto_freereq(crp);
DPRINTF(("%s: failed to allocate tdb_crypto\n", __func__));
@@ -1005,7 +1013,7 @@
AH_STATINC(AH_STAT_HIST + ah_stats[sav->alg_auth]);
/* Release crypto descriptors. */
- free(tc, M_XDATA);
+ pool_put(&esp_tdb_crypto_pool, tc);
crypto_freereq(crp);
#ifdef IPSEC_DEBUG
@@ -1041,7 +1049,7 @@
splx(s);
if (m)
m_freem(m);
- free(tc, M_XDATA);
+ pool_put(&esp_tdb_crypto_pool, tc);
crypto_freereq(crp);
return error;
}
@@ -1063,6 +1071,12 @@
espstat_percpu = percpu_alloc(sizeof(uint64_t) * ESP_NSTATS);
+ extern int ah_max_authsize;
+ KASSERT(ah_max_authsize != 0);
+ esp_pool_item_size = sizeof(struct tdb_crypto) + ah_max_authsize;
+ pool_init(&esp_tdb_crypto_pool, esp_pool_item_size,
+ 0, 0, 0, "esp_tdb_crypto", NULL, IPL_SOFTNET);
+
#define MAXIV(xform) \
if (xform.ivsize > esp_max_ivlen) \
esp_max_ivlen = xform.ivsize \
diff -r 8f6401f18efc -r 4015c3a79c5e sys/netipsec/xform_ipcomp.c
--- a/sys/netipsec/xform_ipcomp.c Thu Jul 20 07:42:54 2017 +0000
+++ b/sys/netipsec/xform_ipcomp.c Thu Jul 20 08:07:14 2017 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: xform_ipcomp.c,v 1.46 2017/07/19 10:26:09 ozaki-r Exp $ */
+/* $NetBSD: xform_ipcomp.c,v 1.47 2017/07/20 08:07:14 ozaki-r Exp $ */
/* $FreeBSD: src/sys/netipsec/xform_ipcomp.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */
/* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.46 2017/07/19 10:26:09 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: xform_ipcomp.c,v 1.47 2017/07/20 08:07:14 ozaki-r Exp $");
/* IP payload compression protocol (IPComp), see RFC 2393 */
#if defined(_KERNEL_OPT)
@@ -45,6 +45,7 @@
#include <sys/protosw.h>
#include <sys/sysctl.h>
#include <sys/socketvar.h> /* for softnet_lock */
+#include <sys/pool.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
@@ -88,6 +89,8 @@
const uint8_t ipcomp_stats[256] = { SADB_CALG_STATS_INIT };
+static struct pool ipcomp_tdb_crypto_pool;
+
const struct comp_algo *
ipcomp_algorithm_lookup(int alg)
{
@@ -162,7 +165,7 @@
return ENOBUFS;
}
/* Get IPsec-specific opaque pointer */
- tc = malloc(sizeof(*tc), M_XDATA, M_NOWAIT|M_ZERO);
+ tc = pool_get(&ipcomp_tdb_crypto_pool, PR_NOWAIT);
if (tc == NULL) {
m_freem(m);
Home |
Main Index |
Thread Index |
Old Index