diff options
Diffstat (limited to 'sys/netipsec/xform_ah.c')
| -rw-r--r-- | sys/netipsec/xform_ah.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c index 774f11a16c44..c8d62b204adf 100644 --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -42,6 +42,7 @@ #include <sys/param.h> #include <sys/systm.h> +#include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/socket.h> #include <sys/syslog.h> @@ -108,6 +109,8 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_ah, IPSECCTL_STATS, stats, struct ahstat, ahstat, "AH statistics (struct ahstat, netipsec/ah_var.h)"); #endif +static MALLOC_DEFINE(M_AH, "ah", "IPsec AH"); + static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */ static int ah_input_cb(struct cryptop*); @@ -426,7 +429,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) if (m->m_len <= skip) { ptr = (unsigned char *) malloc( skip - sizeof(struct ip6_hdr), - M_XDATA, M_NOWAIT); + M_AH, M_NOWAIT); if (ptr == NULL) { DPRINTF(("%s: failed to allocate memory" "for IPv6 headers\n",__func__)); @@ -505,7 +508,7 @@ ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) __func__, off)); error6: if (alloc) - free(ptr, M_XDATA); + free(ptr, M_AH); m_freem(m); return EINVAL; } @@ -514,7 +517,7 @@ error6: if (alloc) { m_copyback(m, sizeof(struct ip6_hdr), skip - sizeof(struct ip6_hdr), ptr); - free(ptr, M_XDATA); + free(ptr, M_AH); } break; @@ -615,7 +618,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) crp->crp_digest_start = skip + rplen; /* Allocate IPsec-specific opaque crypto info. */ - xd = malloc(sizeof(*xd) + skip + rplen + authsize, M_XDATA, + xd = malloc(sizeof(*xd) + skip + rplen + authsize, M_AH, M_NOWAIT | M_ZERO); if (xd == NULL) { DPRINTF(("%s: failed to allocate xform_data\n", __func__)); @@ -643,7 +646,7 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) if (error != 0) { /* NB: mbuf is free'd by ah_massage_headers */ AHSTAT_INC(ahs_hdrops); - free(xd, M_XDATA); + free(xd, M_AH); crypto_freereq(crp); key_freesav(&sav); return (error); @@ -761,7 +764,7 @@ ah_input_cb(struct cryptop *crp) /* Copyback the saved (uncooked) network headers. */ m_copyback(m, 0, skip, ptr); - free(xd, M_XDATA), xd = NULL; /* No longer needed */ + free(xd, M_AH), xd = NULL; /* No longer needed */ /* * Header is now authenticated. @@ -822,7 +825,7 @@ bad: if (m != NULL) m_freem(m); if (xd != NULL) - free(xd, M_XDATA); + free(xd, M_AH); if (crp != NULL) crypto_freereq(crp); return error; @@ -975,7 +978,7 @@ ah_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, crp->crp_digest_start = skip + rplen; /* Allocate IPsec-specific opaque crypto info. */ - xd = malloc(sizeof(struct xform_data) + skip, M_XDATA, + xd = malloc(sizeof(struct xform_data) + skip, M_AH, M_NOWAIT | M_ZERO); if (xd == NULL) { crypto_freereq(crp); @@ -1029,7 +1032,7 @@ ah_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, skip, ahx->type, 1); if (error != 0) { m = NULL; /* mbuf was free'd by ah_massage_headers. */ - free(xd, M_XDATA); + free(xd, M_AH); crypto_freereq(crp); goto bad; } @@ -1121,7 +1124,7 @@ ah_output_cb(struct cryptop *crp) */ m_copyback(m, 0, skip, ptr); - free(xd, M_XDATA); + free(xd, M_AH); crypto_freereq(crp); AHSTAT_INC(ahs_hist[sav->alg_auth]); #ifdef REGRESSION @@ -1144,7 +1147,7 @@ ah_output_cb(struct cryptop *crp) return (error); bad: CURVNET_RESTORE(); - free(xd, M_XDATA); + free(xd, M_AH); crypto_freereq(crp); key_freesav(&sav); key_freesp(&sp); |