diff --git a/sys/netipsec/xform_ah.c b/sys/netipsec/xform_ah.c --- a/sys/netipsec/xform_ah.c +++ b/sys/netipsec/xform_ah.c @@ -42,6 +42,7 @@ #include #include +#include #include #include #include @@ -108,6 +109,8 @@ ahstat, "AH statistics (struct ahstat, netipsec/ah_var.h)"); #endif +static MALLOC_DEFINE(M_AH, "ah", "IPsec AH"); + static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */ static int ah_input_cb(struct cryptop*); @@ -426,7 +429,7 @@ if (m->m_len <= skip) { ptr = (unsigned char *) malloc( skip - sizeof(struct ip6_hdr), - M_XDATA, M_NOWAIT); + M_AH, M_NOWAIT); if (ptr == NULL) { DPRINTF(("%s: failed to allocate memory" "for IPv6 headers\n",__func__)); @@ -505,7 +508,7 @@ __func__, off)); error6: if (alloc) - free(ptr, M_XDATA); + free(ptr, M_AH); m_freem(m); return EINVAL; } @@ -514,7 +517,7 @@ if (alloc) { m_copyback(m, sizeof(struct ip6_hdr), skip - sizeof(struct ip6_hdr), ptr); - free(ptr, M_XDATA); + free(ptr, M_AH); } break; @@ -615,7 +618,7 @@ crp->crp_digest_start = skip + rplen; /* Allocate IPsec-specific opaque crypto info. */ - xd = malloc(sizeof(*xd) + skip + rplen + authsize, M_XDATA, + xd = malloc(sizeof(*xd) + skip + rplen + authsize, M_AH, M_NOWAIT | M_ZERO); if (xd == NULL) { DPRINTF(("%s: failed to allocate xform_data\n", __func__)); @@ -643,7 +646,7 @@ if (error != 0) { /* NB: mbuf is free'd by ah_massage_headers */ AHSTAT_INC(ahs_hdrops); - free(xd, M_XDATA); + free(xd, M_AH); crypto_freereq(crp); key_freesav(&sav); return (error); @@ -761,7 +764,7 @@ /* Copyback the saved (uncooked) network headers. */ m_copyback(m, 0, skip, ptr); - free(xd, M_XDATA), xd = NULL; /* No longer needed */ + free(xd, M_AH), xd = NULL; /* No longer needed */ /* * Header is now authenticated. @@ -822,7 +825,7 @@ if (m != NULL) m_freem(m); if (xd != NULL) - free(xd, M_XDATA); + free(xd, M_AH); if (crp != NULL) crypto_freereq(crp); return error; @@ -975,7 +978,7 @@ crp->crp_digest_start = skip + rplen; /* Allocate IPsec-specific opaque crypto info. */ - xd = malloc(sizeof(struct xform_data) + skip, M_XDATA, + xd = malloc(sizeof(struct xform_data) + skip, M_AH, M_NOWAIT | M_ZERO); if (xd == NULL) { crypto_freereq(crp); @@ -1029,7 +1032,7 @@ skip, ahx->type, 1); if (error != 0) { m = NULL; /* mbuf was free'd by ah_massage_headers. */ - free(xd, M_XDATA); + free(xd, M_AH); crypto_freereq(crp); goto bad; } @@ -1121,7 +1124,7 @@ */ m_copyback(m, 0, skip, ptr); - free(xd, M_XDATA); + free(xd, M_AH); crypto_freereq(crp); AHSTAT_INC(ahs_hist[sav->alg_auth]); #ifdef REGRESSION @@ -1144,7 +1147,7 @@ return (error); bad: CURVNET_RESTORE(); - free(xd, M_XDATA); + free(xd, M_AH); crypto_freereq(crp); key_freesav(&sav); key_freesp(&sp); diff --git a/sys/netipsec/xform_esp.c b/sys/netipsec/xform_esp.c --- a/sys/netipsec/xform_esp.c +++ b/sys/netipsec/xform_esp.c @@ -41,6 +41,7 @@ #include #include +#include #include #include #include @@ -102,6 +103,8 @@ struct espstat, espstat, "ESP statistics (struct espstat, netipsec/esp_var.h"); +static MALLOC_DEFINE(M_ESP, "esp", "IPsec ESP"); + static int esp_input_cb(struct cryptop *op); static int esp_output_cb(struct cryptop *crp); @@ -355,7 +358,7 @@ } /* Get IPsec-specific opaque pointer */ - xd = malloc(sizeof(*xd), M_XDATA, M_NOWAIT | M_ZERO); + xd = malloc(sizeof(*xd), M_ESP, M_NOWAIT | M_ZERO); if (xd == NULL) { DPRINTF(("%s: failed to allocate xform_data\n", __func__)); goto xd_fail; @@ -374,7 +377,7 @@ int aad_skip; crp->crp_aad_length += sizeof(seqh); - crp->crp_aad = malloc(crp->crp_aad_length, M_XDATA, M_NOWAIT); + crp->crp_aad = malloc(crp->crp_aad_length, M_ESP, M_NOWAIT); if (crp->crp_aad == NULL) { DPRINTF(("%s: failed to allocate xform_data\n", __func__)); @@ -464,7 +467,7 @@ return (crypto_dispatch(crp)); crp_aad_fail: - free(xd, M_XDATA); + free(xd, M_ESP); xd_fail: crypto_freereq(crp); ESPSTAT_INC(esps_crypto); @@ -550,8 +553,8 @@ } /* Release the crypto descriptors */ - free(xd, M_XDATA), xd = NULL; - free(crp->crp_aad, M_XDATA), crp->crp_aad = NULL; + free(xd, M_ESP), xd = NULL; + free(crp->crp_aad, M_ESP), crp->crp_aad = NULL; crypto_freereq(crp), crp = NULL; /* @@ -660,9 +663,9 @@ if (m != NULL) m_freem(m); if (xd != NULL) - free(xd, M_XDATA); + free(xd, M_ESP); if (crp != NULL) { - free(crp->crp_aad, M_XDATA); + free(crp->crp_aad, M_ESP); crypto_freereq(crp); } return error; @@ -854,7 +857,7 @@ } /* IPsec-specific opaque crypto info. */ - xd = malloc(sizeof(struct xform_data), M_XDATA, M_NOWAIT | M_ZERO); + xd = malloc(sizeof(struct xform_data), M_ESP, M_NOWAIT | M_ZERO); if (xd == NULL) { DPRINTF(("%s: failed to allocate xform_data\n", __func__)); goto xd_fail; @@ -914,7 +917,7 @@ int aad_skip; crp->crp_aad_length += sizeof(seqh); - crp->crp_aad = malloc(crp->crp_aad_length, M_XDATA, M_NOWAIT); + crp->crp_aad = malloc(crp->crp_aad_length, M_ESP, M_NOWAIT); if (crp->crp_aad == NULL) { DPRINTF(("%s: failed to allocate xform_data\n", __func__)); @@ -949,7 +952,7 @@ return (crypto_dispatch(crp)); crp_aad_fail: - free(xd, M_XDATA); + free(xd, M_ESP); xd_fail: crypto_freereq(crp); ESPSTAT_INC(esps_crypto); @@ -1007,8 +1010,8 @@ error = EINVAL; goto bad; } - free(xd, M_XDATA); - free(crp->crp_aad, M_XDATA); + free(xd, M_ESP); + free(crp->crp_aad, M_ESP); crypto_freereq(crp); ESPSTAT_INC(esps_hist[sav->alg_enc]); if (sav->tdb_authalgxform != NULL) @@ -1041,8 +1044,8 @@ return (error); bad: CURVNET_RESTORE(); - free(xd, M_XDATA); - free(crp->crp_aad, M_XDATA); + free(xd, M_ESP); + free(crp->crp_aad, M_ESP); crypto_freereq(crp); key_freesav(&sav); key_freesp(&sp); diff --git a/sys/netipsec/xform_ipcomp.c b/sys/netipsec/xform_ipcomp.c --- a/sys/netipsec/xform_ipcomp.c +++ b/sys/netipsec/xform_ipcomp.c @@ -37,6 +37,7 @@ #include #include +#include #include #include #include @@ -90,6 +91,8 @@ struct ipcompstat, ipcompstat, "IPCOMP statistics (struct ipcompstat, netipsec/ipcomp_var.h"); +static MALLOC_DEFINE(M_IPCOMP, "ipcomp", "IPCOMP"); + static int ipcomp_input_cb(struct cryptop *crp); static int ipcomp_output_cb(struct cryptop *crp); @@ -235,7 +238,7 @@ goto bad; } /* Get IPsec-specific opaque pointer */ - xd = malloc(sizeof(*xd), M_XDATA, M_NOWAIT | M_ZERO); + xd = malloc(sizeof(*xd), M_IPCOMP, M_NOWAIT | M_ZERO); if (xd == NULL) { DPRINTF(("%s: cannot allocate xform_data\n", __func__)); IPCOMPSTAT_INC(ipcomps_crypto); @@ -328,7 +331,7 @@ clen = crp->crp_olen; /* Length of data after processing */ /* Release the crypto descriptors */ - free(xd, M_XDATA), xd = NULL; + free(xd, M_IPCOMP), xd = NULL; crypto_freereq(crp), crp = NULL; /* In case it's not done already, adjust the size of the mbuf chain */ @@ -382,7 +385,7 @@ if (m != NULL) m_freem(m); if (xd != NULL) - free(xd, M_XDATA); + free(xd, M_IPCOMP); if (crp != NULL) crypto_freereq(crp); return error; @@ -486,7 +489,7 @@ crp->crp_payload_length = ralen; /* IPsec-specific opaque crypto info */ - xd = malloc(sizeof(struct xform_data), M_XDATA, M_NOWAIT | M_ZERO); + xd = malloc(sizeof(struct xform_data), M_IPCOMP, M_NOWAIT | M_ZERO); if (xd == NULL) { IPCOMPSTAT_INC(ipcomps_crypto); DPRINTF(("%s: failed to allocate xform_data\n", __func__)); @@ -641,7 +644,7 @@ } /* Release the crypto descriptor */ - free(xd, M_XDATA); + free(xd, M_IPCOMP); crypto_freereq(crp); /* NB: m is reclaimed by ipsec_process_done. */ @@ -652,7 +655,7 @@ if (m) m_freem(m); CURVNET_RESTORE(); - free(xd, M_XDATA); + free(xd, M_IPCOMP); crypto_freereq(crp); key_freesav(&sav); key_freesp(&sp);