I noticed that ikev2_out_nat_v2n allocated heap space for each hash. This memory should be allocated on the stack as local variables.
Stack allocation is much better than heap allocation, if it is appropriate. - it is faster - it does not contribute to heap fragmentation (dangerous and insidious in a long-running daemon) - the system takes care of the lifecycle (including freeing) - pointers are not required - the lifetime is trivially evident to any programmer. When is it appropriate? Both these must be true: - the stack lifetime is reasonable (sufficient and not excessive) - the size is known at compile time or a reasonable bound on the size is known at compile time In the case of ikev2_out_nat_v2n, the hash buffers would be much better stack-allocated than heap-allocated. How many other places in the code have we used unnecessarily used heap allocation? PS: in the code, the lifetime of the two hashes did not overlap, so only one buffer is required. _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
