1 files changed, 31 insertions, 10 deletions

diff --git a/src/irmd/main.c b/src/irmd/main.c
index e610a015..f91e23fc 100644
--- a/src/irmd/main.c
+++ b/src/irmd/main.c
@@ -86,7 +86,9 @@
 #define TIMESYNC_SLACK     100  /* ms */
 #define OAP_SEEN_TIMER     20   /*  s */
 #define DEALLOC_TIME       300  /*  s */
-#define DIRECT_MPL         1    /*  s */
+#define DIRECT_MPL         20   /* ms */
+/* bytes; in-process, bounded only by PUP/GSPP. */
+#define DIRECT_MTU         65000
 
 enum irm_state {
         IRMD_NULL = 0,
@@ -910,6 +912,10 @@ static int flow_accept(struct flow_info * flow,
         flow->uid = reg_get_proc_uid(flow->n_pid);
 
         err = oap_srv_process(&info, req_hdr, &resp_hdr, data, sk);
+        if (err == -EREPLAY) {
+                log_warn("Dropping replayed alloc request for %s.", name);
+                goto fail_replay;
+        }
         if (err < 0) {
                 log_err("OAP processing failed for %s.", name);
                 goto fail_oap;
@@ -938,6 +944,9 @@ static int flow_accept(struct flow_info * flow,
  fail_oap:
         if (!reg_flow_is_direct(flow->id))
                 ipcp_flow_alloc_resp(flow, err, resp_hdr);
+ fail_replay:
+        freebuf(req_hdr);
+        freebuf(resp_hdr);
  fail_wait:
         reg_destroy_flow(flow->id);
  fail_flow:
@@ -1209,6 +1218,7 @@ static int flow_alloc_direct(const char *       dst,
 
         acc.n_1_pid = flow->n_pid;
         acc.mpl     = DIRECT_MPL;
+        acc.mtu     = DIRECT_MTU;
         acc.qs      = flow->qs;
         acc.state   = FLOW_ALLOCATED;
 
@@ -1244,6 +1254,7 @@ static int flow_alloc_direct(const char *       dst,
         flow->id      = acc.id;
         flow->n_1_pid = acc.n_pid;
         flow->mpl     = DIRECT_MPL;
+        flow->mtu     = DIRECT_MTU;
         flow->state   = FLOW_ALLOCATED;
 
         log_info("Flow %d allocated (direct) for %d to %s.",
@@ -2383,26 +2394,31 @@ int main(int     argc,
                 goto fail_irm_init;
         }
 
-        if (irm_init() < 0)
+        if (crypt_secure_malloc_init(IRMD_SECMEM_MAX) < 0) {
+                log_err("Failed to initialize secure memory allocation.");
+                goto fail_secmem;
+        }
+
+        if (irm_init() < 0) {
+                log_err("Failed to initialize IRMd.");
                 goto fail_irm_init;
+        }
 
         if (reg_init() < 0) {
                 log_err("Failed to initialize registry.");
                 goto fail_reg;
         }
 
-        if (crypt_secure_malloc_init(IRMD_SECMEM_MAX) < 0) {
-                log_err("Failed to initialize secure memory allocation.");
-                goto fail_reg;
-        }
-
         pthread_sigmask(SIG_BLOCK, &sigset, NULL);
 
-        if (irm_start() < 0)
+        if (irm_start() < 0) {
+                log_err("Failed to start IRMd.");
                 goto fail_irm_start;
+        }
 
 #ifdef HAVE_TOML
         if (irm_configure(irmd.cfg_file) < 0) {
+                log_err("Failed to load IRMd configuration.");
                 irmd_set_state(IRMD_SHUTDOWN);
                 ret = EXIT_FAILURE;
         }
@@ -2415,14 +2431,16 @@ int main(int     argc,
 
         pthread_sigmask(SIG_UNBLOCK, &sigset, NULL);
 
-        crypt_secure_malloc_fini();
-
         reg_clear();
 
         reg_fini();
 
         irm_fini();
 
+        crypt_secure_malloc_fini();
+
+        crypt_cleanup();
+
         log_info("Ouroboros IPC Resource Manager daemon exited. Bye.");
 
         log_fini();
@@ -2434,5 +2452,8 @@ int main(int     argc,
  fail_reg:
         irm_fini();
  fail_irm_init:
+        crypt_secure_malloc_fini();
+        crypt_cleanup();
+ fail_secmem:
         exit(EXIT_FAILURE);
 }