xfrm: configure policy hash table thresholds by netlink

Enable to specify local and remote prefix length thresholds for the policy hash table via a netlink XFRM_MSG_NEWSPDINFO message. prefix length thresholds are specified by XFRMA_SPD_IPV4_HTHRESH and XFRMA_SPD_IPV6_HTHRESH optional attributes (struct xfrmu_spdhthresh). example: struct xfrmu_spdhthresh thresh4 = { .lbits = 0; .rbits = 24; }; struct xfrmu_spdhthresh thresh6 = { .lbits = 0; .rbits = 56; }; struct nlmsghdr *hdr; struct nl_msg *msg; msg = nlmsg_alloc(); hdr = nlmsg_put(msg, NL_AUTO_PORT, NL_AUTO_SEQ, XFRMA_SPD_IPV4_HTHRESH, sizeof(__u32), NLM_F_REQUEST); nla_put(msg, XFRMA_SPD_IPV4_HTHRESH, sizeof(thresh4), &thresh4); nla_put(msg, XFRMA_SPD_IPV6_HTHRESH, sizeof(thresh6), &thresh6); nla_send_auto(sk, msg); The numbers are the policy selector minimum prefix lengths to put a policy in the hash table. - lbits is the local threshold (source address for out policies, destination address for in and fwd policies). - rbits is the remote threshold (destination address for out policies, source address for in and fwd policies). The default values are: XFRMA_SPD_IPV4_HTHRESH: 32 32 XFRMA_SPD_IPV6_HTHRESH: 128 128 Dynamic re-building of the SPD is performed when the thresholds values are changed. The current thresholds can be read via a XFRM_MSG_GETSPDINFO request: the kernel replies to XFRM_MSG_GETSPDINFO requests by an XFRM_MSG_NEWSPDINFO message, with both attributes XFRMA_SPD_IPV4_HTHRESH and XFRMA_SPD_IPV6_HTHRESH. Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Christophe Gouault <christophe.gouault@6wind.com> 2014-08-29 10:16:05 -0400
committer: Steffen Klassert <steffen.klassert@secunet.com> 2014-09-02 07:37:56 -0400
commit: 880a6fab8f6ba5b5abe59ea68533202ddea1012c (patch)
tree: d5e83238ad632d0473aa3b75a5233359154df049 /include/net
parent: b58555f1767c9f4e330fcf168e4e753d2d9196e0 (diff)
2 files changed, 11 insertions, 0 deletions
diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h
index 41902a8103bd..9da798256f0e 100644
--- a/include/net/netns/xfrm.h
+++ b/include/net/netns/xfrm.h
@@ -19,6 +19,15 @@ struct xfrm_policy_hash {
        u8                      sbits6;
 };
+struct xfrm_policy_hthresh {
+        struct work_struct      work;
+        seqlock_t               lock;
+        u8                      lbits4;
+        u8                      rbits4;
+        u8                      lbits6;
+        u8                      rbits6;
+};
 struct netns_xfrm {
        struct list_head        state_all;
        /*
@@ -45,6 +54,7 @@ struct netns_xfrm {
        struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX * 2];
        unsigned int            policy_count[XFRM_POLICY_MAX * 2];
        struct work_struct      policy_hash_work;
+        struct xfrm_policy_hthresh policy_hthresh;
        struct sock             *nlsk;
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 721e9c3b11bd..dc4865e90fe4 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1591,6 +1591,7 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark,
 struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir,
                                     u32 id, int delete, int *err);
 int xfrm_policy_flush(struct net *net, u8 type, bool task_valid);
+void xfrm_policy_hash_rebuild(struct net *net);
 u32 xfrm_get_acqseq(void);
 int verify_spi_info(u8 proto, u32 min, u32 max);
 int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
author	Christophe Gouault <christophe.gouault@6wind.com>	2014-08-29 10:16:05 -0400
committer	Steffen Klassert <steffen.klassert@secunet.com>	2014-09-02 07:37:56 -0400
commit	880a6fab8f6ba5b5abe59ea68533202ddea1012c (patch)
tree	d5e83238ad632d0473aa3b75a5233359154df049 /include/net
parent	b58555f1767c9f4e330fcf168e4e753d2d9196e0 (diff)