diff options
| author | David S. Miller <davem@davemloft.net> | 2012-11-22 15:24:30 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-11-22 15:24:30 -0500 |
| commit | 5e7873d1450e1809b017b943417530db3955ac5f (patch) | |
| tree | eee7e724fa10e0cccb5f10707bce247d7eba721b | |
| parent | ef6c5be658f6a70c1256fbd18e18ee0dc24c3386 (diff) | |
| parent | 703fb94ec58e0e8769380c2877a8a34aeb5b6c97 (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says:
====================
This pull request is intended for 3.7 and contains a single patch to
fix the IPsec gc threshold value for ipv4.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/net/xfrm.h | 2 | ||||
| -rw-r--r-- | net/ipv4/route.c | 2 | ||||
| -rw-r--r-- | net/ipv4/xfrm4_policy.c | 13 |
3 files changed, 3 insertions, 14 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 6f0ba01afe73..63445ede48bb 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -1351,7 +1351,7 @@ struct xfrm6_tunnel { | |||
| 1351 | }; | 1351 | }; |
| 1352 | 1352 | ||
| 1353 | extern void xfrm_init(void); | 1353 | extern void xfrm_init(void); |
| 1354 | extern void xfrm4_init(int rt_hash_size); | 1354 | extern void xfrm4_init(void); |
| 1355 | extern int xfrm_state_init(struct net *net); | 1355 | extern int xfrm_state_init(struct net *net); |
| 1356 | extern void xfrm_state_fini(struct net *net); | 1356 | extern void xfrm_state_fini(struct net *net); |
| 1357 | extern void xfrm4_state_init(void); | 1357 | extern void xfrm4_state_init(void); |
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index a8c651216fa6..200d287e49f5 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c | |||
| @@ -2597,7 +2597,7 @@ int __init ip_rt_init(void) | |||
| 2597 | pr_err("Unable to create route proc files\n"); | 2597 | pr_err("Unable to create route proc files\n"); |
| 2598 | #ifdef CONFIG_XFRM | 2598 | #ifdef CONFIG_XFRM |
| 2599 | xfrm_init(); | 2599 | xfrm_init(); |
| 2600 | xfrm4_init(ip_rt_max_size); | 2600 | xfrm4_init(); |
| 2601 | #endif | 2601 | #endif |
| 2602 | rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL); | 2602 | rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL); |
| 2603 | 2603 | ||
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 05c5ab8d983c..3be0ac2c1920 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c | |||
| @@ -279,19 +279,8 @@ static void __exit xfrm4_policy_fini(void) | |||
| 279 | xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo); | 279 | xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo); |
| 280 | } | 280 | } |
| 281 | 281 | ||
| 282 | void __init xfrm4_init(int rt_max_size) | 282 | void __init xfrm4_init(void) |
| 283 | { | 283 | { |
| 284 | /* | ||
| 285 | * Select a default value for the gc_thresh based on the main route | ||
| 286 | * table hash size. It seems to me the worst case scenario is when | ||
| 287 | * we have ipsec operating in transport mode, in which we create a | ||
| 288 | * dst_entry per socket. The xfrm gc algorithm starts trying to remove | ||
| 289 | * entries at gc_thresh, and prevents new allocations as 2*gc_thresh | ||
| 290 | * so lets set an initial xfrm gc_thresh value at the rt_max_size/2. | ||
| 291 | * That will let us store an ipsec connection per route table entry, | ||
| 292 | * and start cleaning when were 1/2 full | ||
| 293 | */ | ||
| 294 | xfrm4_dst_ops.gc_thresh = rt_max_size/2; | ||
| 295 | dst_entries_init(&xfrm4_dst_ops); | 284 | dst_entries_init(&xfrm4_dst_ops); |
| 296 | 285 | ||
| 297 | xfrm4_state_init(); | 286 | xfrm4_state_init(); |