diff options
| author | Christophe Gouault <christophe.gouault@6wind.com> | 2014-08-29 10:16:05 -0400 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2014-09-02 07:37:56 -0400 |
| commit | 880a6fab8f6ba5b5abe59ea68533202ddea1012c (patch) | |
| tree | d5e83238ad632d0473aa3b75a5233359154df049 /include/net/netns | |
| parent | b58555f1767c9f4e330fcf168e4e753d2d9196e0 (diff) | |
xfrm: configure policy hash table thresholds by netlink
Enable to specify local and remote prefix length thresholds for the
policy hash table via a netlink XFRM_MSG_NEWSPDINFO message.
prefix length thresholds are specified by XFRMA_SPD_IPV4_HTHRESH and
XFRMA_SPD_IPV6_HTHRESH optional attributes (struct xfrmu_spdhthresh).
example:
struct xfrmu_spdhthresh thresh4 = {
.lbits = 0;
.rbits = 24;
};
struct xfrmu_spdhthresh thresh6 = {
.lbits = 0;
.rbits = 56;
};
struct nlmsghdr *hdr;
struct nl_msg *msg;
msg = nlmsg_alloc();
hdr = nlmsg_put(msg, NL_AUTO_PORT, NL_AUTO_SEQ, XFRMA_SPD_IPV4_HTHRESH, sizeof(__u32), NLM_F_REQUEST);
nla_put(msg, XFRMA_SPD_IPV4_HTHRESH, sizeof(thresh4), &thresh4);
nla_put(msg, XFRMA_SPD_IPV6_HTHRESH, sizeof(thresh6), &thresh6);
nla_send_auto(sk, msg);
The numbers are the policy selector minimum prefix lengths to put a
policy in the hash table.
- lbits is the local threshold (source address for out policies,
destination address for in and fwd policies).
- rbits is the remote threshold (destination address for out
policies, source address for in and fwd policies).
The default values are:
XFRMA_SPD_IPV4_HTHRESH: 32 32
XFRMA_SPD_IPV6_HTHRESH: 128 128
Dynamic re-building of the SPD is performed when the thresholds values
are changed.
The current thresholds can be read via a XFRM_MSG_GETSPDINFO request:
the kernel replies to XFRM_MSG_GETSPDINFO requests by an
XFRM_MSG_NEWSPDINFO message, with both attributes
XFRMA_SPD_IPV4_HTHRESH and XFRMA_SPD_IPV6_HTHRESH.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Diffstat (limited to 'include/net/netns')
| -rw-r--r-- | include/net/netns/xfrm.h | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h index 41902a8103bd..9da798256f0e 100644 --- a/include/net/netns/xfrm.h +++ b/include/net/netns/xfrm.h | |||
| @@ -19,6 +19,15 @@ struct xfrm_policy_hash { | |||
| 19 | u8 sbits6; | 19 | u8 sbits6; |
| 20 | }; | 20 | }; |
| 21 | 21 | ||
| 22 | struct xfrm_policy_hthresh { | ||
| 23 | struct work_struct work; | ||
| 24 | seqlock_t lock; | ||
| 25 | u8 lbits4; | ||
| 26 | u8 rbits4; | ||
| 27 | u8 lbits6; | ||
| 28 | u8 rbits6; | ||
| 29 | }; | ||
| 30 | |||
| 22 | struct netns_xfrm { | 31 | struct netns_xfrm { |
| 23 | struct list_head state_all; | 32 | struct list_head state_all; |
| 24 | /* | 33 | /* |
| @@ -45,6 +54,7 @@ struct netns_xfrm { | |||
| 45 | struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX * 2]; | 54 | struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX * 2]; |
| 46 | unsigned int policy_count[XFRM_POLICY_MAX * 2]; | 55 | unsigned int policy_count[XFRM_POLICY_MAX * 2]; |
| 47 | struct work_struct policy_hash_work; | 56 | struct work_struct policy_hash_work; |
| 57 | struct xfrm_policy_hthresh policy_hthresh; | ||
| 48 | 58 | ||
| 49 | 59 | ||
| 50 | struct sock *nlsk; | 60 | struct sock *nlsk; |