diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-11-25 20:24:15 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-11-25 20:24:15 -0500 |
| commit | dc2caba7b321289e7d02e63d7216961ccecfa103 (patch) | |
| tree | 639c3da4e2a2b35af3b4dfe980994ce7f9a27c0e /include/net | |
| parent | a35f6c5de32664d82c072a7e2c7d5c5234de4158 (diff) | |
netns xfrm: per-netns policy counts
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/netns/xfrm.h | 1 | ||||
| -rw-r--r-- | include/net/xfrm.h | 6 |
2 files changed, 3 insertions, 4 deletions
diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h index 39cfa799fa90..d5aadf06be46 100644 --- a/include/net/netns/xfrm.h +++ b/include/net/netns/xfrm.h | |||
| @@ -37,6 +37,7 @@ struct netns_xfrm { | |||
| 37 | unsigned int policy_idx_hmask; | 37 | unsigned int policy_idx_hmask; |
| 38 | struct hlist_head policy_inexact[XFRM_POLICY_MAX * 2]; | 38 | struct hlist_head policy_inexact[XFRM_POLICY_MAX * 2]; |
| 39 | struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX * 2]; | 39 | struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX * 2]; |
| 40 | unsigned int policy_count[XFRM_POLICY_MAX * 2]; | ||
| 40 | }; | 41 | }; |
| 41 | 42 | ||
| 42 | #endif | 43 | #endif |
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 1ab17565f01c..8699620f8c2d 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
| @@ -559,8 +559,6 @@ struct xfrm_mgr | |||
| 559 | extern int xfrm_register_km(struct xfrm_mgr *km); | 559 | extern int xfrm_register_km(struct xfrm_mgr *km); |
| 560 | extern int xfrm_unregister_km(struct xfrm_mgr *km); | 560 | extern int xfrm_unregister_km(struct xfrm_mgr *km); |
| 561 | 561 | ||
| 562 | extern unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2]; | ||
| 563 | |||
| 564 | /* | 562 | /* |
| 565 | * This structure is used for the duration where packets are being | 563 | * This structure is used for the duration where packets are being |
| 566 | * transformed by IPsec. As soon as the packet leaves IPsec the | 564 | * transformed by IPsec. As soon as the packet leaves IPsec the |
| @@ -999,7 +997,7 @@ static inline int __xfrm_policy_check2(struct sock *sk, int dir, | |||
| 999 | if (sk && sk->sk_policy[XFRM_POLICY_IN]) | 997 | if (sk && sk->sk_policy[XFRM_POLICY_IN]) |
| 1000 | return __xfrm_policy_check(sk, ndir, skb, family); | 998 | return __xfrm_policy_check(sk, ndir, skb, family); |
| 1001 | 999 | ||
| 1002 | return (!xfrm_policy_count[dir] && !skb->sp) || | 1000 | return (!init_net.xfrm.policy_count[dir] && !skb->sp) || |
| 1003 | (skb->dst->flags & DST_NOPOLICY) || | 1001 | (skb->dst->flags & DST_NOPOLICY) || |
| 1004 | __xfrm_policy_check(sk, ndir, skb, family); | 1002 | __xfrm_policy_check(sk, ndir, skb, family); |
| 1005 | } | 1003 | } |
| @@ -1051,7 +1049,7 @@ extern int __xfrm_route_forward(struct sk_buff *skb, unsigned short family); | |||
| 1051 | 1049 | ||
| 1052 | static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family) | 1050 | static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family) |
| 1053 | { | 1051 | { |
| 1054 | return !xfrm_policy_count[XFRM_POLICY_OUT] || | 1052 | return !init_net.xfrm.policy_count[XFRM_POLICY_OUT] || |
| 1055 | (skb->dst->flags & DST_NOXFRM) || | 1053 | (skb->dst->flags & DST_NOXFRM) || |
| 1056 | __xfrm_route_forward(skb, family); | 1054 | __xfrm_route_forward(skb, family); |
| 1057 | } | 1055 | } |