diff options
author | Jamal Hadi Salim <hadi@cyberus.ca> | 2007-04-26 03:10:29 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-04-26 03:10:29 -0400 |
commit | 28d8909bc790d936ce33f4402adf7577533bbd4b (patch) | |
tree | 8de479d6660aba23bc99fa555c150852548df58d /include/net | |
parent | 98486fa2f4894e2b01e325c659635596bdec1614 (diff) |
[XFRM]: Export SAD info.
On a system with a lot of SAs, counting SAD entries chews useful
CPU time since you need to dump the whole SAD to user space;
i.e something like ip xfrm state ls | grep -i src | wc -l
I have seen taking literally minutes on a 40K SAs when the system
is swapping.
With this patch, some of the SAD info (that was already being tracked)
is exposed to user space. i.e you do:
ip xfrm state count
And you get the count; you can also pass -s to the command line and
get the hash info.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/xfrm.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index e144a25814bd..8287081d77f2 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -416,6 +416,13 @@ struct xfrm_audit | |||
416 | u32 secid; | 416 | u32 secid; |
417 | }; | 417 | }; |
418 | 418 | ||
419 | /* SAD metadata, add more later */ | ||
420 | struct xfrm_sadinfo | ||
421 | { | ||
422 | u32 sadhcnt; /* current hash bkts */ | ||
423 | u32 sadhmcnt; /* max allowed hash bkts */ | ||
424 | u32 sadcnt; /* current running count */ | ||
425 | }; | ||
419 | #ifdef CONFIG_AUDITSYSCALL | 426 | #ifdef CONFIG_AUDITSYSCALL |
420 | extern void xfrm_audit_log(uid_t auid, u32 secid, int type, int result, | 427 | extern void xfrm_audit_log(uid_t auid, u32 secid, int type, int result, |
421 | struct xfrm_policy *xp, struct xfrm_state *x); | 428 | struct xfrm_policy *xp, struct xfrm_state *x); |
@@ -938,6 +945,7 @@ static inline int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **s | |||
938 | extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq); | 945 | extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq); |
939 | extern int xfrm_state_delete(struct xfrm_state *x); | 946 | extern int xfrm_state_delete(struct xfrm_state *x); |
940 | extern void xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info); | 947 | extern void xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info); |
948 | extern void xfrm_sad_getinfo(struct xfrm_sadinfo *si); | ||
941 | extern int xfrm_replay_check(struct xfrm_state *x, __be32 seq); | 949 | extern int xfrm_replay_check(struct xfrm_state *x, __be32 seq); |
942 | extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq); | 950 | extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq); |
943 | extern void xfrm_replay_notify(struct xfrm_state *x, int event); | 951 | extern void xfrm_replay_notify(struct xfrm_state *x, int event); |