Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next

Steffen Klassert says: ==================== pull request (net-next): ipsec-next 2014-09-25 1) Remove useless hash_resize_mutex in xfrm_hash_resize(). This mutex is used only there, but xfrm_hash_resize() can't be called concurrently at all. From Ying Xue. 2) Extend policy hashing to prefixed policies based on prefix lenght thresholds. From Christophe Gouault. 3) Make the policy hash table thresholds configurable via netlink. From Christophe Gouault. 4) Remove the maximum authentication length for AH. This was needed to limit stack usage. We switched already to allocate space, so no need to keep the limit. From Herbert Xu. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
author: David S. Miller <davem@davemloft.net> 2014-09-28 17:19:15 -0400
committer: David S. Miller <davem@davemloft.net> 2014-09-28 17:19:15 -0400
commit: f5c7e1a47aeca2b31106aa94e7f4daa218e6c478 (patch)
tree: a5a0ed3429f83d7404dc4d8fe19ac060d6ddb307 /include/net
parent: fe2c5fb1ef24e97b7cf96e24200bbe503286cb95 (diff)
parent: 689f1c9de2abbd76fda224d12cea5f43568a4335 (diff)
3 files changed, 15 insertions, 3 deletions
diff --git a/include/net/ah.h b/include/net/ah.h
index ca95b98969dd..4e2dfa474a7e 100644
--- a/include/net/ah.h
+++ b/include/net/ah.h
@@ -3,9 +3,6 @@
 #include <linux/skbuff.h>
-/* This is the maximum truncated ICV length that we know of. */
-#define MAX_AH_AUTH_LEN 64
 struct crypto_ahash;
 struct ah_data {
diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h
index 3492434baf88..9da798256f0e 100644
--- a/include/net/netns/xfrm.h
+++ b/include/net/netns/xfrm.h
@@ -13,6 +13,19 @@ struct ctl_table_header;
 struct xfrm_policy_hash {
        struct hlist_head       *table;
        unsigned int            hmask;
+        u8                      dbits4;
+        u8                      sbits4;
+        u8                      dbits6;
+        u8                      sbits6;
+};
+struct xfrm_policy_hthresh {
+        struct work_struct      work;
+        seqlock_t               lock;
+        u8                      lbits4;
+        u8                      rbits4;
+        u8                      lbits6;
+        u8                      rbits6;
 };
 struct netns_xfrm {
@@ -41,6 +54,7 @@ struct netns_xfrm {
        struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX * 2];
        unsigned int            policy_count[XFRM_POLICY_MAX * 2];
        struct work_struct      policy_hash_work;
+        struct xfrm_policy_hthresh policy_hthresh;
        struct sock             *nlsk;
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 721e9c3b11bd..dc4865e90fe4 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1591,6 +1591,7 @@ struct xfrm_policy *xfrm_policy_bysel_ctx(struct net *net, u32 mark,
 struct xfrm_policy *xfrm_policy_byid(struct net *net, u32 mark, u8, int dir,
                                     u32 id, int delete, int *err);
 int xfrm_policy_flush(struct net *net, u8 type, bool task_valid);
+void xfrm_policy_hash_rebuild(struct net *net);
 u32 xfrm_get_acqseq(void);
 int verify_spi_info(u8 proto, u32 min, u32 max);
 int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
author	David S. Miller <davem@davemloft.net>	2014-09-28 17:19:15 -0400
committer	David S. Miller <davem@davemloft.net>	2014-09-28 17:19:15 -0400
commit	f5c7e1a47aeca2b31106aa94e7f4daa218e6c478 (patch)
tree	a5a0ed3429f83d7404dc4d8fe19ac060d6ddb307 /include/net
parent	fe2c5fb1ef24e97b7cf96e24200bbe503286cb95 (diff)
parent	689f1c9de2abbd76fda224d12cea5f43568a4335 (diff)