diff options
author | Jamal Hadi Salim <hadi@cyberus.ca> | 2007-04-26 03:10:29 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-04-26 03:10:29 -0400 |
commit | 28d8909bc790d936ce33f4402adf7577533bbd4b (patch) | |
tree | 8de479d6660aba23bc99fa555c150852548df58d /include | |
parent | 98486fa2f4894e2b01e325c659635596bdec1614 (diff) |
[XFRM]: Export SAD info.
On a system with a lot of SAs, counting SAD entries chews useful
CPU time since you need to dump the whole SAD to user space;
i.e something like ip xfrm state ls | grep -i src | wc -l
I have seen taking literally minutes on a 40K SAs when the system
is swapping.
With this patch, some of the SAD info (that was already being tracked)
is exposed to user space. i.e you do:
ip xfrm state count
And you get the count; you can also pass -s to the command line and
get the hash info.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/xfrm.h | 25 | ||||
-rw-r--r-- | include/net/xfrm.h | 8 |
2 files changed, 33 insertions, 0 deletions
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h index 15ca89e9961b..9c656a5cf842 100644 --- a/include/linux/xfrm.h +++ b/include/linux/xfrm.h | |||
@@ -181,6 +181,10 @@ enum { | |||
181 | XFRM_MSG_MIGRATE, | 181 | XFRM_MSG_MIGRATE, |
182 | #define XFRM_MSG_MIGRATE XFRM_MSG_MIGRATE | 182 | #define XFRM_MSG_MIGRATE XFRM_MSG_MIGRATE |
183 | 183 | ||
184 | XFRM_MSG_NEWSADINFO, | ||
185 | #define XFRM_MSG_NEWSADINFO XFRM_MSG_NEWSADINFO | ||
186 | XFRM_MSG_GETSADINFO, | ||
187 | #define XFRM_MSG_GETSADINFO XFRM_MSG_GETSADINFO | ||
184 | __XFRM_MSG_MAX | 188 | __XFRM_MSG_MAX |
185 | }; | 189 | }; |
186 | #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) | 190 | #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1) |
@@ -234,6 +238,17 @@ enum xfrm_ae_ftype_t { | |||
234 | #define XFRM_AE_MAX (__XFRM_AE_MAX - 1) | 238 | #define XFRM_AE_MAX (__XFRM_AE_MAX - 1) |
235 | }; | 239 | }; |
236 | 240 | ||
241 | /* SAD Table filter flags */ | ||
242 | enum xfrm_sad_ftype_t { | ||
243 | XFRM_SAD_UNSPEC, | ||
244 | XFRM_SAD_HMASK=1, | ||
245 | XFRM_SAD_HMAX=2, | ||
246 | XFRM_SAD_CNT=4, | ||
247 | __XFRM_SAD_MAX | ||
248 | |||
249 | #define XFRM_SAD_MAX (__XFRM_SAD_MAX - 1) | ||
250 | }; | ||
251 | |||
237 | struct xfrm_userpolicy_type { | 252 | struct xfrm_userpolicy_type { |
238 | __u8 type; | 253 | __u8 type; |
239 | __u16 reserved1; | 254 | __u16 reserved1; |
@@ -265,6 +280,16 @@ enum xfrm_attr_type_t { | |||
265 | #define XFRMA_MAX (__XFRMA_MAX - 1) | 280 | #define XFRMA_MAX (__XFRMA_MAX - 1) |
266 | }; | 281 | }; |
267 | 282 | ||
283 | enum xfrm_sadattr_type_t { | ||
284 | XFRMA_SAD_UNSPEC, | ||
285 | XFRMA_SADHMASK, | ||
286 | XFRMA_SADHMAX, | ||
287 | XFRMA_SADCNT, | ||
288 | __XFRMA_SAD_MAX | ||
289 | |||
290 | #define XFRMA_SAD_MAX (__XFRMA_SAD_MAX - 1) | ||
291 | }; | ||
292 | |||
268 | struct xfrm_usersa_info { | 293 | struct xfrm_usersa_info { |
269 | struct xfrm_selector sel; | 294 | struct xfrm_selector sel; |
270 | struct xfrm_id id; | 295 | struct xfrm_id id; |
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index e144a25814bd..8287081d77f2 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -416,6 +416,13 @@ struct xfrm_audit | |||
416 | u32 secid; | 416 | u32 secid; |
417 | }; | 417 | }; |
418 | 418 | ||
419 | /* SAD metadata, add more later */ | ||
420 | struct xfrm_sadinfo | ||
421 | { | ||
422 | u32 sadhcnt; /* current hash bkts */ | ||
423 | u32 sadhmcnt; /* max allowed hash bkts */ | ||
424 | u32 sadcnt; /* current running count */ | ||
425 | }; | ||
419 | #ifdef CONFIG_AUDITSYSCALL | 426 | #ifdef CONFIG_AUDITSYSCALL |
420 | extern void xfrm_audit_log(uid_t auid, u32 secid, int type, int result, | 427 | extern void xfrm_audit_log(uid_t auid, u32 secid, int type, int result, |
421 | struct xfrm_policy *xp, struct xfrm_state *x); | 428 | struct xfrm_policy *xp, struct xfrm_state *x); |
@@ -938,6 +945,7 @@ static inline int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **s | |||
938 | extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq); | 945 | extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq); |
939 | extern int xfrm_state_delete(struct xfrm_state *x); | 946 | extern int xfrm_state_delete(struct xfrm_state *x); |
940 | extern void xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info); | 947 | extern void xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info); |
948 | extern void xfrm_sad_getinfo(struct xfrm_sadinfo *si); | ||
941 | extern int xfrm_replay_check(struct xfrm_state *x, __be32 seq); | 949 | extern int xfrm_replay_check(struct xfrm_state *x, __be32 seq); |
942 | extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq); | 950 | extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq); |
943 | extern void xfrm_replay_notify(struct xfrm_state *x, int event); | 951 | extern void xfrm_replay_notify(struct xfrm_state *x, int event); |