xfrm: make gc_thresh configurable in all namespaces

The xfrm gc threshold can be configured via xfrm{4,6}_gc_thresh sysctl but currently only in init_net, other namespaces always use the default value. This can substantially limit the number of IPsec tunnels that can be effectively used. Signed-off-by: Michal Kubecek <mkubecek@suse.cz> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
author: Michal Kubecek <mkubecek@suse.cz> 2013-02-06 04:46:33 -0500
committer: Steffen Klassert <steffen.klassert@secunet.com> 2013-02-06 05:36:29 -0500
commit: 8d068875caca3b507ffa8a57d521483fd4eebcc7 (patch)
tree: 2c12e956ab40e55abbb803f4cf710f09e5d72b70 /net/ipv4/xfrm4_policy.c
parent: 1f53c808502f1472bfc5829e6dd80317c7198a4a (diff)
1 files changed, 46 insertions, 3 deletions
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 0e28383c096f..9a459be24af7 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -262,7 +262,51 @@ static struct ctl_table xfrm4_policy_table[] = {
        { }
 };
-static struct ctl_table_header *sysctl_hdr;
+static int __net_init xfrm4_net_init(struct net *net)
+{
+        struct ctl_table *table;
+        struct ctl_table_header *hdr;
+        table = xfrm4_policy_table;
+        if (!net_eq(net, &init_net)) {
+                table = kmemdup(table, sizeof(xfrm4_policy_table), GFP_KERNEL);
+                if (!table)
+                        goto err_alloc;
+                table[0].data = &net->xfrm.xfrm4_dst_ops.gc_thresh;
+        }
+        hdr = register_net_sysctl(net, "net/ipv4", table);
+        if (!hdr)
+                goto err_reg;
+        net->ipv4.xfrm4_hdr = hdr;
+        return 0;
+err_reg:
+        if (!net_eq(net, &init_net))
+                kfree(table);
+err_alloc:
+        return -ENOMEM;
+}
+static void __net_exit xfrm4_net_exit(struct net *net)
+{
+        struct ctl_table *table;
+        if (net->ipv4.xfrm4_hdr == NULL)
+                return;
+        table = net->ipv4.xfrm4_hdr->ctl_table_arg;
+        unregister_net_sysctl_table(net->ipv4.xfrm4_hdr);
+        if (!net_eq(net, &init_net))
+                kfree(table);
+}
+static struct pernet_operations __net_initdata xfrm4_net_ops = {
+        .init   = xfrm4_net_init,
+        .exit   = xfrm4_net_exit,
+};
 #endif
 static void __init xfrm4_policy_init(void)
@@ -277,8 +321,7 @@ void __init xfrm4_init(void)
        xfrm4_state_init();
        xfrm4_policy_init();
 #ifdef CONFIG_SYSCTL
-        sysctl_hdr = register_net_sysctl(&init_net, "net/ipv4",
+        register_pernet_subsys(&xfrm4_net_ops);
-                                         xfrm4_policy_table);
 #endif
 }
author	Michal Kubecek <mkubecek@suse.cz>	2013-02-06 04:46:33 -0500
committer	Steffen Klassert <steffen.klassert@secunet.com>	2013-02-06 05:36:29 -0500
commit	8d068875caca3b507ffa8a57d521483fd4eebcc7 (patch)
tree	2c12e956ab40e55abbb803f4cf710f09e5d72b70 /net/ipv4/xfrm4_policy.c
parent	1f53c808502f1472bfc5829e6dd80317c7198a4a (diff)

diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 0e28383c096f..9a459be24af7 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c
@@ -262,7 +262,51 @@ static struct ctl_table xfrm4_policy_table[] = {
262	{ }	262	{ }
263	};	263	};
264		264
265	static struct ctl_table_header *sysctl_hdr;	265	static int __net_init xfrm4_net_init(struct net *net)
		266	{
		267	struct ctl_table *table;
		268	struct ctl_table_header *hdr;
		269
		270	table = xfrm4_policy_table;
		271	if (!net_eq(net, &init_net)) {
		272	table = kmemdup(table, sizeof(xfrm4_policy_table), GFP_KERNEL);
		273	if (!table)
		274	goto err_alloc;
		275
		276	table[0].data = &net->xfrm.xfrm4_dst_ops.gc_thresh;
		277	}
		278
		279	hdr = register_net_sysctl(net, "net/ipv4", table);
		280	if (!hdr)
		281	goto err_reg;
		282
		283	net->ipv4.xfrm4_hdr = hdr;
		284	return 0;
		285
		286	err_reg:
		287	if (!net_eq(net, &init_net))
		288	kfree(table);
		289	err_alloc:
		290	return -ENOMEM;
		291	}
		292
		293	static void __net_exit xfrm4_net_exit(struct net *net)
		294	{
		295	struct ctl_table *table;
		296
		297	if (net->ipv4.xfrm4_hdr == NULL)
		298	return;
		299
		300	table = net->ipv4.xfrm4_hdr->ctl_table_arg;
		301	unregister_net_sysctl_table(net->ipv4.xfrm4_hdr);
		302	if (!net_eq(net, &init_net))
		303	kfree(table);
		304	}
		305
		306	static struct pernet_operations __net_initdata xfrm4_net_ops = {
		307	.init = xfrm4_net_init,
		308	.exit = xfrm4_net_exit,
		309	};
266	#endif	310	#endif
267		311
268	static void __init xfrm4_policy_init(void)	312	static void __init xfrm4_policy_init(void)
@@ -277,8 +321,7 @@ void __init xfrm4_init(void)
277	xfrm4_state_init();	321	xfrm4_state_init();
278	xfrm4_policy_init();	322	xfrm4_policy_init();
279	#ifdef CONFIG_SYSCTL	323	#ifdef CONFIG_SYSCTL
280	sysctl_hdr = register_net_sysctl(&init_net, "net/ipv4",	324	register_pernet_subsys(&xfrm4_net_ops);
281	xfrm4_policy_table);
282	#endif	325	#endif
283	}	326	}
284		327