aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4/xfrm4_policy.c
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2010-01-25 01:47:53 -0500
committerDavid S. Miller <davem@davemloft.net>2010-01-25 01:47:53 -0500
commitd7c7544c3d5f59033d1bf3236bc7b289f5f26b75 (patch)
tree1a3c9e7b6c0c9158ddb73faa05b07697c3493cf1 /net/ipv4/xfrm4_policy.c
parenta40ccc6868943e74ec12f26a266ce1d0373b2b32 (diff)
netns xfrm: deal with dst entries in netns
GC is non-existent in netns, so after you hit GC threshold, no new dst entries will be created until someone triggers cleanup in init_net. Make xfrm4_dst_ops and xfrm6_dst_ops per-netns. This is not done in a generic way, because it woule waste (AF_MAX - 2) * sizeof(struct dst_ops) bytes per-netns. Reorder GC threshold initialization so it'd be done before registering XFRM policies. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/xfrm4_policy.c')
-rw-r--r--net/ipv4/xfrm4_policy.c14
1 files changed, 8 insertions, 6 deletions
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 8c08a28d8f83..67107d63c1cd 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -15,7 +15,6 @@
15#include <net/xfrm.h> 15#include <net/xfrm.h>
16#include <net/ip.h> 16#include <net/ip.h>
17 17
18static struct dst_ops xfrm4_dst_ops;
19static struct xfrm_policy_afinfo xfrm4_policy_afinfo; 18static struct xfrm_policy_afinfo xfrm4_policy_afinfo;
20 19
21static struct dst_entry *xfrm4_dst_lookup(struct net *net, int tos, 20static struct dst_entry *xfrm4_dst_lookup(struct net *net, int tos,
@@ -190,8 +189,10 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
190 189
191static inline int xfrm4_garbage_collect(struct dst_ops *ops) 190static inline int xfrm4_garbage_collect(struct dst_ops *ops)
192{ 191{
193 xfrm4_policy_afinfo.garbage_collect(&init_net); 192 struct net *net = container_of(ops, struct net, xfrm.xfrm4_dst_ops);
194 return (atomic_read(&xfrm4_dst_ops.entries) > xfrm4_dst_ops.gc_thresh*2); 193
194 xfrm4_policy_afinfo.garbage_collect(net);
195 return (atomic_read(&ops->entries) > ops->gc_thresh * 2);
195} 196}
196 197
197static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu) 198static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu)
@@ -268,7 +269,7 @@ static struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
268static struct ctl_table xfrm4_policy_table[] = { 269static struct ctl_table xfrm4_policy_table[] = {
269 { 270 {
270 .procname = "xfrm4_gc_thresh", 271 .procname = "xfrm4_gc_thresh",
271 .data = &xfrm4_dst_ops.gc_thresh, 272 .data = &init_net.xfrm.xfrm4_dst_ops.gc_thresh,
272 .maxlen = sizeof(int), 273 .maxlen = sizeof(int),
273 .mode = 0644, 274 .mode = 0644,
274 .proc_handler = proc_dointvec, 275 .proc_handler = proc_dointvec,
@@ -295,8 +296,6 @@ static void __exit xfrm4_policy_fini(void)
295 296
296void __init xfrm4_init(int rt_max_size) 297void __init xfrm4_init(int rt_max_size)
297{ 298{
298 xfrm4_state_init();
299 xfrm4_policy_init();
300 /* 299 /*
301 * Select a default value for the gc_thresh based on the main route 300 * Select a default value for the gc_thresh based on the main route
302 * table hash size. It seems to me the worst case scenario is when 301 * table hash size. It seems to me the worst case scenario is when
@@ -308,6 +307,9 @@ void __init xfrm4_init(int rt_max_size)
308 * and start cleaning when were 1/2 full 307 * and start cleaning when were 1/2 full
309 */ 308 */
310 xfrm4_dst_ops.gc_thresh = rt_max_size/2; 309 xfrm4_dst_ops.gc_thresh = rt_max_size/2;
310
311 xfrm4_state_init();
312 xfrm4_policy_init();
311#ifdef CONFIG_SYSCTL 313#ifdef CONFIG_SYSCTL
312 sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path, 314 sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path,
313 xfrm4_policy_table); 315 xfrm4_policy_table);