diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2010-01-25 01:47:53 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-01-25 01:47:53 -0500 |
commit | d7c7544c3d5f59033d1bf3236bc7b289f5f26b75 (patch) | |
tree | 1a3c9e7b6c0c9158ddb73faa05b07697c3493cf1 /net/ipv4/xfrm4_policy.c | |
parent | a40ccc6868943e74ec12f26a266ce1d0373b2b32 (diff) |
netns xfrm: deal with dst entries in netns
GC is non-existent in netns, so after you hit GC threshold, no new
dst entries will be created until someone triggers cleanup in init_net.
Make xfrm4_dst_ops and xfrm6_dst_ops per-netns.
This is not done in a generic way, because it woule waste
(AF_MAX - 2) * sizeof(struct dst_ops) bytes per-netns.
Reorder GC threshold initialization so it'd be done before registering
XFRM policies.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/xfrm4_policy.c')
-rw-r--r-- | net/ipv4/xfrm4_policy.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 8c08a28d8f83..67107d63c1cd 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c | |||
@@ -15,7 +15,6 @@ | |||
15 | #include <net/xfrm.h> | 15 | #include <net/xfrm.h> |
16 | #include <net/ip.h> | 16 | #include <net/ip.h> |
17 | 17 | ||
18 | static struct dst_ops xfrm4_dst_ops; | ||
19 | static struct xfrm_policy_afinfo xfrm4_policy_afinfo; | 18 | static struct xfrm_policy_afinfo xfrm4_policy_afinfo; |
20 | 19 | ||
21 | static struct dst_entry *xfrm4_dst_lookup(struct net *net, int tos, | 20 | static struct dst_entry *xfrm4_dst_lookup(struct net *net, int tos, |
@@ -190,8 +189,10 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse) | |||
190 | 189 | ||
191 | static inline int xfrm4_garbage_collect(struct dst_ops *ops) | 190 | static inline int xfrm4_garbage_collect(struct dst_ops *ops) |
192 | { | 191 | { |
193 | xfrm4_policy_afinfo.garbage_collect(&init_net); | 192 | struct net *net = container_of(ops, struct net, xfrm.xfrm4_dst_ops); |
194 | return (atomic_read(&xfrm4_dst_ops.entries) > xfrm4_dst_ops.gc_thresh*2); | 193 | |
194 | xfrm4_policy_afinfo.garbage_collect(net); | ||
195 | return (atomic_read(&ops->entries) > ops->gc_thresh * 2); | ||
195 | } | 196 | } |
196 | 197 | ||
197 | static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu) | 198 | static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu) |
@@ -268,7 +269,7 @@ static struct xfrm_policy_afinfo xfrm4_policy_afinfo = { | |||
268 | static struct ctl_table xfrm4_policy_table[] = { | 269 | static struct ctl_table xfrm4_policy_table[] = { |
269 | { | 270 | { |
270 | .procname = "xfrm4_gc_thresh", | 271 | .procname = "xfrm4_gc_thresh", |
271 | .data = &xfrm4_dst_ops.gc_thresh, | 272 | .data = &init_net.xfrm.xfrm4_dst_ops.gc_thresh, |
272 | .maxlen = sizeof(int), | 273 | .maxlen = sizeof(int), |
273 | .mode = 0644, | 274 | .mode = 0644, |
274 | .proc_handler = proc_dointvec, | 275 | .proc_handler = proc_dointvec, |
@@ -295,8 +296,6 @@ static void __exit xfrm4_policy_fini(void) | |||
295 | 296 | ||
296 | void __init xfrm4_init(int rt_max_size) | 297 | void __init xfrm4_init(int rt_max_size) |
297 | { | 298 | { |
298 | xfrm4_state_init(); | ||
299 | xfrm4_policy_init(); | ||
300 | /* | 299 | /* |
301 | * Select a default value for the gc_thresh based on the main route | 300 | * Select a default value for the gc_thresh based on the main route |
302 | * table hash size. It seems to me the worst case scenario is when | 301 | * table hash size. It seems to me the worst case scenario is when |
@@ -308,6 +307,9 @@ void __init xfrm4_init(int rt_max_size) | |||
308 | * and start cleaning when were 1/2 full | 307 | * and start cleaning when were 1/2 full |
309 | */ | 308 | */ |
310 | xfrm4_dst_ops.gc_thresh = rt_max_size/2; | 309 | xfrm4_dst_ops.gc_thresh = rt_max_size/2; |
310 | |||
311 | xfrm4_state_init(); | ||
312 | xfrm4_policy_init(); | ||
311 | #ifdef CONFIG_SYSCTL | 313 | #ifdef CONFIG_SYSCTL |
312 | sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path, | 314 | sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path, |
313 | xfrm4_policy_table); | 315 | xfrm4_policy_table); |