diff options
author | Neil Horman <nhorman@tuxdriver.com> | 2009-07-30 21:52:15 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2009-07-30 21:52:15 -0400 |
commit | a33bc5c15154c835aae26f16e6a3a7d9ad4acb45 (patch) | |
tree | cf7683b1b2d2fd170bfc6650ea84a4b9a81eebbf /net/ipv4/xfrm4_policy.c | |
parent | 9aada7ac047f789ffb27540cc1695989897b2dfe (diff) |
xfrm: select sane defaults for xfrm[4|6] gc_thresh
Choose saner defaults for xfrm[4|6] gc_thresh values on init
Currently, the xfrm[4|6] code has hard-coded initial gc_thresh values
(set to 1024). Given that the ipv4 and ipv6 routing caches are sized
dynamically at boot time, the static selections can be non-sensical.
This patch dynamically selects an appropriate gc threshold based on
the corresponding main routing table size, using the assumption that
we should in the worst case be able to handle as many connections as
the routing table can.
For ipv4, the maximum route cache size is 16 * the number of hash
buckets in the route cache. Given that xfrm4 starts garbage
collection at the gc_thresh and prevents new allocations at 2 *
gc_thresh, we set gc_thresh to half the maximum route cache size.
For ipv6, its a bit trickier. there is no maximum route cache size,
but the ipv6 dst_ops gc_thresh is statically set to 1024. It seems
sane to select a simmilar gc_thresh for the xfrm6 code that is half
the number of hash buckets in the v6 route cache times 16 (like the v4
code does).
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/xfrm4_policy.c')
-rw-r--r-- | net/ipv4/xfrm4_policy.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 26496babdf3a..1ba44742ebbf 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c | |||
@@ -290,10 +290,21 @@ static void __exit xfrm4_policy_fini(void) | |||
290 | xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo); | 290 | xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo); |
291 | } | 291 | } |
292 | 292 | ||
293 | void __init xfrm4_init(void) | 293 | void __init xfrm4_init(int rt_max_size) |
294 | { | 294 | { |
295 | xfrm4_state_init(); | 295 | xfrm4_state_init(); |
296 | xfrm4_policy_init(); | 296 | xfrm4_policy_init(); |
297 | /* | ||
298 | * Select a default value for the gc_thresh based on the main route | ||
299 | * table hash size. It seems to me the worst case scenario is when | ||
300 | * we have ipsec operating in transport mode, in which we create a | ||
301 | * dst_entry per socket. The xfrm gc algorithm starts trying to remove | ||
302 | * entries at gc_thresh, and prevents new allocations as 2*gc_thresh | ||
303 | * so lets set an initial xfrm gc_thresh value at the rt_max_size/2. | ||
304 | * That will let us store an ipsec connection per route table entry, | ||
305 | * and start cleaning when were 1/2 full | ||
306 | */ | ||
307 | xfrm4_dst_ops.gc_thresh = rt_max_size/2; | ||
297 | sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path, | 308 | sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path, |
298 | xfrm4_policy_table); | 309 | xfrm4_policy_table); |
299 | } | 310 | } |