aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4/xfrm4_policy.c
diff options
context:
space:
mode:
authorNeil Horman <nhorman@tuxdriver.com>2009-07-30 21:52:15 -0400
committerDavid S. Miller <davem@davemloft.net>2009-07-30 21:52:15 -0400
commita33bc5c15154c835aae26f16e6a3a7d9ad4acb45 (patch)
treecf7683b1b2d2fd170bfc6650ea84a4b9a81eebbf /net/ipv4/xfrm4_policy.c
parent9aada7ac047f789ffb27540cc1695989897b2dfe (diff)
xfrm: select sane defaults for xfrm[4|6] gc_thresh
Choose saner defaults for xfrm[4|6] gc_thresh values on init Currently, the xfrm[4|6] code has hard-coded initial gc_thresh values (set to 1024). Given that the ipv4 and ipv6 routing caches are sized dynamically at boot time, the static selections can be non-sensical. This patch dynamically selects an appropriate gc threshold based on the corresponding main routing table size, using the assumption that we should in the worst case be able to handle as many connections as the routing table can. For ipv4, the maximum route cache size is 16 * the number of hash buckets in the route cache. Given that xfrm4 starts garbage collection at the gc_thresh and prevents new allocations at 2 * gc_thresh, we set gc_thresh to half the maximum route cache size. For ipv6, its a bit trickier. there is no maximum route cache size, but the ipv6 dst_ops gc_thresh is statically set to 1024. It seems sane to select a simmilar gc_thresh for the xfrm6 code that is half the number of hash buckets in the v6 route cache times 16 (like the v4 code does). Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/xfrm4_policy.c')
-rw-r--r--net/ipv4/xfrm4_policy.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 26496babdf3a..1ba44742ebbf 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -290,10 +290,21 @@ static void __exit xfrm4_policy_fini(void)
290 xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo); 290 xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo);
291} 291}
292 292
293void __init xfrm4_init(void) 293void __init xfrm4_init(int rt_max_size)
294{ 294{
295 xfrm4_state_init(); 295 xfrm4_state_init();
296 xfrm4_policy_init(); 296 xfrm4_policy_init();
297 /*
298 * Select a default value for the gc_thresh based on the main route
299 * table hash size. It seems to me the worst case scenario is when
300 * we have ipsec operating in transport mode, in which we create a
301 * dst_entry per socket. The xfrm gc algorithm starts trying to remove
302 * entries at gc_thresh, and prevents new allocations as 2*gc_thresh
303 * so lets set an initial xfrm gc_thresh value at the rt_max_size/2.
304 * That will let us store an ipsec connection per route table entry,
305 * and start cleaning when were 1/2 full
306 */
307 xfrm4_dst_ops.gc_thresh = rt_max_size/2;
297 sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path, 308 sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path,
298 xfrm4_policy_table); 309 xfrm4_policy_table);
299} 310}