diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2010-01-25 01:47:53 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-01-25 01:47:53 -0500 |
commit | d7c7544c3d5f59033d1bf3236bc7b289f5f26b75 (patch) | |
tree | 1a3c9e7b6c0c9158ddb73faa05b07697c3493cf1 /net/ipv6/xfrm6_policy.c | |
parent | a40ccc6868943e74ec12f26a266ce1d0373b2b32 (diff) |
netns xfrm: deal with dst entries in netns
GC is non-existent in netns, so after you hit GC threshold, no new
dst entries will be created until someone triggers cleanup in init_net.
Make xfrm4_dst_ops and xfrm6_dst_ops per-netns.
This is not done in a generic way, because it woule waste
(AF_MAX - 2) * sizeof(struct dst_ops) bytes per-netns.
Reorder GC threshold initialization so it'd be done before registering
XFRM policies.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/xfrm6_policy.c')
-rw-r--r-- | net/ipv6/xfrm6_policy.c | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index 7254e3f899a7..dbdc696f5fc5 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c | |||
@@ -24,7 +24,6 @@ | |||
24 | #include <net/mip6.h> | 24 | #include <net/mip6.h> |
25 | #endif | 25 | #endif |
26 | 26 | ||
27 | static struct dst_ops xfrm6_dst_ops; | ||
28 | static struct xfrm_policy_afinfo xfrm6_policy_afinfo; | 27 | static struct xfrm_policy_afinfo xfrm6_policy_afinfo; |
29 | 28 | ||
30 | static struct dst_entry *xfrm6_dst_lookup(struct net *net, int tos, | 29 | static struct dst_entry *xfrm6_dst_lookup(struct net *net, int tos, |
@@ -224,8 +223,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse) | |||
224 | 223 | ||
225 | static inline int xfrm6_garbage_collect(struct dst_ops *ops) | 224 | static inline int xfrm6_garbage_collect(struct dst_ops *ops) |
226 | { | 225 | { |
227 | xfrm6_policy_afinfo.garbage_collect(&init_net); | 226 | struct net *net = container_of(ops, struct net, xfrm.xfrm6_dst_ops); |
228 | return (atomic_read(&xfrm6_dst_ops.entries) > xfrm6_dst_ops.gc_thresh*2); | 227 | |
228 | xfrm6_policy_afinfo.garbage_collect(net); | ||
229 | return (atomic_read(&ops->entries) > ops->gc_thresh * 2); | ||
229 | } | 230 | } |
230 | 231 | ||
231 | static void xfrm6_update_pmtu(struct dst_entry *dst, u32 mtu) | 232 | static void xfrm6_update_pmtu(struct dst_entry *dst, u32 mtu) |
@@ -310,7 +311,7 @@ static void xfrm6_policy_fini(void) | |||
310 | static struct ctl_table xfrm6_policy_table[] = { | 311 | static struct ctl_table xfrm6_policy_table[] = { |
311 | { | 312 | { |
312 | .procname = "xfrm6_gc_thresh", | 313 | .procname = "xfrm6_gc_thresh", |
313 | .data = &xfrm6_dst_ops.gc_thresh, | 314 | .data = &init_net.xfrm.xfrm6_dst_ops.gc_thresh, |
314 | .maxlen = sizeof(int), | 315 | .maxlen = sizeof(int), |
315 | .mode = 0644, | 316 | .mode = 0644, |
316 | .proc_handler = proc_dointvec, | 317 | .proc_handler = proc_dointvec, |
@@ -326,13 +327,6 @@ int __init xfrm6_init(void) | |||
326 | int ret; | 327 | int ret; |
327 | unsigned int gc_thresh; | 328 | unsigned int gc_thresh; |
328 | 329 | ||
329 | ret = xfrm6_policy_init(); | ||
330 | if (ret) | ||
331 | goto out; | ||
332 | |||
333 | ret = xfrm6_state_init(); | ||
334 | if (ret) | ||
335 | goto out_policy; | ||
336 | /* | 330 | /* |
337 | * We need a good default value for the xfrm6 gc threshold. | 331 | * We need a good default value for the xfrm6 gc threshold. |
338 | * In ipv4 we set it to the route hash table size * 8, which | 332 | * In ipv4 we set it to the route hash table size * 8, which |
@@ -346,6 +340,15 @@ int __init xfrm6_init(void) | |||
346 | */ | 340 | */ |
347 | gc_thresh = FIB6_TABLE_HASHSZ * 8; | 341 | gc_thresh = FIB6_TABLE_HASHSZ * 8; |
348 | xfrm6_dst_ops.gc_thresh = (gc_thresh < 1024) ? 1024 : gc_thresh; | 342 | xfrm6_dst_ops.gc_thresh = (gc_thresh < 1024) ? 1024 : gc_thresh; |
343 | |||
344 | ret = xfrm6_policy_init(); | ||
345 | if (ret) | ||
346 | goto out; | ||
347 | |||
348 | ret = xfrm6_state_init(); | ||
349 | if (ret) | ||
350 | goto out_policy; | ||
351 | |||
349 | #ifdef CONFIG_SYSCTL | 352 | #ifdef CONFIG_SYSCTL |
350 | sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv6_ctl_path, | 353 | sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv6_ctl_path, |
351 | xfrm6_policy_table); | 354 | xfrm6_policy_table); |