netns xfrm: per-netns sysctls

Make
	net.core.xfrm_aevent_etime
	net.core.xfrm_acq_expires
	net.core.xfrm_aevent_rseqth
	net.core.xfrm_larval_drop

sysctls per-netns.

For that make net_core_path[] global, register it to prevent two
/proc/net/core antries and change initcall position -- xfrm_init() is called
from fs_initcall, so this one should be fs_initcall at least.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 7 insertions, 3 deletions

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 38822b34ba7d..393cc65dbfa4 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -34,8 +34,6 @@
 
 #include "xfrm_hash.h"
 
-int sysctl_xfrm_larval_drop __read_mostly = 1;
-
 DEFINE_MUTEX(xfrm_cfg_mutex);
 EXPORT_SYMBOL(xfrm_cfg_mutex);
 
@@ -1671,7 +1669,7 @@ restart:
 
                 if (unlikely(nx<0)) {
                         err = nx;
-                        if (err == -EAGAIN && sysctl_xfrm_larval_drop) {
+                        if (err == -EAGAIN && net->xfrm.sysctl_larval_drop) {
                                 /* EREMOTE tells the caller to generate
                                  * a one-shot blackhole route.
                                  */
@@ -2504,8 +2502,13 @@ static int __net_init xfrm_net_init(struct net *net)
         rv = xfrm_policy_init(net);
         if (rv < 0)
                 goto out_policy;
+        rv = xfrm_sysctl_init(net);
+        if (rv < 0)
+                goto out_sysctl;
         return 0;
 
+out_sysctl:
+        xfrm_policy_fini(net);
 out_policy:
         xfrm_state_fini(net);
 out_state:
@@ -2516,6 +2519,7 @@ out_statistics:
 
 static void __net_exit xfrm_net_exit(struct net *net)
 {
+        xfrm_sysctl_fini(net);
         xfrm_policy_fini(net);
         xfrm_state_fini(net);
         xfrm_statistics_fini(net);