diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2010-01-25 01:47:53 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2010-01-25 01:47:53 -0500 |
| commit | d7c7544c3d5f59033d1bf3236bc7b289f5f26b75 (patch) | |
| tree | 1a3c9e7b6c0c9158ddb73faa05b07697c3493cf1 /net/xfrm/xfrm_policy.c | |
| parent | a40ccc6868943e74ec12f26a266ce1d0373b2b32 (diff) | |
netns xfrm: deal with dst entries in netns
GC is non-existent in netns, so after you hit GC threshold, no new
dst entries will be created until someone triggers cleanup in init_net.
Make xfrm4_dst_ops and xfrm6_dst_ops per-netns.
This is not done in a generic way, because it woule waste
(AF_MAX - 2) * sizeof(struct dst_ops) bytes per-netns.
Reorder GC threshold initialization so it'd be done before registering
XFRM policies.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_policy.c')
| -rw-r--r-- | net/xfrm/xfrm_policy.c | 59 |
1 files changed, 56 insertions, 3 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index d2c8cb57ee4c..0ecb16a9a883 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c | |||
| @@ -1309,15 +1309,28 @@ static inline int xfrm_get_tos(struct flowi *fl, int family) | |||
| 1309 | return tos; | 1309 | return tos; |
| 1310 | } | 1310 | } |
| 1311 | 1311 | ||
| 1312 | static inline struct xfrm_dst *xfrm_alloc_dst(int family) | 1312 | static inline struct xfrm_dst *xfrm_alloc_dst(struct net *net, int family) |
| 1313 | { | 1313 | { |
| 1314 | struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family); | 1314 | struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family); |
| 1315 | struct dst_ops *dst_ops; | ||
| 1315 | struct xfrm_dst *xdst; | 1316 | struct xfrm_dst *xdst; |
| 1316 | 1317 | ||
| 1317 | if (!afinfo) | 1318 | if (!afinfo) |
| 1318 | return ERR_PTR(-EINVAL); | 1319 | return ERR_PTR(-EINVAL); |
| 1319 | 1320 | ||
| 1320 | xdst = dst_alloc(afinfo->dst_ops) ?: ERR_PTR(-ENOBUFS); | 1321 | switch (family) { |
| 1322 | case AF_INET: | ||
| 1323 | dst_ops = &net->xfrm.xfrm4_dst_ops; | ||
| 1324 | break; | ||
| 1325 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
| 1326 | case AF_INET6: | ||
| 1327 | dst_ops = &net->xfrm.xfrm6_dst_ops; | ||
| 1328 | break; | ||
| 1329 | #endif | ||
| 1330 | default: | ||
| 1331 | BUG(); | ||
| 1332 | } | ||
| 1333 | xdst = dst_alloc(dst_ops) ?: ERR_PTR(-ENOBUFS); | ||
| 1321 | 1334 | ||
| 1322 | xfrm_policy_put_afinfo(afinfo); | 1335 | xfrm_policy_put_afinfo(afinfo); |
| 1323 | 1336 | ||
| @@ -1366,6 +1379,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy, | |||
| 1366 | struct flowi *fl, | 1379 | struct flowi *fl, |
| 1367 | struct dst_entry *dst) | 1380 | struct dst_entry *dst) |
| 1368 | { | 1381 | { |
| 1382 | struct net *net = xp_net(policy); | ||
| 1369 | unsigned long now = jiffies; | 1383 | unsigned long now = jiffies; |
| 1370 | struct net_device *dev; | 1384 | struct net_device *dev; |
| 1371 | struct dst_entry *dst_prev = NULL; | 1385 | struct dst_entry *dst_prev = NULL; |
| @@ -1389,7 +1403,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy, | |||
| 1389 | dst_hold(dst); | 1403 | dst_hold(dst); |
| 1390 | 1404 | ||
| 1391 | for (; i < nx; i++) { | 1405 | for (; i < nx; i++) { |
| 1392 | struct xfrm_dst *xdst = xfrm_alloc_dst(family); | 1406 | struct xfrm_dst *xdst = xfrm_alloc_dst(net, family); |
| 1393 | struct dst_entry *dst1 = &xdst->u.dst; | 1407 | struct dst_entry *dst1 = &xdst->u.dst; |
| 1394 | 1408 | ||
| 1395 | err = PTR_ERR(xdst); | 1409 | err = PTR_ERR(xdst); |
| @@ -2279,6 +2293,7 @@ EXPORT_SYMBOL(xfrm_bundle_ok); | |||
| 2279 | 2293 | ||
| 2280 | int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) | 2294 | int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) |
| 2281 | { | 2295 | { |
| 2296 | struct net *net; | ||
| 2282 | int err = 0; | 2297 | int err = 0; |
| 2283 | if (unlikely(afinfo == NULL)) | 2298 | if (unlikely(afinfo == NULL)) |
| 2284 | return -EINVAL; | 2299 | return -EINVAL; |
| @@ -2302,6 +2317,27 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) | |||
| 2302 | xfrm_policy_afinfo[afinfo->family] = afinfo; | 2317 | xfrm_policy_afinfo[afinfo->family] = afinfo; |
| 2303 | } | 2318 | } |
| 2304 | write_unlock_bh(&xfrm_policy_afinfo_lock); | 2319 | write_unlock_bh(&xfrm_policy_afinfo_lock); |
| 2320 | |||
| 2321 | rtnl_lock(); | ||
| 2322 | for_each_net(net) { | ||
| 2323 | struct dst_ops *xfrm_dst_ops; | ||
| 2324 | |||
| 2325 | switch (afinfo->family) { | ||
| 2326 | case AF_INET: | ||
| 2327 | xfrm_dst_ops = &net->xfrm.xfrm4_dst_ops; | ||
| 2328 | break; | ||
| 2329 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
| 2330 | case AF_INET6: | ||
| 2331 | xfrm_dst_ops = &net->xfrm.xfrm6_dst_ops; | ||
| 2332 | break; | ||
| 2333 | #endif | ||
| 2334 | default: | ||
| 2335 | BUG(); | ||
| 2336 | } | ||
| 2337 | *xfrm_dst_ops = *afinfo->dst_ops; | ||
| 2338 | } | ||
| 2339 | rtnl_unlock(); | ||
| 2340 | |||
| 2305 | return err; | 2341 | return err; |
| 2306 | } | 2342 | } |
| 2307 | EXPORT_SYMBOL(xfrm_policy_register_afinfo); | 2343 | EXPORT_SYMBOL(xfrm_policy_register_afinfo); |
| @@ -2332,6 +2368,22 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) | |||
| 2332 | } | 2368 | } |
| 2333 | EXPORT_SYMBOL(xfrm_policy_unregister_afinfo); | 2369 | EXPORT_SYMBOL(xfrm_policy_unregister_afinfo); |
| 2334 | 2370 | ||
| 2371 | static void __net_init xfrm_dst_ops_init(struct net *net) | ||
| 2372 | { | ||
| 2373 | struct xfrm_policy_afinfo *afinfo; | ||
| 2374 | |||
| 2375 | read_lock_bh(&xfrm_policy_afinfo_lock); | ||
| 2376 | afinfo = xfrm_policy_afinfo[AF_INET]; | ||
| 2377 | if (afinfo) | ||
| 2378 | net->xfrm.xfrm4_dst_ops = *afinfo->dst_ops; | ||
| 2379 | #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) | ||
| 2380 | afinfo = xfrm_policy_afinfo[AF_INET6]; | ||
| 2381 | if (afinfo) | ||
| 2382 | net->xfrm.xfrm6_dst_ops = *afinfo->dst_ops; | ||
| 2383 | #endif | ||
| 2384 | read_unlock_bh(&xfrm_policy_afinfo_lock); | ||
| 2385 | } | ||
| 2386 | |||
| 2335 | static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family) | 2387 | static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family) |
| 2336 | { | 2388 | { |
| 2337 | struct xfrm_policy_afinfo *afinfo; | 2389 | struct xfrm_policy_afinfo *afinfo; |
| @@ -2494,6 +2546,7 @@ static int __net_init xfrm_net_init(struct net *net) | |||
| 2494 | rv = xfrm_policy_init(net); | 2546 | rv = xfrm_policy_init(net); |
| 2495 | if (rv < 0) | 2547 | if (rv < 0) |
| 2496 | goto out_policy; | 2548 | goto out_policy; |
| 2549 | xfrm_dst_ops_init(net); | ||
| 2497 | rv = xfrm_sysctl_init(net); | 2550 | rv = xfrm_sysctl_init(net); |
| 2498 | if (rv < 0) | 2551 | if (rv < 0) |
| 2499 | goto out_sysctl; | 2552 | goto out_sysctl; |