netns xfrm: per-netns sysctls

Make net.core.xfrm_aevent_etime net.core.xfrm_acq_expires net.core.xfrm_aevent_rseqth net.core.xfrm_larval_drop sysctls per-netns. For that make net_core_path[] global, register it to prevent two /proc/net/core antries and change initcall position -- xfrm_init() is called from fs_initcall, so this one should be fs_initcall at least. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Alexey Dobriyan <adobriyan@gmail.com> 2008-11-25 21:00:48 -0500
committer: David S. Miller <davem@davemloft.net> 2008-11-25 21:00:48 -0500
commit: b27aeadb5948d400df83db4d29590fb9862ba49d (patch)
tree: f76cc43150164facbb890e4d5c619a99fe6ce303 /net/xfrm
parent: c68cd1a01ba56995d85a4a62b195b2b3f6415c64 (diff)
5 files changed, 100 insertions, 19 deletions
diff --git a/net/xfrm/Makefile b/net/xfrm/Makefile
index 0f439a72ccab..c631047e1b27 100644
--- a/net/xfrm/Makefile
+++ b/net/xfrm/Makefile
@@ -3,8 +3,8 @@
 #
 obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \
-                      xfrm_input.o xfrm_output.o xfrm_algo.o
+                      xfrm_input.o xfrm_output.o xfrm_algo.o \
+                      xfrm_sysctl.o
 obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o
 obj-$(CONFIG_XFRM_USER) += xfrm_user.o
 obj-$(CONFIG_XFRM_IPCOMP) += xfrm_ipcomp.o
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 38822b34ba7d..393cc65dbfa4 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -34,8 +34,6 @@
 #include "xfrm_hash.h"
-int sysctl_xfrm_larval_drop __read_mostly = 1;
 DEFINE_MUTEX(xfrm_cfg_mutex);
 EXPORT_SYMBOL(xfrm_cfg_mutex);
@@ -1671,7 +1669,7 @@ restart:
                if (unlikely(nx<0)) {
                        err = nx;
-                        if (err == -EAGAIN && sysctl_xfrm_larval_drop) {
+                        if (err == -EAGAIN && net->xfrm.sysctl_larval_drop) {
                                /* EREMOTE tells the caller to generate
                                 * a one-shot blackhole route.
                                 */
@@ -2504,8 +2502,13 @@ static int __net_init xfrm_net_init(struct net *net)
        rv = xfrm_policy_init(net);
        if (rv < 0)
                goto out_policy;
+        rv = xfrm_sysctl_init(net);
+        if (rv < 0)
+                goto out_sysctl;
        return 0;
+out_sysctl:
+        xfrm_policy_fini(net);
 out_policy:
        xfrm_state_fini(net);
 out_state:
@@ -2516,6 +2519,7 @@ out_statistics:
 static void __net_exit xfrm_net_exit(struct net *net)
 {
+        xfrm_sysctl_fini(net);
        xfrm_policy_fini(net);
        xfrm_state_fini(net);
        xfrm_statistics_fini(net);
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 662e47b0bcc3..2fd57f8f77c1 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -24,14 +24,6 @@
 #include "xfrm_hash.h"
-u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
-EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
-u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
-EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
-u32 sysctl_xfrm_acq_expires __read_mostly = 30;
 /* Each xfrm_state may be linked to two tables:
   1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
@@ -851,8 +843,8 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
                                h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, family);
                                hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
                        }
-                        x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
+                        x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
-                        x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
+                        x->timer.expires = jiffies + net->xfrm.sysctl_acq_expires*HZ;
                        add_timer(&x->timer);
                        net->xfrm.state_num++;
                        xfrm_hash_grow_check(net, x->bydst.next != NULL);
@@ -1040,9 +1032,9 @@ static struct xfrm_state *__find_acq_core(struct net *net, unsigned short family
                x->props.family = family;
                x->props.mode = mode;
                x->props.reqid = reqid;
-                x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
+                x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
                xfrm_state_hold(x);
-                x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
+                x->timer.expires = jiffies + net->xfrm.sysctl_acq_expires*HZ;
                add_timer(&x->timer);
                list_add(&x->km.all, &net->xfrm.state_all);
                hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);
diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c
new file mode 100644
index 000000000000..2e6ffb66f06f
--- /dev/null
+++ b/net/xfrm/xfrm_sysctl.c
@@ -0,0 +1,85 @@
+#include <linux/sysctl.h>
+#include <net/net_namespace.h>
+#include <net/xfrm.h>
+static void __xfrm_sysctl_init(struct net *net)
+{
+        net->xfrm.sysctl_aevent_etime = XFRM_AE_ETIME;
+        net->xfrm.sysctl_aevent_rseqth = XFRM_AE_SEQT_SIZE;
+        net->xfrm.sysctl_larval_drop = 1;
+        net->xfrm.sysctl_acq_expires = 30;
+}
+#ifdef CONFIG_SYSCTL
+static struct ctl_table xfrm_table[] = {
+        {
+                .ctl_name       = NET_CORE_AEVENT_ETIME,
+                .procname       = "xfrm_aevent_etime",
+                .maxlen         = sizeof(u32),
+                .mode           = 0644,
+                .proc_handler   = proc_dointvec
+        },
+        {
+                .ctl_name       = NET_CORE_AEVENT_RSEQTH,
+                .procname       = "xfrm_aevent_rseqth",
+                .maxlen         = sizeof(u32),
+                .mode           = 0644,
+                .proc_handler   = proc_dointvec
+        },
+        {
+                .ctl_name       = CTL_UNNUMBERED,
+                .procname       = "xfrm_larval_drop",
+                .maxlen         = sizeof(int),
+                .mode           = 0644,
+                .proc_handler   = proc_dointvec
+        },
+        {
+                .ctl_name       = CTL_UNNUMBERED,
+                .procname       = "xfrm_acq_expires",
+                .maxlen         = sizeof(int),
+                .mode           = 0644,
+                .proc_handler   = proc_dointvec
+        },
+        {}
+};
+int __net_init xfrm_sysctl_init(struct net *net)
+{
+        struct ctl_table *table;
+        __xfrm_sysctl_init(net);
+        table = kmemdup(xfrm_table, sizeof(xfrm_table), GFP_KERNEL);
+        if (!table)
+                goto out_kmemdup;
+        table[0].data = &net->xfrm.sysctl_aevent_etime;
+        table[1].data = &net->xfrm.sysctl_aevent_rseqth;
+        table[2].data = &net->xfrm.sysctl_larval_drop;
+        table[3].data = &net->xfrm.sysctl_acq_expires;
+        net->xfrm.sysctl_hdr = register_net_sysctl_table(net, net_core_path, table);
+        if (!net->xfrm.sysctl_hdr)
+                goto out_register;
+        return 0;
+out_register:
+        kfree(table);
+out_kmemdup:
+        return -ENOMEM;
+}
+void xfrm_sysctl_fini(struct net *net)
+{
+        struct ctl_table *table;
+        table = net->xfrm.sysctl_hdr->ctl_table_arg;
+        unregister_net_sysctl_table(net->xfrm.sysctl_hdr);
+        kfree(table);
+}
+#else
+int __net_init xfrm_sysctl_init(struct net *net)
+{
+        __xfrm_sysctl_init(net);
+        return 0;
+}
+#endif
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index b7240d5b77ad..38ffaf33312e 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -368,9 +368,9 @@ static struct xfrm_state *xfrm_state_construct(struct net *net,
                goto error;
        x->km.seq = p->seq;
-        x->replay_maxdiff = sysctl_xfrm_aevent_rseqth;
+        x->replay_maxdiff = net->xfrm.sysctl_aevent_rseqth;
        /* sysctl_xfrm_aevent_etime is in 100ms units */
-        x->replay_maxage = (sysctl_xfrm_aevent_etime*HZ)/XFRM_AE_ETH_M;
+        x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M;
        x->preplay.bitmap = 0;
        x->preplay.seq = x->replay.seq+x->replay_maxdiff;
        x->preplay.oseq = x->replay.oseq +x->replay_maxdiff;
author	Alexey Dobriyan <adobriyan@gmail.com>	2008-11-25 21:00:48 -0500
committer	David S. Miller <davem@davemloft.net>	2008-11-25 21:00:48 -0500
commit	b27aeadb5948d400df83db4d29590fb9862ba49d (patch)
tree	f76cc43150164facbb890e4d5c619a99fe6ce303 /net/xfrm
parent	c68cd1a01ba56995d85a4a62b195b2b3f6415c64 (diff)

diff --git a/net/xfrm/Makefile b/net/xfrm/Makefile index 0f439a72ccab..c631047e1b27 100644 --- a/net/xfrm/Makefile +++ b/net/xfrm/Makefile
@@ -3,8 +3,8 @@
3	#	3	#
4		4
5	obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \	5	obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \
6	xfrm_input.o xfrm_output.o xfrm_algo.o	6	xfrm_input.o xfrm_output.o xfrm_algo.o \
		7	xfrm_sysctl.o
7	obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o	8	obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o
8	obj-$(CONFIG_XFRM_USER) += xfrm_user.o	9	obj-$(CONFIG_XFRM_USER) += xfrm_user.o
9	obj-$(CONFIG_XFRM_IPCOMP) += xfrm_ipcomp.o	10	obj-$(CONFIG_XFRM_IPCOMP) += xfrm_ipcomp.o
10


diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 38822b34ba7d..393cc65dbfa4 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -34,8 +34,6 @@
34		34
35	#include "xfrm_hash.h"	35	#include "xfrm_hash.h"
36		36
37	int sysctl_xfrm_larval_drop __read_mostly = 1;
38
39	DEFINE_MUTEX(xfrm_cfg_mutex);	37	DEFINE_MUTEX(xfrm_cfg_mutex);
40	EXPORT_SYMBOL(xfrm_cfg_mutex);	38	EXPORT_SYMBOL(xfrm_cfg_mutex);
41		39
@@ -1671,7 +1669,7 @@ restart:
1671		1669
1672	if (unlikely(nx<0)) {	1670	if (unlikely(nx<0)) {
1673	err = nx;	1671	err = nx;
1674	if (err == -EAGAIN && sysctl_xfrm_larval_drop) {	1672	if (err == -EAGAIN && net->xfrm.sysctl_larval_drop) {
1675	/* EREMOTE tells the caller to generate	1673	/* EREMOTE tells the caller to generate
1676	* a one-shot blackhole route.	1674	* a one-shot blackhole route.
1677	*/	1675	*/
@@ -2504,8 +2502,13 @@ static int __net_init xfrm_net_init(struct net *net)
2504	rv = xfrm_policy_init(net);	2502	rv = xfrm_policy_init(net);
2505	if (rv < 0)	2503	if (rv < 0)
2506	goto out_policy;	2504	goto out_policy;
		2505	rv = xfrm_sysctl_init(net);
		2506	if (rv < 0)
		2507	goto out_sysctl;
2507	return 0;	2508	return 0;
2508		2509
		2510	out_sysctl:
		2511	xfrm_policy_fini(net);
2509	out_policy:	2512	out_policy:
2510	xfrm_state_fini(net);	2513	xfrm_state_fini(net);
2511	out_state:	2514	out_state:
@@ -2516,6 +2519,7 @@ out_statistics:
2516		2519
2517	static void __net_exit xfrm_net_exit(struct net *net)	2520	static void __net_exit xfrm_net_exit(struct net *net)
2518	{	2521	{
		2522	xfrm_sysctl_fini(net);
2519	xfrm_policy_fini(net);	2523	xfrm_policy_fini(net);
2520	xfrm_state_fini(net);	2524	xfrm_state_fini(net);
2521	xfrm_statistics_fini(net);	2525	xfrm_statistics_fini(net);


diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 662e47b0bcc3..2fd57f8f77c1 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c
@@ -24,14 +24,6 @@
24		24
25	#include "xfrm_hash.h"	25	#include "xfrm_hash.h"
26		26
27	u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
28	EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
29
30	u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
31	EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
32
33	u32 sysctl_xfrm_acq_expires __read_mostly = 30;
34
35	/* Each xfrm_state may be linked to two tables:	27	/* Each xfrm_state may be linked to two tables:
36		28
37	1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)	29	1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
@@ -851,8 +843,8 @@ xfrm_state_find(xfrm_address_t daddr, xfrm_address_t saddr,
851	h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, family);	843	h = xfrm_spi_hash(net, &x->id.daddr, x->id.spi, x->id.proto, family);
852	hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);	844	hlist_add_head(&x->byspi, net->xfrm.state_byspi+h);
853	}	845	}
854	x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;	846	x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
855	x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;	847	x->timer.expires = jiffies + net->xfrm.sysctl_acq_expires*HZ;
856	add_timer(&x->timer);	848	add_timer(&x->timer);
857	net->xfrm.state_num++;	849	net->xfrm.state_num++;
858	xfrm_hash_grow_check(net, x->bydst.next != NULL);	850	xfrm_hash_grow_check(net, x->bydst.next != NULL);
@@ -1040,9 +1032,9 @@ static struct xfrm_state __find_acq_core(struct net net, unsigned short family
1040	x->props.family = family;	1032	x->props.family = family;
1041	x->props.mode = mode;	1033	x->props.mode = mode;
1042	x->props.reqid = reqid;	1034	x->props.reqid = reqid;
1043	x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;	1035	x->lft.hard_add_expires_seconds = net->xfrm.sysctl_acq_expires;
1044	xfrm_state_hold(x);	1036	xfrm_state_hold(x);
1045	x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;	1037	x->timer.expires = jiffies + net->xfrm.sysctl_acq_expires*HZ;
1046	add_timer(&x->timer);	1038	add_timer(&x->timer);
1047	list_add(&x->km.all, &net->xfrm.state_all);	1039	list_add(&x->km.all, &net->xfrm.state_all);
1048	hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);	1040	hlist_add_head(&x->bydst, net->xfrm.state_bydst+h);


diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c new file mode 100644 index 000000000000..2e6ffb66f06f --- /dev/null +++ b/net/xfrm/xfrm_sysctl.c
@@ -0,0 +1,85 @@
		1	#include <linux/sysctl.h>
		2	#include <net/net_namespace.h>
		3	#include <net/xfrm.h>
		4
		5	static void __xfrm_sysctl_init(struct net *net)
		6	{
		7	net->xfrm.sysctl_aevent_etime = XFRM_AE_ETIME;
		8	net->xfrm.sysctl_aevent_rseqth = XFRM_AE_SEQT_SIZE;
		9	net->xfrm.sysctl_larval_drop = 1;
		10	net->xfrm.sysctl_acq_expires = 30;
		11	}
		12
		13	#ifdef CONFIG_SYSCTL
		14	static struct ctl_table xfrm_table[] = {
		15	{
		16	.ctl_name = NET_CORE_AEVENT_ETIME,
		17	.procname = "xfrm_aevent_etime",
		18	.maxlen = sizeof(u32),
		19	.mode = 0644,
		20	.proc_handler = proc_dointvec
		21	},
		22	{
		23	.ctl_name = NET_CORE_AEVENT_RSEQTH,
		24	.procname = "xfrm_aevent_rseqth",
		25	.maxlen = sizeof(u32),
		26	.mode = 0644,
		27	.proc_handler = proc_dointvec
		28	},
		29	{
		30	.ctl_name = CTL_UNNUMBERED,
		31	.procname = "xfrm_larval_drop",
		32	.maxlen = sizeof(int),
		33	.mode = 0644,
		34	.proc_handler = proc_dointvec
		35	},
		36	{
		37	.ctl_name = CTL_UNNUMBERED,
		38	.procname = "xfrm_acq_expires",
		39	.maxlen = sizeof(int),
		40	.mode = 0644,
		41	.proc_handler = proc_dointvec
		42	},
		43	{}
		44	};
		45
		46	int __net_init xfrm_sysctl_init(struct net *net)
		47	{
		48	struct ctl_table *table;
		49
		50	__xfrm_sysctl_init(net);
		51
		52	table = kmemdup(xfrm_table, sizeof(xfrm_table), GFP_KERNEL);
		53	if (!table)
		54	goto out_kmemdup;
		55	table[0].data = &net->xfrm.sysctl_aevent_etime;
		56	table[1].data = &net->xfrm.sysctl_aevent_rseqth;
		57	table[2].data = &net->xfrm.sysctl_larval_drop;
		58	table[3].data = &net->xfrm.sysctl_acq_expires;
		59
		60	net->xfrm.sysctl_hdr = register_net_sysctl_table(net, net_core_path, table);
		61	if (!net->xfrm.sysctl_hdr)
		62	goto out_register;
		63	return 0;
		64
		65	out_register:
		66	kfree(table);
		67	out_kmemdup:
		68	return -ENOMEM;
		69	}
		70
		71	void xfrm_sysctl_fini(struct net *net)
		72	{
		73	struct ctl_table *table;
		74
		75	table = net->xfrm.sysctl_hdr->ctl_table_arg;
		76	unregister_net_sysctl_table(net->xfrm.sysctl_hdr);
		77	kfree(table);
		78	}
		79	#else
		80	int __net_init xfrm_sysctl_init(struct net *net)
		81	{
		82	__xfrm_sysctl_init(net);
		83	return 0;
		84	}
		85	#endif


diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index b7240d5b77ad..38ffaf33312e 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c
@@ -368,9 +368,9 @@ static struct xfrm_state xfrm_state_construct(struct net net,
368	goto error;	368	goto error;
369		369
370	x->km.seq = p->seq;	370	x->km.seq = p->seq;
371	x->replay_maxdiff = sysctl_xfrm_aevent_rseqth;	371	x->replay_maxdiff = net->xfrm.sysctl_aevent_rseqth;
372	/* sysctl_xfrm_aevent_etime is in 100ms units */	372	/* sysctl_xfrm_aevent_etime is in 100ms units */
373	x->replay_maxage = (sysctl_xfrm_aevent_etime*HZ)/XFRM_AE_ETH_M;	373	x->replay_maxage = (net->xfrm.sysctl_aevent_etime*HZ)/XFRM_AE_ETH_M;
374	x->preplay.bitmap = 0;	374	x->preplay.bitmap = 0;
375	x->preplay.seq = x->replay.seq+x->replay_maxdiff;	375	x->preplay.seq = x->replay.seq+x->replay_maxdiff;
376	x->preplay.oseq = x->replay.oseq +x->replay_maxdiff;	376	x->preplay.oseq = x->replay.oseq +x->replay_maxdiff;