flowcache: Make flow cache name space aware

Inserting a entry into flowcache, or flushing flowcache should be based
on per net scope. The reason to do so is flushing operation from fat
netns crammed with flow entries will also making the slim netns with only
a few flow cache entries go away in original implementation.

Since flowcache is tightly coupled with IPsec, so it would be easier to
put flow cache global parameters into xfrm namespace part. And one last
thing needs to do is bumping flow cache genid, and flush flow cache should
also be made in per net style.

Signed-off-by: Fan Du <fan.du@windriver.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

1 files changed, 4 insertions, 3 deletions

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 4b98b25793c5..2232c6f26aff 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -661,7 +661,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl)
                 hlist_add_head(&policy->bydst, chain);
         xfrm_pol_hold(policy);
         net->xfrm.policy_count[dir]++;
-        atomic_inc(&flow_cache_genid);
+        atomic_inc(&net->xfrm.flow_cache_genid);
 
         /* After previous checking, family can either be AF_INET or AF_INET6 */
         if (policy->family == AF_INET)
@@ -2567,14 +2567,14 @@ static void __xfrm_garbage_collect(struct net *net)
 
 void xfrm_garbage_collect(struct net *net)
 {
-        flow_cache_flush();
+        flow_cache_flush(net);
         __xfrm_garbage_collect(net);
 }
 EXPORT_SYMBOL(xfrm_garbage_collect);
 
 static void xfrm_garbage_collect_deferred(struct net *net)
 {
-        flow_cache_flush_deferred();
+        flow_cache_flush_deferred(net);
         __xfrm_garbage_collect(net);
 }
 
@@ -2947,6 +2947,7 @@ static int __net_init xfrm_net_init(struct net *net)
         spin_lock_init(&net->xfrm.xfrm_policy_sk_bundle_lock);
         mutex_init(&net->xfrm.xfrm_cfg_mutex);
 
+        flow_cache_init(net);
         return 0;
 
 out_sysctl: