diff options
-rw-r--r-- | include/net/xfrm.h | 1 | ||||
-rw-r--r-- | net/core/sysctl_net_core.c | 9 | ||||
-rw-r--r-- | net/xfrm/xfrm_state.c | 15 |
3 files changed, 18 insertions, 7 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 39ef925d39dd..90185e8b335e 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h | |||
@@ -237,7 +237,6 @@ extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo); | |||
237 | extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo); | 237 | extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo); |
238 | extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c); | 238 | extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c); |
239 | extern void km_state_notify(struct xfrm_state *x, struct km_event *c); | 239 | extern void km_state_notify(struct xfrm_state *x, struct km_event *c); |
240 | #define XFRM_ACQ_EXPIRES 30 | ||
241 | 240 | ||
242 | struct xfrm_tmpl; | 241 | struct xfrm_tmpl; |
243 | extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); | 242 | extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); |
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c index f34aca041a25..6d5ea9762040 100644 --- a/net/core/sysctl_net_core.c +++ b/net/core/sysctl_net_core.c | |||
@@ -25,6 +25,7 @@ extern int sysctl_core_destroy_delay; | |||
25 | extern u32 sysctl_xfrm_aevent_etime; | 25 | extern u32 sysctl_xfrm_aevent_etime; |
26 | extern u32 sysctl_xfrm_aevent_rseqth; | 26 | extern u32 sysctl_xfrm_aevent_rseqth; |
27 | extern int sysctl_xfrm_larval_drop; | 27 | extern int sysctl_xfrm_larval_drop; |
28 | extern u32 sysctl_xfrm_acq_expires; | ||
28 | #endif | 29 | #endif |
29 | 30 | ||
30 | ctl_table core_table[] = { | 31 | ctl_table core_table[] = { |
@@ -127,6 +128,14 @@ ctl_table core_table[] = { | |||
127 | .mode = 0644, | 128 | .mode = 0644, |
128 | .proc_handler = &proc_dointvec | 129 | .proc_handler = &proc_dointvec |
129 | }, | 130 | }, |
131 | { | ||
132 | .ctl_name = CTL_UNNUMBERED, | ||
133 | .procname = "xfrm_acq_expires", | ||
134 | .data = &sysctl_xfrm_acq_expires, | ||
135 | .maxlen = sizeof(int), | ||
136 | .mode = 0644, | ||
137 | .proc_handler = &proc_dointvec | ||
138 | }, | ||
130 | #endif /* CONFIG_XFRM */ | 139 | #endif /* CONFIG_XFRM */ |
131 | #endif /* CONFIG_NET */ | 140 | #endif /* CONFIG_NET */ |
132 | { | 141 | { |
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 9955ff4da0a2..372f06eb8bb7 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c | |||
@@ -21,18 +21,21 @@ | |||
21 | #include <linux/cache.h> | 21 | #include <linux/cache.h> |
22 | #include <asm/uaccess.h> | 22 | #include <asm/uaccess.h> |
23 | #include <linux/audit.h> | 23 | #include <linux/audit.h> |
24 | #include <linux/cache.h> | ||
24 | 25 | ||
25 | #include "xfrm_hash.h" | 26 | #include "xfrm_hash.h" |
26 | 27 | ||
27 | struct sock *xfrm_nl; | 28 | struct sock *xfrm_nl; |
28 | EXPORT_SYMBOL(xfrm_nl); | 29 | EXPORT_SYMBOL(xfrm_nl); |
29 | 30 | ||
30 | u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME; | 31 | u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME; |
31 | EXPORT_SYMBOL(sysctl_xfrm_aevent_etime); | 32 | EXPORT_SYMBOL(sysctl_xfrm_aevent_etime); |
32 | 33 | ||
33 | u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE; | 34 | u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE; |
34 | EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth); | 35 | EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth); |
35 | 36 | ||
37 | u32 sysctl_xfrm_acq_expires __read_mostly = 30; | ||
38 | |||
36 | /* Each xfrm_state may be linked to two tables: | 39 | /* Each xfrm_state may be linked to two tables: |
37 | 40 | ||
38 | 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl) | 41 | 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl) |
@@ -622,8 +625,8 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr, | |||
622 | h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family); | 625 | h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family); |
623 | hlist_add_head(&x->byspi, xfrm_state_byspi+h); | 626 | hlist_add_head(&x->byspi, xfrm_state_byspi+h); |
624 | } | 627 | } |
625 | x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES; | 628 | x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires; |
626 | x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ; | 629 | x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ; |
627 | add_timer(&x->timer); | 630 | add_timer(&x->timer); |
628 | xfrm_state_num++; | 631 | xfrm_state_num++; |
629 | xfrm_hash_grow_check(x->bydst.next != NULL); | 632 | xfrm_hash_grow_check(x->bydst.next != NULL); |
@@ -772,9 +775,9 @@ static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 re | |||
772 | x->props.family = family; | 775 | x->props.family = family; |
773 | x->props.mode = mode; | 776 | x->props.mode = mode; |
774 | x->props.reqid = reqid; | 777 | x->props.reqid = reqid; |
775 | x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES; | 778 | x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires; |
776 | xfrm_state_hold(x); | 779 | xfrm_state_hold(x); |
777 | x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ; | 780 | x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ; |
778 | add_timer(&x->timer); | 781 | add_timer(&x->timer); |
779 | hlist_add_head(&x->bydst, xfrm_state_bydst+h); | 782 | hlist_add_head(&x->bydst, xfrm_state_bydst+h); |
780 | h = xfrm_src_hash(daddr, saddr, family); | 783 | h = xfrm_src_hash(daddr, saddr, family); |