aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/net/xfrm.h1
-rw-r--r--net/core/sysctl_net_core.c9
-rw-r--r--net/xfrm/xfrm_state.c15
3 files changed, 18 insertions, 7 deletions
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 39ef925d39dd..90185e8b335e 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -237,7 +237,6 @@ extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
237extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo); 237extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo);
238extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c); 238extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c);
239extern void km_state_notify(struct xfrm_state *x, struct km_event *c); 239extern void km_state_notify(struct xfrm_state *x, struct km_event *c);
240#define XFRM_ACQ_EXPIRES 30
241 240
242struct xfrm_tmpl; 241struct xfrm_tmpl;
243extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol); 242extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index f34aca041a25..6d5ea9762040 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -25,6 +25,7 @@ extern int sysctl_core_destroy_delay;
25extern u32 sysctl_xfrm_aevent_etime; 25extern u32 sysctl_xfrm_aevent_etime;
26extern u32 sysctl_xfrm_aevent_rseqth; 26extern u32 sysctl_xfrm_aevent_rseqth;
27extern int sysctl_xfrm_larval_drop; 27extern int sysctl_xfrm_larval_drop;
28extern u32 sysctl_xfrm_acq_expires;
28#endif 29#endif
29 30
30ctl_table core_table[] = { 31ctl_table core_table[] = {
@@ -127,6 +128,14 @@ ctl_table core_table[] = {
127 .mode = 0644, 128 .mode = 0644,
128 .proc_handler = &proc_dointvec 129 .proc_handler = &proc_dointvec
129 }, 130 },
131 {
132 .ctl_name = CTL_UNNUMBERED,
133 .procname = "xfrm_acq_expires",
134 .data = &sysctl_xfrm_acq_expires,
135 .maxlen = sizeof(int),
136 .mode = 0644,
137 .proc_handler = &proc_dointvec
138 },
130#endif /* CONFIG_XFRM */ 139#endif /* CONFIG_XFRM */
131#endif /* CONFIG_NET */ 140#endif /* CONFIG_NET */
132 { 141 {
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 9955ff4da0a2..372f06eb8bb7 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -21,18 +21,21 @@
21#include <linux/cache.h> 21#include <linux/cache.h>
22#include <asm/uaccess.h> 22#include <asm/uaccess.h>
23#include <linux/audit.h> 23#include <linux/audit.h>
24#include <linux/cache.h>
24 25
25#include "xfrm_hash.h" 26#include "xfrm_hash.h"
26 27
27struct sock *xfrm_nl; 28struct sock *xfrm_nl;
28EXPORT_SYMBOL(xfrm_nl); 29EXPORT_SYMBOL(xfrm_nl);
29 30
30u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME; 31u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
31EXPORT_SYMBOL(sysctl_xfrm_aevent_etime); 32EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
32 33
33u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE; 34u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
34EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth); 35EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
35 36
37u32 sysctl_xfrm_acq_expires __read_mostly = 30;
38
36/* Each xfrm_state may be linked to two tables: 39/* Each xfrm_state may be linked to two tables:
37 40
38 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl) 41 1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
@@ -622,8 +625,8 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
622 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family); 625 h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
623 hlist_add_head(&x->byspi, xfrm_state_byspi+h); 626 hlist_add_head(&x->byspi, xfrm_state_byspi+h);
624 } 627 }
625 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES; 628 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
626 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ; 629 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
627 add_timer(&x->timer); 630 add_timer(&x->timer);
628 xfrm_state_num++; 631 xfrm_state_num++;
629 xfrm_hash_grow_check(x->bydst.next != NULL); 632 xfrm_hash_grow_check(x->bydst.next != NULL);
@@ -772,9 +775,9 @@ static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 re
772 x->props.family = family; 775 x->props.family = family;
773 x->props.mode = mode; 776 x->props.mode = mode;
774 x->props.reqid = reqid; 777 x->props.reqid = reqid;
775 x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES; 778 x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
776 xfrm_state_hold(x); 779 xfrm_state_hold(x);
777 x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ; 780 x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
778 add_timer(&x->timer); 781 add_timer(&x->timer);
779 hlist_add_head(&x->bydst, xfrm_state_bydst+h); 782 hlist_add_head(&x->bydst, xfrm_state_bydst+h);
780 h = xfrm_src_hash(daddr, saddr, family); 783 h = xfrm_src_hash(daddr, saddr, family);