4 files changed, 84 insertions, 20 deletions
diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h
index 56f8e5585df7..74f119a2829a 100644
--- a/include/net/netns/xfrm.h
+++ b/include/net/netns/xfrm.h
@@ -5,6 +5,7 @@
 #include <linux/wait.h>
 #include <linux/workqueue.h>
 #include <linux/xfrm.h>
+#include <net/dst_ops.h>
 struct ctl_table_header;
@@ -42,6 +43,11 @@ struct netns_xfrm {
        unsigned int            policy_count[XFRM_POLICY_MAX * 2];
        struct work_struct      policy_hash_work;
+        struct dst_ops          xfrm4_dst_ops;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+        struct dst_ops          xfrm6_dst_ops;
+#endif
        struct sock             *nlsk;
        struct sock             *nlsk_stash;
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 8c08a28d8f83..67107d63c1cd 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -15,7 +15,6 @@
 #include <net/xfrm.h>
 #include <net/ip.h>
-static struct dst_ops xfrm4_dst_ops;
 static struct xfrm_policy_afinfo xfrm4_policy_afinfo;
 static struct dst_entry *xfrm4_dst_lookup(struct net *net, int tos,
@@ -190,8 +189,10 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
 static inline int xfrm4_garbage_collect(struct dst_ops *ops)
 {
-        xfrm4_policy_afinfo.garbage_collect(&init_net);
+        struct net *net = container_of(ops, struct net, xfrm.xfrm4_dst_ops);
-        return (atomic_read(&xfrm4_dst_ops.entries) > xfrm4_dst_ops.gc_thresh*2);
+        xfrm4_policy_afinfo.garbage_collect(net);
+        return (atomic_read(&ops->entries) > ops->gc_thresh * 2);
 }
 static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu)
@@ -268,7 +269,7 @@ static struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
 static struct ctl_table xfrm4_policy_table[] = {
        {
                .procname       = "xfrm4_gc_thresh",
-                .data           = &xfrm4_dst_ops.gc_thresh,
+                .data           = &init_net.xfrm.xfrm4_dst_ops.gc_thresh,
                .maxlen         = sizeof(int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec,
@@ -295,8 +296,6 @@ static void __exit xfrm4_policy_fini(void)
 void __init xfrm4_init(int rt_max_size)
 {
-        xfrm4_state_init();
-        xfrm4_policy_init();
        /*
         * Select a default value for the gc_thresh based on the main route
         * table hash size.  It seems to me the worst case scenario is when
@@ -308,6 +307,9 @@ void __init xfrm4_init(int rt_max_size)
         * and start cleaning when were 1/2 full
         */
        xfrm4_dst_ops.gc_thresh = rt_max_size/2;
+        xfrm4_state_init();
+        xfrm4_policy_init();
 #ifdef CONFIG_SYSCTL
        sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path,
                                                xfrm4_policy_table);
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 7254e3f899a7..dbdc696f5fc5 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -24,7 +24,6 @@
 #include <net/mip6.h>
 #endif
-static struct dst_ops xfrm6_dst_ops;
 static struct xfrm_policy_afinfo xfrm6_policy_afinfo;
 static struct dst_entry *xfrm6_dst_lookup(struct net *net, int tos,
@@ -224,8 +223,10 @@ _decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
 static inline int xfrm6_garbage_collect(struct dst_ops *ops)
 {
-        xfrm6_policy_afinfo.garbage_collect(&init_net);
+        struct net *net = container_of(ops, struct net, xfrm.xfrm6_dst_ops);
-        return (atomic_read(&xfrm6_dst_ops.entries) > xfrm6_dst_ops.gc_thresh*2);
+        xfrm6_policy_afinfo.garbage_collect(net);
+        return (atomic_read(&ops->entries) > ops->gc_thresh * 2);
 }
 static void xfrm6_update_pmtu(struct dst_entry *dst, u32 mtu)
@@ -310,7 +311,7 @@ static void xfrm6_policy_fini(void)
 static struct ctl_table xfrm6_policy_table[] = {
        {
                .procname       = "xfrm6_gc_thresh",
-                .data           = &xfrm6_dst_ops.gc_thresh,
+                .data           = &init_net.xfrm.xfrm6_dst_ops.gc_thresh,
                .maxlen         = sizeof(int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec,
@@ -326,13 +327,6 @@ int __init xfrm6_init(void)
        int ret;
        unsigned int gc_thresh;
-        ret = xfrm6_policy_init();
-        if (ret)
-                goto out;
-        ret = xfrm6_state_init();
-        if (ret)
-                goto out_policy;
        /*
         * We need a good default value for the xfrm6 gc threshold.
         * In ipv4 we set it to the route hash table size * 8, which
@@ -346,6 +340,15 @@ int __init xfrm6_init(void)
         */
        gc_thresh = FIB6_TABLE_HASHSZ * 8;
        xfrm6_dst_ops.gc_thresh = (gc_thresh < 1024) ? 1024 : gc_thresh;
+        ret = xfrm6_policy_init();
+        if (ret)
+                goto out;
+        ret = xfrm6_state_init();
+        if (ret)
+                goto out_policy;
 #ifdef CONFIG_SYSCTL
        sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv6_ctl_path,
                                                xfrm6_policy_table);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index d2c8cb57ee4c..0ecb16a9a883 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1309,15 +1309,28 @@ static inline int xfrm_get_tos(struct flowi *fl, int family)
        return tos;
 }
-static inline struct xfrm_dst *xfrm_alloc_dst(int family)
+static inline struct xfrm_dst *xfrm_alloc_dst(struct net *net, int family)
 {
        struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
+        struct dst_ops *dst_ops;
        struct xfrm_dst *xdst;
        if (!afinfo)
                return ERR_PTR(-EINVAL);
-        xdst = dst_alloc(afinfo->dst_ops) ?: ERR_PTR(-ENOBUFS);
+        switch (family) {
+        case AF_INET:
+                dst_ops = &net->xfrm.xfrm4_dst_ops;
+                break;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+        case AF_INET6:
+                dst_ops = &net->xfrm.xfrm6_dst_ops;
+                break;
+#endif
+        default:
+                BUG();
+        }
+        xdst = dst_alloc(dst_ops) ?: ERR_PTR(-ENOBUFS);
        xfrm_policy_put_afinfo(afinfo);
@@ -1366,6 +1379,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
                                            struct flowi *fl,
                                            struct dst_entry *dst)
 {
+        struct net *net = xp_net(policy);
        unsigned long now = jiffies;
        struct net_device *dev;
        struct dst_entry *dst_prev = NULL;
@@ -1389,7 +1403,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
        dst_hold(dst);
        for (; i < nx; i++) {
-                struct xfrm_dst *xdst = xfrm_alloc_dst(family);
+                struct xfrm_dst *xdst = xfrm_alloc_dst(net, family);
                struct dst_entry *dst1 = &xdst->u.dst;
                err = PTR_ERR(xdst);
@@ -2279,6 +2293,7 @@ EXPORT_SYMBOL(xfrm_bundle_ok);
 int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
 {
+        struct net *net;
        int err = 0;
        if (unlikely(afinfo == NULL))
                return -EINVAL;
@@ -2302,6 +2317,27 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
                xfrm_policy_afinfo[afinfo->family] = afinfo;
        }
        write_unlock_bh(&xfrm_policy_afinfo_lock);
+        rtnl_lock();
+        for_each_net(net) {
+                struct dst_ops *xfrm_dst_ops;
+                switch (afinfo->family) {
+                case AF_INET:
+                        xfrm_dst_ops = &net->xfrm.xfrm4_dst_ops;
+                        break;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+                case AF_INET6:
+                        xfrm_dst_ops = &net->xfrm.xfrm6_dst_ops;
+                        break;
+#endif
+                default:
+                        BUG();
+                }
+                *xfrm_dst_ops = *afinfo->dst_ops;
+        }
+        rtnl_unlock();
        return err;
 }
 EXPORT_SYMBOL(xfrm_policy_register_afinfo);
@@ -2332,6 +2368,22 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
 }
 EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
+static void __net_init xfrm_dst_ops_init(struct net *net)
+{
+        struct xfrm_policy_afinfo *afinfo;
+        read_lock_bh(&xfrm_policy_afinfo_lock);
+        afinfo = xfrm_policy_afinfo[AF_INET];
+        if (afinfo)
+                net->xfrm.xfrm4_dst_ops = *afinfo->dst_ops;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+        afinfo = xfrm_policy_afinfo[AF_INET6];
+        if (afinfo)
+                net->xfrm.xfrm6_dst_ops = *afinfo->dst_ops;
+#endif
+        read_unlock_bh(&xfrm_policy_afinfo_lock);
+}
 static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family)
 {
        struct xfrm_policy_afinfo *afinfo;
@@ -2494,6 +2546,7 @@ static int __net_init xfrm_net_init(struct net *net)
        rv = xfrm_policy_init(net);
        if (rv < 0)
                goto out_policy;
+        xfrm_dst_ops_init(net);
        rv = xfrm_sysctl_init(net);
        if (rv < 0)
                goto out_sysctl;

diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h index 56f8e5585df7..74f119a2829a 100644 --- a/include/net/netns/xfrm.h +++ b/include/net/netns/xfrm.h
@@ -5,6 +5,7 @@
5	#include <linux/wait.h>	5	#include <linux/wait.h>
6	#include <linux/workqueue.h>	6	#include <linux/workqueue.h>
7	#include <linux/xfrm.h>	7	#include <linux/xfrm.h>
		8	#include <net/dst_ops.h>
8		9
9	struct ctl_table_header;	10	struct ctl_table_header;
10		11
@@ -42,6 +43,11 @@ struct netns_xfrm {
42	unsigned int policy_count[XFRM_POLICY_MAX * 2];	43	unsigned int policy_count[XFRM_POLICY_MAX * 2];
43	struct work_struct policy_hash_work;	44	struct work_struct policy_hash_work;
44		45
		46	struct dst_ops xfrm4_dst_ops;
		47	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
		48	struct dst_ops xfrm6_dst_ops;
		49	#endif
		50
45	struct sock *nlsk;	51	struct sock *nlsk;
46	struct sock *nlsk_stash;	52	struct sock *nlsk_stash;
47		53


diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 8c08a28d8f83..67107d63c1cd 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c
@@ -15,7 +15,6 @@
15	#include <net/xfrm.h>	15	#include <net/xfrm.h>
16	#include <net/ip.h>	16	#include <net/ip.h>
17		17
18	static struct dst_ops xfrm4_dst_ops;
19	static struct xfrm_policy_afinfo xfrm4_policy_afinfo;	18	static struct xfrm_policy_afinfo xfrm4_policy_afinfo;
20		19
21	static struct dst_entry xfrm4_dst_lookup(struct net net, int tos,	20	static struct dst_entry xfrm4_dst_lookup(struct net net, int tos,
@@ -190,8 +189,10 @@ _decode_session4(struct sk_buff skb, struct flowi fl, int reverse)
190		189
191	static inline int xfrm4_garbage_collect(struct dst_ops *ops)	190	static inline int xfrm4_garbage_collect(struct dst_ops *ops)
192	{	191	{
193	xfrm4_policy_afinfo.garbage_collect(&init_net);	192	struct net *net = container_of(ops, struct net, xfrm.xfrm4_dst_ops);
194	return (atomic_read(&xfrm4_dst_ops.entries) > xfrm4_dst_ops.gc_thresh*2);	193
		194	xfrm4_policy_afinfo.garbage_collect(net);
		195	return (atomic_read(&ops->entries) > ops->gc_thresh * 2);
195	}	196	}
196		197
197	static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu)	198	static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu)
@@ -268,7 +269,7 @@ static struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
268	static struct ctl_table xfrm4_policy_table[] = {	269	static struct ctl_table xfrm4_policy_table[] = {
269	{	270	{
270	.procname = "xfrm4_gc_thresh",	271	.procname = "xfrm4_gc_thresh",
271	.data = &xfrm4_dst_ops.gc_thresh,	272	.data = &init_net.xfrm.xfrm4_dst_ops.gc_thresh,
272	.maxlen = sizeof(int),	273	.maxlen = sizeof(int),
273	.mode = 0644,	274	.mode = 0644,
274	.proc_handler = proc_dointvec,	275	.proc_handler = proc_dointvec,
@@ -295,8 +296,6 @@ static void __exit xfrm4_policy_fini(void)
295		296
296	void __init xfrm4_init(int rt_max_size)	297	void __init xfrm4_init(int rt_max_size)
297	{	298	{
298	xfrm4_state_init();
299	xfrm4_policy_init();
300	/*	299	/*
301	* Select a default value for the gc_thresh based on the main route	300	* Select a default value for the gc_thresh based on the main route
302	* table hash size. It seems to me the worst case scenario is when	301	* table hash size. It seems to me the worst case scenario is when
@@ -308,6 +307,9 @@ void __init xfrm4_init(int rt_max_size)
308	* and start cleaning when were 1/2 full	307	* and start cleaning when were 1/2 full
309	*/	308	*/
310	xfrm4_dst_ops.gc_thresh = rt_max_size/2;	309	xfrm4_dst_ops.gc_thresh = rt_max_size/2;
		310
		311	xfrm4_state_init();
		312	xfrm4_policy_init();
311	#ifdef CONFIG_SYSCTL	313	#ifdef CONFIG_SYSCTL
312	sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path,	314	sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path,
313	xfrm4_policy_table);	315	xfrm4_policy_table);


diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c index 7254e3f899a7..dbdc696f5fc5 100644 --- a/net/ipv6/xfrm6_policy.c +++ b/net/ipv6/xfrm6_policy.c
@@ -24,7 +24,6 @@
24	#include <net/mip6.h>	24	#include <net/mip6.h>
25	#endif	25	#endif
26		26
27	static struct dst_ops xfrm6_dst_ops;
28	static struct xfrm_policy_afinfo xfrm6_policy_afinfo;	27	static struct xfrm_policy_afinfo xfrm6_policy_afinfo;
29		28
30	static struct dst_entry xfrm6_dst_lookup(struct net net, int tos,	29	static struct dst_entry xfrm6_dst_lookup(struct net net, int tos,
@@ -224,8 +223,10 @@ _decode_session6(struct sk_buff skb, struct flowi fl, int reverse)
224		223
225	static inline int xfrm6_garbage_collect(struct dst_ops *ops)	224	static inline int xfrm6_garbage_collect(struct dst_ops *ops)
226	{	225	{
227	xfrm6_policy_afinfo.garbage_collect(&init_net);	226	struct net *net = container_of(ops, struct net, xfrm.xfrm6_dst_ops);
228	return (atomic_read(&xfrm6_dst_ops.entries) > xfrm6_dst_ops.gc_thresh*2);	227
		228	xfrm6_policy_afinfo.garbage_collect(net);
		229	return (atomic_read(&ops->entries) > ops->gc_thresh * 2);
229	}	230	}
230		231
231	static void xfrm6_update_pmtu(struct dst_entry *dst, u32 mtu)	232	static void xfrm6_update_pmtu(struct dst_entry *dst, u32 mtu)
@@ -310,7 +311,7 @@ static void xfrm6_policy_fini(void)
310	static struct ctl_table xfrm6_policy_table[] = {	311	static struct ctl_table xfrm6_policy_table[] = {
311	{	312	{
312	.procname = "xfrm6_gc_thresh",	313	.procname = "xfrm6_gc_thresh",
313	.data = &xfrm6_dst_ops.gc_thresh,	314	.data = &init_net.xfrm.xfrm6_dst_ops.gc_thresh,
314	.maxlen = sizeof(int),	315	.maxlen = sizeof(int),
315	.mode = 0644,	316	.mode = 0644,
316	.proc_handler = proc_dointvec,	317	.proc_handler = proc_dointvec,
@@ -326,13 +327,6 @@ int __init xfrm6_init(void)
326	int ret;	327	int ret;
327	unsigned int gc_thresh;	328	unsigned int gc_thresh;
328		329
329	ret = xfrm6_policy_init();
330	if (ret)
331	goto out;
332
333	ret = xfrm6_state_init();
334	if (ret)
335	goto out_policy;
336	/*	330	/*
337	* We need a good default value for the xfrm6 gc threshold.	331	* We need a good default value for the xfrm6 gc threshold.
338	* In ipv4 we set it to the route hash table size * 8, which	332	* In ipv4 we set it to the route hash table size * 8, which
@@ -346,6 +340,15 @@ int __init xfrm6_init(void)
346	*/	340	*/
347	gc_thresh = FIB6_TABLE_HASHSZ * 8;	341	gc_thresh = FIB6_TABLE_HASHSZ * 8;
348	xfrm6_dst_ops.gc_thresh = (gc_thresh < 1024) ? 1024 : gc_thresh;	342	xfrm6_dst_ops.gc_thresh = (gc_thresh < 1024) ? 1024 : gc_thresh;
		343
		344	ret = xfrm6_policy_init();
		345	if (ret)
		346	goto out;
		347
		348	ret = xfrm6_state_init();
		349	if (ret)
		350	goto out_policy;
		351
349	#ifdef CONFIG_SYSCTL	352	#ifdef CONFIG_SYSCTL
350	sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv6_ctl_path,	353	sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv6_ctl_path,
351	xfrm6_policy_table);	354	xfrm6_policy_table);


diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index d2c8cb57ee4c..0ecb16a9a883 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c
@@ -1309,15 +1309,28 @@ static inline int xfrm_get_tos(struct flowi *fl, int family)
1309	return tos;	1309	return tos;
1310	}	1310	}
1311		1311
1312	static inline struct xfrm_dst *xfrm_alloc_dst(int family)	1312	static inline struct xfrm_dst xfrm_alloc_dst(struct net net, int family)
1313	{	1313	{
1314	struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);	1314	struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
		1315	struct dst_ops *dst_ops;
1315	struct xfrm_dst *xdst;	1316	struct xfrm_dst *xdst;
1316		1317
1317	if (!afinfo)	1318	if (!afinfo)
1318	return ERR_PTR(-EINVAL);	1319	return ERR_PTR(-EINVAL);
1319		1320
1320	xdst = dst_alloc(afinfo->dst_ops) ?: ERR_PTR(-ENOBUFS);	1321	switch (family) {
		1322	case AF_INET:
		1323	dst_ops = &net->xfrm.xfrm4_dst_ops;
		1324	break;
		1325	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
		1326	case AF_INET6:
		1327	dst_ops = &net->xfrm.xfrm6_dst_ops;
		1328	break;
		1329	#endif
		1330	default:
		1331	BUG();
		1332	}
		1333	xdst = dst_alloc(dst_ops) ?: ERR_PTR(-ENOBUFS);
1321		1334
1322	xfrm_policy_put_afinfo(afinfo);	1335	xfrm_policy_put_afinfo(afinfo);
1323		1336
@@ -1366,6 +1379,7 @@ static struct dst_entry xfrm_bundle_create(struct xfrm_policy policy,
1366	struct flowi *fl,	1379	struct flowi *fl,
1367	struct dst_entry *dst)	1380	struct dst_entry *dst)
1368	{	1381	{
		1382	struct net *net = xp_net(policy);
1369	unsigned long now = jiffies;	1383	unsigned long now = jiffies;
1370	struct net_device *dev;	1384	struct net_device *dev;
1371	struct dst_entry *dst_prev = NULL;	1385	struct dst_entry *dst_prev = NULL;
@@ -1389,7 +1403,7 @@ static struct dst_entry xfrm_bundle_create(struct xfrm_policy policy,
1389	dst_hold(dst);	1403	dst_hold(dst);
1390		1404
1391	for (; i < nx; i++) {	1405	for (; i < nx; i++) {
1392	struct xfrm_dst *xdst = xfrm_alloc_dst(family);	1406	struct xfrm_dst *xdst = xfrm_alloc_dst(net, family);
1393	struct dst_entry *dst1 = &xdst->u.dst;	1407	struct dst_entry *dst1 = &xdst->u.dst;
1394		1408
1395	err = PTR_ERR(xdst);	1409	err = PTR_ERR(xdst);
@@ -2279,6 +2293,7 @@ EXPORT_SYMBOL(xfrm_bundle_ok);
2279		2293
2280	int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)	2294	int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
2281	{	2295	{
		2296	struct net *net;
2282	int err = 0;	2297	int err = 0;
2283	if (unlikely(afinfo == NULL))	2298	if (unlikely(afinfo == NULL))
2284	return -EINVAL;	2299	return -EINVAL;
@@ -2302,6 +2317,27 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
2302	xfrm_policy_afinfo[afinfo->family] = afinfo;	2317	xfrm_policy_afinfo[afinfo->family] = afinfo;
2303	}	2318	}
2304	write_unlock_bh(&xfrm_policy_afinfo_lock);	2319	write_unlock_bh(&xfrm_policy_afinfo_lock);
		2320
		2321	rtnl_lock();
		2322	for_each_net(net) {
		2323	struct dst_ops *xfrm_dst_ops;
		2324
		2325	switch (afinfo->family) {
		2326	case AF_INET:
		2327	xfrm_dst_ops = &net->xfrm.xfrm4_dst_ops;
		2328	break;
		2329	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
		2330	case AF_INET6:
		2331	xfrm_dst_ops = &net->xfrm.xfrm6_dst_ops;
		2332	break;
		2333	#endif
		2334	default:
		2335	BUG();
		2336	}
		2337	xfrm_dst_ops = afinfo->dst_ops;
		2338	}
		2339	rtnl_unlock();
		2340
2305	return err;	2341	return err;
2306	}	2342	}
2307	EXPORT_SYMBOL(xfrm_policy_register_afinfo);	2343	EXPORT_SYMBOL(xfrm_policy_register_afinfo);
@@ -2332,6 +2368,22 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
2332	}	2368	}
2333	EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);	2369	EXPORT_SYMBOL(xfrm_policy_unregister_afinfo);
2334		2370
		2371	static void __net_init xfrm_dst_ops_init(struct net *net)
		2372	{
		2373	struct xfrm_policy_afinfo *afinfo;
		2374
		2375	read_lock_bh(&xfrm_policy_afinfo_lock);
		2376	afinfo = xfrm_policy_afinfo[AF_INET];
		2377	if (afinfo)
		2378	net->xfrm.xfrm4_dst_ops = *afinfo->dst_ops;
		2379	#if defined(CONFIG_IPV6) \|\| defined(CONFIG_IPV6_MODULE)
		2380	afinfo = xfrm_policy_afinfo[AF_INET6];
		2381	if (afinfo)
		2382	net->xfrm.xfrm6_dst_ops = *afinfo->dst_ops;
		2383	#endif
		2384	read_unlock_bh(&xfrm_policy_afinfo_lock);
		2385	}
		2386
2335	static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family)	2387	static struct xfrm_policy_afinfo *xfrm_policy_get_afinfo(unsigned short family)
2336	{	2388	{
2337	struct xfrm_policy_afinfo *afinfo;	2389	struct xfrm_policy_afinfo *afinfo;
@@ -2494,6 +2546,7 @@ static int __net_init xfrm_net_init(struct net *net)
2494	rv = xfrm_policy_init(net);	2546	rv = xfrm_policy_init(net);
2495	if (rv < 0)	2547	if (rv < 0)
2496	goto out_policy;	2548	goto out_policy;
		2549	xfrm_dst_ops_init(net);
2497	rv = xfrm_sysctl_init(net);	2550	rv = xfrm_sysctl_init(net);
2498	if (rv < 0)	2551	if (rv < 0)
2499	goto out_sysctl;	2552	goto out_sysctl;