diff options
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/route.c | 9 | ||||
| -rw-r--r-- | net/ipv4/xfrm4_policy.c | 13 |
2 files changed, 7 insertions, 15 deletions
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index a8c651216fa6..df251424d816 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c | |||
| @@ -1785,6 +1785,7 @@ static struct rtable *__mkroute_output(const struct fib_result *res, | |||
| 1785 | if (dev_out->flags & IFF_LOOPBACK) | 1785 | if (dev_out->flags & IFF_LOOPBACK) |
| 1786 | flags |= RTCF_LOCAL; | 1786 | flags |= RTCF_LOCAL; |
| 1787 | 1787 | ||
| 1788 | do_cache = true; | ||
| 1788 | if (type == RTN_BROADCAST) { | 1789 | if (type == RTN_BROADCAST) { |
| 1789 | flags |= RTCF_BROADCAST | RTCF_LOCAL; | 1790 | flags |= RTCF_BROADCAST | RTCF_LOCAL; |
| 1790 | fi = NULL; | 1791 | fi = NULL; |
| @@ -1793,6 +1794,8 @@ static struct rtable *__mkroute_output(const struct fib_result *res, | |||
| 1793 | if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr, | 1794 | if (!ip_check_mc_rcu(in_dev, fl4->daddr, fl4->saddr, |
| 1794 | fl4->flowi4_proto)) | 1795 | fl4->flowi4_proto)) |
| 1795 | flags &= ~RTCF_LOCAL; | 1796 | flags &= ~RTCF_LOCAL; |
| 1797 | else | ||
| 1798 | do_cache = false; | ||
| 1796 | /* If multicast route do not exist use | 1799 | /* If multicast route do not exist use |
| 1797 | * default one, but do not gateway in this case. | 1800 | * default one, but do not gateway in this case. |
| 1798 | * Yes, it is hack. | 1801 | * Yes, it is hack. |
| @@ -1802,8 +1805,8 @@ static struct rtable *__mkroute_output(const struct fib_result *res, | |||
| 1802 | } | 1805 | } |
| 1803 | 1806 | ||
| 1804 | fnhe = NULL; | 1807 | fnhe = NULL; |
| 1805 | do_cache = fi != NULL; | 1808 | do_cache &= fi != NULL; |
| 1806 | if (fi) { | 1809 | if (do_cache) { |
| 1807 | struct rtable __rcu **prth; | 1810 | struct rtable __rcu **prth; |
| 1808 | struct fib_nh *nh = &FIB_RES_NH(*res); | 1811 | struct fib_nh *nh = &FIB_RES_NH(*res); |
| 1809 | 1812 | ||
| @@ -2597,7 +2600,7 @@ int __init ip_rt_init(void) | |||
| 2597 | pr_err("Unable to create route proc files\n"); | 2600 | pr_err("Unable to create route proc files\n"); |
| 2598 | #ifdef CONFIG_XFRM | 2601 | #ifdef CONFIG_XFRM |
| 2599 | xfrm_init(); | 2602 | xfrm_init(); |
| 2600 | xfrm4_init(ip_rt_max_size); | 2603 | xfrm4_init(); |
| 2601 | #endif | 2604 | #endif |
| 2602 | rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL); | 2605 | rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL); |
| 2603 | 2606 | ||
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 05c5ab8d983c..3be0ac2c1920 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c | |||
| @@ -279,19 +279,8 @@ static void __exit xfrm4_policy_fini(void) | |||
| 279 | xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo); | 279 | xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo); |
| 280 | } | 280 | } |
| 281 | 281 | ||
| 282 | void __init xfrm4_init(int rt_max_size) | 282 | void __init xfrm4_init(void) |
| 283 | { | 283 | { |
| 284 | /* | ||
| 285 | * Select a default value for the gc_thresh based on the main route | ||
| 286 | * table hash size. It seems to me the worst case scenario is when | ||
| 287 | * we have ipsec operating in transport mode, in which we create a | ||
| 288 | * dst_entry per socket. The xfrm gc algorithm starts trying to remove | ||
| 289 | * entries at gc_thresh, and prevents new allocations as 2*gc_thresh | ||
| 290 | * so lets set an initial xfrm gc_thresh value at the rt_max_size/2. | ||
| 291 | * That will let us store an ipsec connection per route table entry, | ||
| 292 | * and start cleaning when were 1/2 full | ||
| 293 | */ | ||
| 294 | xfrm4_dst_ops.gc_thresh = rt_max_size/2; | ||
| 295 | dst_entries_init(&xfrm4_dst_ops); | 284 | dst_entries_init(&xfrm4_dst_ops); |
| 296 | 285 | ||
| 297 | xfrm4_state_init(); | 286 | xfrm4_state_init(); |