forked from Minki/linux
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
Steffen Klassert says: ==================== This pull request is intended for 3.7 and contains a single patch to fix the IPsec gc threshold value for ipv4. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
commit
5e7873d145
@ -1351,7 +1351,7 @@ struct xfrm6_tunnel {
|
||||
};
|
||||
|
||||
extern void xfrm_init(void);
|
||||
extern void xfrm4_init(int rt_hash_size);
|
||||
extern void xfrm4_init(void);
|
||||
extern int xfrm_state_init(struct net *net);
|
||||
extern void xfrm_state_fini(struct net *net);
|
||||
extern void xfrm4_state_init(void);
|
||||
|
@ -2597,7 +2597,7 @@ int __init ip_rt_init(void)
|
||||
pr_err("Unable to create route proc files\n");
|
||||
#ifdef CONFIG_XFRM
|
||||
xfrm_init();
|
||||
xfrm4_init(ip_rt_max_size);
|
||||
xfrm4_init();
|
||||
#endif
|
||||
rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
|
||||
|
||||
|
@ -279,19 +279,8 @@ static void __exit xfrm4_policy_fini(void)
|
||||
xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo);
|
||||
}
|
||||
|
||||
void __init xfrm4_init(int rt_max_size)
|
||||
void __init xfrm4_init(void)
|
||||
{
|
||||
/*
|
||||
* Select a default value for the gc_thresh based on the main route
|
||||
* table hash size. It seems to me the worst case scenario is when
|
||||
* we have ipsec operating in transport mode, in which we create a
|
||||
* dst_entry per socket. The xfrm gc algorithm starts trying to remove
|
||||
* entries at gc_thresh, and prevents new allocations as 2*gc_thresh
|
||||
* so lets set an initial xfrm gc_thresh value at the rt_max_size/2.
|
||||
* That will let us store an ipsec connection per route table entry,
|
||||
* and start cleaning when were 1/2 full
|
||||
*/
|
||||
xfrm4_dst_ops.gc_thresh = rt_max_size/2;
|
||||
dst_entries_init(&xfrm4_dst_ops);
|
||||
|
||||
xfrm4_state_init();
|
||||
|
Loading…
Reference in New Issue
Block a user