linux/net/ipv6
Neil Horman a44a4a006b xfrm: export xfrm garbage collector thresholds via sysctl
Export garbage collector thresholds for xfrm[4|6]_dst_ops

Had a problem reported to me recently in which a high volume of ipsec
connections on a system began reporting ENOBUFS for new connections
eventually.

It seemed that after about 2000 connections we started being unable to
create more.  A quick look revealed that the xfrm code used a dst_ops
structure that limited the gc_thresh value to 1024, and always
dropped route cache entries after 2x the gc_thresh.

It seems the most direct solution is to export the gc_thresh values in
the xfrm[4|6] dst_ops as sysctls, like the main routing table does, so
that higher volumes of connections can be supported.  This patch has
been tested and allows the reporter to increase their ipsec connection
volume successfully.

Reported-by: Joe Nall <joe@nall.com>
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>

ipv4/xfrm4_policy.c |   18 ++++++++++++++++++
ipv6/xfrm6_policy.c |   18 ++++++++++++++++++
2 files changed, 36 insertions(+)
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-07-27 11:35:32 -07:00
..
netfilter Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-06-11 16:00:49 +02:00
addrconf_core.c [IPV6]: ipv6_addr_type() doesn't know about RFC4193 addresses. 2007-07-31 02:28:21 -07:00
addrconf.c IPv6: preferred lifetime of address not getting updated 2009-07-03 19:10:13 -07:00
addrlabel.c net: replace %p6 with %pI6 2008-10-29 12:52:50 -07:00
af_inet6.c udpv6: Handle large incoming UDP/IPv6 packets and support software UFO 2009-07-12 14:29:29 -07:00
ah6.c ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
anycast.c net: replace %#p6 format specifier with %pi6 2008-10-29 12:50:24 -07:00
datagram.c netns xfrm: lookup in netns 2008-11-25 17:35:18 -08:00
esp6.c ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
exthdrs_core.c [NET] IPV6: Fix whitespace errors. 2007-02-10 23:19:42 -08:00
exthdrs.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
fib6_rules.c net: Remove unused parameter from fill method in fib_rules_ops. 2009-05-20 17:26:23 -07:00
icmp.c ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
inet6_connection_sock.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
inet6_hashtables.c ipv6: don't use tw net when accounting for recycled tw 2009-02-26 03:35:13 -08:00
ip6_fib.c ipv6: Fix fib6_dump_table walker leak 2009-01-13 22:17:51 -08:00
ip6_flowlabel.c ipv6: Disallow rediculious flowlabel option sizes. 2009-02-06 00:49:55 -08:00
ip6_input.c ipv6: correct return on ipv6_rcv() packet drop 2009-07-06 18:07:55 -07:00
ip6_output.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-07-16 20:21:24 -07:00
ip6_tunnel.c net: use NETDEV_TX_OK instead of 0 in ndo_start_xmit() functions 2009-07-05 19:16:04 -07:00
ip6mr.c net: use NETDEV_TX_OK instead of 0 in ndo_start_xmit() functions 2009-07-05 19:16:04 -07:00
ipcomp6.c ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
ipv6_sockglue.c ipv6:remove useless check 2009-04-14 02:21:41 -07:00
Kconfig trivial: Kconfig: .ko is normally not included in module names 2009-06-12 18:01:50 +02:00
Makefile [IPV6] MROUTE: Support multicast forwarding. 2008-04-05 22:33:38 +09:00
mcast.c mcastv6: Local variable shadows function argument 2009-07-21 11:13:25 -07:00
mip6.c ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
ndisc.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
netfilter.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
proc.c snmp: add missing counters for RFC 4293 2009-04-27 02:45:02 -07:00
protocol.c net: remove CVS keywords 2008-06-11 21:00:38 -07:00
raw.c ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
reassembly.c ipv6: Use frag list abstraction interfaces. 2009-06-09 00:20:05 -07:00
route.c ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
sit.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-07-16 20:21:24 -07:00
syncookies.c syncookies: remove last_synq_overflow from struct tcp_sock 2009-04-20 02:25:26 -07:00
sysctl_net_ipv6.c remove lots of double-semicolons 2009-01-08 08:31:14 -08:00
tcp_ipv6.c tcp: Use correct peer adr when copying MD5 keys 2009-07-20 07:49:08 -07:00
tunnel6.c ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
udp_impl.h ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
udp.c udpv6: Handle large incoming UDP/IPv6 packets and support software UFO 2009-07-12 14:29:29 -07:00
udplite.c ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00
xfrm6_input.c netns xfrm: per-netns MIBs 2008-11-25 17:59:52 -08:00
xfrm6_mode_beet.c ipsec: Interfamily IPSec BEET, ipv4-inner ipv6-outer 2008-08-06 02:40:25 -07:00
xfrm6_mode_ro.c [IPSEC]: Make x->lastused an unsigned long 2008-01-28 14:53:52 -08:00
xfrm6_mode_transport.c [IPSEC]: Use IPv6 calling convention as the convention for x->mode->output 2007-10-10 16:55:54 -07:00
xfrm6_mode_tunnel.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm6_output.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm6_policy.c xfrm: export xfrm garbage collector thresholds via sysctl 2009-07-27 11:35:32 -07:00
xfrm6_state.c ipv6: fix sparse warning: Using plain integer as NULL pointer 2009-02-21 23:37:10 -08:00
xfrm6_tunnel.c ipv6: Use correct data types for ICMPv6 type and code 2009-06-23 04:31:07 -07:00