Commit 5e7873d1 authored by David S. Miller's avatar David S. Miller

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec

Steffen Klassert says:

====================
This pull request is intended for 3.7 and contains a single patch to
fix the IPsec gc threshold value for ipv4.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents ef6c5be6 703fb94e
......@@ -1351,7 +1351,7 @@ struct xfrm6_tunnel {
};
extern void xfrm_init(void);
extern void xfrm4_init(int rt_hash_size);
extern void xfrm4_init(void);
extern int xfrm_state_init(struct net *net);
extern void xfrm_state_fini(struct net *net);
extern void xfrm4_state_init(void);
......
......@@ -2597,7 +2597,7 @@ int __init ip_rt_init(void)
pr_err("Unable to create route proc files\n");
#ifdef CONFIG_XFRM
xfrm_init();
xfrm4_init(ip_rt_max_size);
xfrm4_init();
#endif
rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
......
......@@ -279,19 +279,8 @@ static void __exit xfrm4_policy_fini(void)
xfrm_policy_unregister_afinfo(&xfrm4_policy_afinfo);
}
void __init xfrm4_init(int rt_max_size)
void __init xfrm4_init(void)
{
/*
* Select a default value for the gc_thresh based on the main route
* table hash size. It seems to me the worst case scenario is when
* we have ipsec operating in transport mode, in which we create a
* dst_entry per socket. The xfrm gc algorithm starts trying to remove
* entries at gc_thresh, and prevents new allocations as 2*gc_thresh
* so lets set an initial xfrm gc_thresh value at the rt_max_size/2.
* That will let us store an ipsec connection per route table entry,
* and start cleaning when were 1/2 full
*/
xfrm4_dst_ops.gc_thresh = rt_max_size/2;
dst_entries_init(&xfrm4_dst_ops);
xfrm4_state_init();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment