Commit b9066c26 authored by Linus Torvalds's avatar Linus Torvalds

Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (24 commits)
  [IPSEC]: Add xfrm_sysctl.txt.
  [BRIDGE]: Round off STP perodic timers.
  [BRIDGE]: Reduce frequency of forwarding cleanup timer in bridge.
  [TCP] tcp_probe: use GCC printf attribute
  [TCP] tcp_probe: a trivial fix for mismatched number of printl arguments.
  [IPV6] ADDRCONF: Fix conflicts in DEVCONF_xxx constant.
  [NET] napi: Call __netif_rx_complete in netif_rx_complete
  [TCP]: Consolidate checking for tcp orphan count being too big.
  [SOCK]: Shrink struct sock by 8 bytes on 64-bit.
  [AF_PACKET]: Kill CONFIG_PACKET_SOCKET.
  [IPV6]: Fix build warning.
  [AF_PACKET]: Kill bogus CONFIG_PACKET_MULTICAST
  [IPV4]: Kill references to bogus non-existent CONFIG_IP_NOSIOCRT
  [IPSEC]: Fix panic when using inter address familiy IPsec on loopback.
  [NET]: parse ip:port strings correctly in in4_pton
  [IPV6] ROUTE: No longer handle ::/0 specially.
  [IPSEC]: Fix IPv6 AH calculation in outbound
  [XFRM]: xfrm_larval_drop sysctl should be __read_mostly.
  [XFRM]: Allow XFRM_ACQ_EXPIRES to be tunable via sysctl.
  [CASSINI]: Fix printk message typo.
  ...
parents 0c27011a 85553dda
/proc/sys/net/core/xfrm_* Variables:
xfrm_acq_expires - INTEGER
default 30 - hard timeout in seconds for acquire requests
......@@ -4920,7 +4920,7 @@ static int __devinit cas_init_one(struct pci_dev *pdev,
pci_cmd |= PCI_COMMAND_PARITY;
pci_write_config_word(pdev, PCI_COMMAND, pci_cmd);
if (pci_set_mwi(pdev))
printk(KERN_WARNING PFX "Could enable MWI for %s\n",
printk(KERN_WARNING PFX "Could not enable MWI for %s\n",
pci_name(pdev));
/*
......
......@@ -209,9 +209,8 @@ enum {
DEVCONF_RTR_PROBE_INTERVAL,
DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN,
DEVCONF_PROXY_NDP,
__DEVCONF_OPTIMISTIC_DAD,
DEVCONF_ACCEPT_SOURCE_ROUTE,
DEVCONF_OPTIMISTIC_DAD,
DEVCONF_ACCEPT_SOURCE_ROUTE,
DEVCONF_MAX
};
......
......@@ -910,6 +910,17 @@ static inline int netif_rx_reschedule(struct net_device *dev, int undo)
return 0;
}
/* same as netif_rx_complete, except that local_irq_save(flags)
* has already been issued
*/
static inline void __netif_rx_complete(struct net_device *dev)
{
BUG_ON(!test_bit(__LINK_STATE_RX_SCHED, &dev->state));
list_del(&dev->poll_list);
smp_mb__before_clear_bit();
clear_bit(__LINK_STATE_RX_SCHED, &dev->state);
}
/* Remove interface from poll list: it must be in the poll list
* on current cpu. This primitive is called by dev->poll(), when
* it completes the work. The device cannot be out of poll list at this
......@@ -920,10 +931,7 @@ static inline void netif_rx_complete(struct net_device *dev)
unsigned long flags;
local_irq_save(flags);
BUG_ON(!test_bit(__LINK_STATE_RX_SCHED, &dev->state));
list_del(&dev->poll_list);
smp_mb__before_clear_bit();
clear_bit(__LINK_STATE_RX_SCHED, &dev->state);
__netif_rx_complete(dev);
local_irq_restore(flags);
}
......@@ -940,17 +948,6 @@ static inline void netif_poll_enable(struct net_device *dev)
clear_bit(__LINK_STATE_RX_SCHED, &dev->state);
}
/* same as netif_rx_complete, except that local_irq_save(flags)
* has already been issued
*/
static inline void __netif_rx_complete(struct net_device *dev)
{
BUG_ON(!test_bit(__LINK_STATE_RX_SCHED, &dev->state));
list_del(&dev->poll_list);
smp_mb__before_clear_bit();
clear_bit(__LINK_STATE_RX_SCHED, &dev->state);
}
static inline void netif_tx_lock(struct net_device *dev)
{
spin_lock(&dev->_xmit_lock);
......
......@@ -218,13 +218,13 @@ struct sock {
atomic_t sk_rmem_alloc;
atomic_t sk_wmem_alloc;
atomic_t sk_omem_alloc;
int sk_sndbuf;
struct sk_buff_head sk_receive_queue;
struct sk_buff_head sk_write_queue;
struct sk_buff_head sk_async_wait_queue;
int sk_wmem_queued;
int sk_forward_alloc;
gfp_t sk_allocation;
int sk_sndbuf;
int sk_route_caps;
int sk_gso_type;
int sk_rcvlowat;
......
......@@ -254,6 +254,12 @@ static inline int between(__u32 seq1, __u32 seq2, __u32 seq3)
return seq3 - seq2 >= seq1 - seq2;
}
static inline int tcp_too_many_orphans(struct sock *sk, int num)
{
return (num > sysctl_tcp_max_orphans) ||
(sk->sk_wmem_queued > SOCK_MIN_SNDBUF &&
atomic_read(&tcp_memory_allocated) > sysctl_tcp_mem[2]);
}
extern struct proto tcp_prot;
......
......@@ -237,7 +237,6 @@ extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo);
extern void km_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c);
extern void km_state_notify(struct xfrm_state *x, struct km_event *c);
#define XFRM_ACQ_EXPIRES 30
struct xfrm_tmpl;
extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
......
......@@ -121,6 +121,7 @@ void br_fdb_cleanup(unsigned long _data)
{
struct net_bridge *br = (struct net_bridge *)_data;
unsigned long delay = hold_time(br);
unsigned long next_timer = jiffies + br->forward_delay;
int i;
spin_lock_bh(&br->hash_lock);
......@@ -129,14 +130,21 @@ void br_fdb_cleanup(unsigned long _data)
struct hlist_node *h, *n;
hlist_for_each_entry_safe(f, h, n, &br->hash[i], hlist) {
if (!f->is_static &&
time_before_eq(f->ageing_timer + delay, jiffies))
unsigned long this_timer;
if (f->is_static)
continue;
this_timer = f->ageing_timer + delay;
if (time_before_eq(this_timer, jiffies))
fdb_delete(f);
else if (this_timer < next_timer)
next_timer = this_timer;
}
}
spin_unlock_bh(&br->hash_lock);
mod_timer(&br->gc_timer, jiffies + HZ/10);
/* Add HZ/4 to ensure we round the jiffies upwards to be after the next
* timer, otherwise we might round down and will have no-op run. */
mod_timer(&br->gc_timer, round_jiffies(next_timer + HZ/4));
}
/* Completely flush all dynamic entries in forwarding database.*/
......
......@@ -178,7 +178,8 @@ void br_transmit_config(struct net_bridge_port *p)
br_send_config_bpdu(p, &bpdu);
p->topology_change_ack = 0;
p->config_pending = 0;
mod_timer(&p->hold_timer, jiffies + BR_HOLD_TIME);
mod_timer(&p->hold_timer,
round_jiffies(jiffies + BR_HOLD_TIME));
}
}
......
......@@ -42,7 +42,7 @@ static void br_hello_timer_expired(unsigned long arg)
if (br->dev->flags & IFF_UP) {
br_config_bpdu_generation(br);
mod_timer(&br->hello_timer, jiffies + br->hello_time);
mod_timer(&br->hello_timer, round_jiffies(jiffies + br->hello_time));
}
spin_unlock(&br->lock);
}
......
......@@ -25,6 +25,7 @@ extern int sysctl_core_destroy_delay;
extern u32 sysctl_xfrm_aevent_etime;
extern u32 sysctl_xfrm_aevent_rseqth;
extern int sysctl_xfrm_larval_drop;
extern u32 sysctl_xfrm_acq_expires;
#endif
ctl_table core_table[] = {
......@@ -127,6 +128,14 @@ ctl_table core_table[] = {
.mode = 0644,
.proc_handler = &proc_dointvec
},
{
.ctl_name = CTL_UNNUMBERED,
.procname = "xfrm_acq_expires",
.data = &sysctl_xfrm_acq_expires,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = &proc_dointvec
},
#endif /* CONFIG_XFRM */
#endif /* CONFIG_NET */
{
......
......@@ -139,16 +139,16 @@ int in4_pton(const char *src, int srclen,
while(1) {
int c;
c = xdigit2bin(srclen > 0 ? *s : '\0', delim);
if (!(c & (IN6PTON_DIGIT | IN6PTON_DOT | IN6PTON_DELIM))) {
if (!(c & (IN6PTON_DIGIT | IN6PTON_DOT | IN6PTON_DELIM | IN6PTON_COLON_MASK))) {
goto out;
}
if (c & (IN6PTON_DOT | IN6PTON_DELIM)) {
if (c & (IN6PTON_DOT | IN6PTON_DELIM | IN6PTON_COLON_MASK)) {
if (w == 0)
goto out;
*d++ = w & 0xff;
w = 0;
i++;
if (c & IN6PTON_DELIM) {
if (c & (IN6PTON_DELIM | IN6PTON_COLON_MASK)) {
if (i != 4)
goto out;
break;
......
......@@ -250,8 +250,6 @@ e_inval:
return -EINVAL;
}
#ifndef CONFIG_IP_NOSIOCRT
static inline __be32 sk_extract_addr(struct sockaddr *addr)
{
return ((struct sockaddr_in *) addr)->sin_addr.s_addr;
......@@ -443,15 +441,6 @@ int ip_rt_ioctl(unsigned int cmd, void __user *arg)
return -EINVAL;
}
#else
int ip_rt_ioctl(unsigned int cmd, void *arg)
{
return -EINVAL;
}
#endif
struct nla_policy rtm_ipv4_policy[RTA_MAX+1] __read_mostly = {
[RTA_DST] = { .type = NLA_U32 },
[RTA_SRC] = { .type = NLA_U32 },
......
......@@ -1674,9 +1674,8 @@ adjudge_to_death:
}
if (sk->sk_state != TCP_CLOSE) {
sk_stream_mem_reclaim(sk);
if (atomic_read(sk->sk_prot->orphan_count) > sysctl_tcp_max_orphans ||
(sk->sk_wmem_queued > SOCK_MIN_SNDBUF &&
atomic_read(&tcp_memory_allocated) > sysctl_tcp_mem[2])) {
if (tcp_too_many_orphans(sk,
atomic_read(sk->sk_prot->orphan_count))) {
if (net_ratelimit())
printk(KERN_INFO "TCP: too many of orphaned "
"sockets\n");
......
......@@ -80,7 +80,8 @@ static void printl(const char *fmt, ...)
kfifo_put(tcpw.fifo, tbuf, len);
wake_up(&tcpw.wait);
}
} __attribute__ ((format (printf, 1, 2)));
/*
* Hook inserted to be called before each receive packet.
......@@ -95,7 +96,7 @@ static int jtcp_rcv_established(struct sock *sk, struct sk_buff *skb,
/* Only update if port matches */
if ((port == 0 || ntohs(inet->dport) == port || ntohs(inet->sport) == port)
&& (full || tp->snd_cwnd != tcpw.lastcwnd)) {
printl("%d.%d.%d.%d:%u %d.%d.%d.%d:%u %d %#x %#x %u %u %u\n",
printl("%d.%d.%d.%d:%u %d.%d.%d.%d:%u %d %#x %#x %u %u %u %u\n",
NIPQUAD(inet->saddr), ntohs(inet->sport),
NIPQUAD(inet->daddr), ntohs(inet->dport),
skb->len, tp->snd_nxt, tp->snd_una,
......
......@@ -78,9 +78,7 @@ static int tcp_out_of_resources(struct sock *sk, int do_reset)
if (sk->sk_err_soft)
orphans <<= 1;
if (orphans >= sysctl_tcp_max_orphans ||
(sk->sk_wmem_queued > SOCK_MIN_SNDBUF &&
atomic_read(&tcp_memory_allocated) > sysctl_tcp_mem[2])) {
if (tcp_too_many_orphans(sk, orphans)) {
if (net_ratelimit())
printk(KERN_INFO "Out of socket memory\n");
......
......@@ -139,10 +139,8 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
nf_reset(skb);
if (decaps) {
if (!(skb->dev->flags&IFF_LOOPBACK)) {
dst_release(skb->dst);
skb->dst = NULL;
}
dst_release(skb->dst);
skb->dst = NULL;
netif_rx(skb);
return 0;
} else {
......
......@@ -85,6 +85,8 @@ static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
top_iph->saddr = x->props.saddr.a4;
top_iph->daddr = x->id.daddr.a4;
skb->protocol = htons(ETH_P_IP);
memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
return 0;
}
......
......@@ -247,7 +247,7 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb)
memcpy(tmp_base, top_iph, sizeof(tmp_base));
tmp_ext = NULL;
extlen = skb_transport_offset(skb) + sizeof(struct ipv6hdr);
extlen = skb_transport_offset(skb) - sizeof(struct ipv6hdr);
if (extlen) {
extlen += sizeof(*tmp_ext);
tmp_ext = kmalloc(extlen, GFP_ATOMIC);
......
......@@ -619,14 +619,6 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
ins = &fn->leaf;
if (fn->fn_flags&RTN_TL_ROOT &&
fn->leaf == &ip6_null_entry &&
!(rt->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF)) ){
fn->leaf = rt;
rt->u.dst.rt6_next = NULL;
goto out;
}
for (iter = fn->leaf; iter; iter=iter->u.dst.rt6_next) {
/*
* Search for duplicates
......@@ -666,7 +658,6 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
* insert node
*/
out:
rt->u.dst.rt6_next = iter;
*ins = rt;
rt->rt6i_node = fn;
......
......@@ -104,10 +104,8 @@ int xfrm6_rcv_spi(struct sk_buff *skb, __be32 spi)
nf_reset(skb);
if (decaps) {
if (!(skb->dev->flags&IFF_LOOPBACK)) {
dst_release(skb->dst);
skb->dst = NULL;
}
dst_release(skb->dst);
skb->dst = NULL;
netif_rx(skb);
return -1;
} else {
......
......@@ -80,6 +80,7 @@ static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
top_iph->hop_limit = dst_metric(dst->child, RTAX_HOPLIMIT);
ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr);
ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr);
skb->protocol = htons(ETH_P_IPV6);
return 0;
}
......
......@@ -2474,6 +2474,8 @@ static int ieee80211_open(struct net_device *dev)
if (sdata->type == IEEE80211_IF_TYPE_STA &&
!local->user_space_mlme)
netif_carrier_off(dev);
else
netif_carrier_on(dev);
netif_start_queue(dev);
return 0;
......@@ -3278,8 +3280,10 @@ ieee80211_rx_h_defragment(struct ieee80211_txrx_data *rx)
return TXRX_DROP;
}
}
while ((skb = __skb_dequeue(&entry->skb_list)))
while ((skb = __skb_dequeue(&entry->skb_list))) {
memcpy(skb_put(rx->skb, skb->len), skb->data, skb->len);
dev_kfree_skb(skb);
}
/* Complete frame has been reassembled - process it now */
rx->fragmented = 1;
......
......@@ -1155,6 +1155,8 @@ static void ieee80211_rx_mgmt_assoc_resp(struct net_device *dev,
if (status_code != WLAN_STATUS_SUCCESS) {
printk(KERN_DEBUG "%s: AP denied association (code=%d)\n",
dev->name, status_code);
if (status_code == WLAN_STATUS_REASSOC_NO_ASSOC)
ifsta->prev_bssid_set = 0;
return;
}
......@@ -2995,7 +2997,7 @@ struct sta_info * ieee80211_ibss_add_sta(struct net_device *dev,
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct sta_info *sta;
struct ieee80211_sub_if_data *sdata = NULL;
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
/* TODO: Could consider removing the least recently used entry and
* allow new one to be added. */
......
......@@ -83,22 +83,6 @@
#include <net/inet_common.h>
#endif
#define CONFIG_SOCK_PACKET 1
/*
Proposed replacement for SIOC{ADD,DEL}MULTI and
IFF_PROMISC, IFF_ALLMULTI flags.
It is more expensive, but I believe,
it is really correct solution: reentereble, safe and fault tolerant.
IFF_PROMISC/IFF_ALLMULTI/SIOC{ADD/DEL}MULTI are faked by keeping
reference count and global flag, so that real status is
(gflag|(count != 0)), so that we can use obsolete faulty interface
not harming clever users.
*/
#define CONFIG_PACKET_MULTICAST 1
/*
Assumptions:
- if device has no dev->hard_header routine, it adds and removes ll header
......@@ -159,7 +143,6 @@ static atomic_t packet_socks_nr;
/* Private packet socket structures. */
#ifdef CONFIG_PACKET_MULTICAST
struct packet_mclist
{
struct packet_mclist *next;
......@@ -179,7 +162,7 @@ struct packet_mreq_max
unsigned short mr_alen;
unsigned char mr_address[MAX_ADDR_LEN];
};
#endif
#ifdef CONFIG_PACKET_MMAP
static int packet_set_ring(struct sock *sk, struct tpacket_req *req, int closing);
#endif
......@@ -205,9 +188,7 @@ struct packet_sock {
origdev:1;
int ifindex; /* bound device */
__be16 num;
#ifdef CONFIG_PACKET_MULTICAST
struct packet_mclist *mclist;
#endif
#ifdef CONFIG_PACKET_MMAP
atomic_t mapped;
unsigned int pg_vec_order;
......@@ -263,7 +244,6 @@ static void packet_sock_destruct(struct sock *sk)
static const struct proto_ops packet_ops;
#ifdef CONFIG_SOCK_PACKET
static const struct proto_ops packet_ops_spkt;
static int packet_rcv_spkt(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
......@@ -435,7 +415,6 @@ out_unlock:
dev_put(dev);
return err;
}
#endif
static inline unsigned int run_filter(struct sk_buff *skb, struct sock *sk,
unsigned int res)
......@@ -851,9 +830,7 @@ static int packet_release(struct socket *sock)
__sock_put(sk);
}
#ifdef CONFIG_PACKET_MULTICAST
packet_flush_mclist(sk);
#endif
#ifdef CONFIG_PACKET_MMAP
if (po->pg_vec) {
......@@ -936,8 +913,6 @@ out_unlock:
* Bind a packet socket to a device
*/
#ifdef CONFIG_SOCK_PACKET
static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, int addr_len)
{
struct sock *sk=sock->sk;
......@@ -960,7 +935,6 @@ static int packet_bind_spkt(struct socket *sock, struct sockaddr *uaddr, int add
}
return err;
}
#endif
static int packet_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
{
......@@ -1012,11 +986,8 @@ static int packet_create(struct socket *sock, int protocol)
if (!capable(CAP_NET_RAW))
return -EPERM;
if (sock->type != SOCK_DGRAM && sock->type != SOCK_RAW
#ifdef CONFIG_SOCK_PACKET
&& sock->type != SOCK_PACKET
#endif
)
if (sock->type != SOCK_DGRAM && sock->type != SOCK_RAW &&
sock->type != SOCK_PACKET)
return -ESOCKTNOSUPPORT;
sock->state = SS_UNCONNECTED;
......@@ -1027,10 +998,9 @@ static int packet_create(struct socket *sock, int protocol)
goto out;
sock->ops = &packet_ops;
#ifdef CONFIG_SOCK_PACKET
if (sock->type == SOCK_PACKET)
sock->ops = &packet_ops_spkt;
#endif
sock_init_data(sock, sk);
po = pkt_sk(sk);
......@@ -1046,10 +1016,10 @@ static int packet_create(struct socket *sock, int protocol)
spin_lock_init(&po->bind_lock);
po->prot_hook.func = packet_rcv;
#ifdef CONFIG_SOCK_PACKET
if (sock->type == SOCK_PACKET)
po->prot_hook.func = packet_rcv_spkt;
#endif
po->prot_hook.af_packet_priv = sk;
if (proto) {
......@@ -1169,7 +1139,6 @@ out:
return err;
}
#ifdef CONFIG_SOCK_PACKET
static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr,
int *uaddr_len, int peer)
{
......@@ -1190,7 +1159,6 @@ static int packet_getname_spkt(struct socket *sock, struct sockaddr *uaddr,
return 0;
}
#endif
static int packet_getname(struct socket *sock, struct sockaddr *uaddr,
int *uaddr_len, int peer)
......@@ -1221,7 +1189,6 @@ static int packet_getname(struct socket *sock, struct sockaddr *uaddr,
return 0;
}
#ifdef CONFIG_PACKET_MULTICAST
static void packet_dev_mc(struct net_device *dev, struct packet_mclist *i, int what)
{
switch (i->type) {
......@@ -1349,7 +1316,6 @@ static void packet_flush_mclist(struct sock *sk)
}
rtnl_unlock();
}
#endif
static int
packet_setsockopt(struct socket *sock, int level, int optname, char __user *optval, int optlen)
......@@ -1362,7 +1328,6 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv
return -ENOPROTOOPT;
switch(optname) {
#ifdef CONFIG_PACKET_MULTICAST
case PACKET_ADD_MEMBERSHIP:
case PACKET_DROP_MEMBERSHIP:
{
......@@ -1383,7 +1348,7 @@ packet_setsockopt(struct socket *sock, int level, int optname, char __user *optv
ret = packet_mc_drop(sk, &mreq);
return ret;
}
#endif
#ifdef CONFIG_PACKET_MMAP
case PACKET_RX_RING:
{
......@@ -1506,11 +1471,10 @@ static int packet_notifier(struct notifier_block *this, unsigned long msg, void
switch (msg) {
case NETDEV_UNREGISTER:
#ifdef CONFIG_PACKET_MULTICAST
if (po->mclist)
packet_dev_mclist(dev, po->mclist, -1);
// fallthrough
#endif
/* fallthrough */
case NETDEV_DOWN:
if (dev->ifindex == po->ifindex) {
spin_lock(&po->bind_lock);
......@@ -1856,7 +1820,6 @@ out:
#endif
#ifdef CONFIG_SOCK_PACKET
static const struct proto_ops packet_ops_spkt = {
.family = PF_PACKET,
.owner = THIS_MODULE,
......@@ -1877,7 +1840,6 @@ static const struct proto_ops packet_ops_spkt = {
.mmap = sock_no_mmap,
.sendpage = sock_no_sendpage,
};
#endif
static const struct proto_ops packet_ops = {
.family = PF_PACKET,
......
......@@ -26,10 +26,11 @@
#include <net/xfrm.h>
#include <net/ip.h>
#include <linux/audit.h>
#include <linux/cache.h>
#include "xfrm_hash.h"
int sysctl_xfrm_larval_drop;
int sysctl_xfrm_larval_drop __read_mostly;
DEFINE_MUTEX(xfrm_cfg_mutex);
EXPORT_SYMBOL(xfrm_cfg_mutex);
......
......@@ -21,18 +21,21 @@
#include <linux/cache.h>
#include <asm/uaccess.h>
#include <linux/audit.h>
#include <linux/cache.h>
#include "xfrm_hash.h"
struct sock *xfrm_nl;
EXPORT_SYMBOL(xfrm_nl);
u32 sysctl_xfrm_aevent_etime = XFRM_AE_ETIME;
u32 sysctl_xfrm_aevent_etime __read_mostly = XFRM_AE_ETIME;
EXPORT_SYMBOL(sysctl_xfrm_aevent_etime);
u32 sysctl_xfrm_aevent_rseqth = XFRM_AE_SEQT_SIZE;
u32 sysctl_xfrm_aevent_rseqth __read_mostly = XFRM_AE_SEQT_SIZE;
EXPORT_SYMBOL(sysctl_xfrm_aevent_rseqth);
u32 sysctl_xfrm_acq_expires __read_mostly = 30;
/* Each xfrm_state may be linked to two tables:
1. Hash table by (spi,daddr,ah/esp) to find SA by SPI. (input,ctl)
......@@ -622,8 +625,8 @@ xfrm_state_find(xfrm_address_t *daddr, xfrm_address_t *saddr,
h = xfrm_spi_hash(&x->id.daddr, x->id.spi, x->id.proto, family);
hlist_add_head(&x->byspi, xfrm_state_byspi+h);
}
x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
add_timer(&x->timer);
xfrm_state_num++;
xfrm_hash_grow_check(x->bydst.next != NULL);
......@@ -772,9 +775,9 @@ static struct xfrm_state *__find_acq_core(unsigned short family, u8 mode, u32 re
x->props.family = family;
x->props.mode = mode;
x->props.reqid = reqid;
x->lft.hard_add_expires_seconds = XFRM_ACQ_EXPIRES;
x->lft.hard_add_expires_seconds = sysctl_xfrm_acq_expires;
xfrm_state_hold(x);
x->timer.expires = jiffies + XFRM_ACQ_EXPIRES*HZ;
x->timer.expires = jiffies + sysctl_xfrm_acq_expires*HZ;
add_timer(&x->timer);
hlist_add_head(&x->bydst, xfrm_state_bydst+h);
h = xfrm_src_hash(daddr, saddr, family);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment