netns xfrm: deal with dst entries in netns GC is non-existent in netns, so after you hit GC threshold, no new dst entries will be created until someone triggers cleanup in init_net. Make xfrm4_dst_ops and xfrm6_dst_ops per-netns. This is not done in a generic way, because it woule waste (AF_MAX - 2) * sizeof(struct dst_ops) bytes per-netns. Reorder GC threshold initialization so it'd be done before registering XFRM policies. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: d7c7544c3d5f59033d1bf3236bc7b289f5f26b75 [log] [tgz]
author: Alexey Dobriyan <adobriyan@gmail.com> Sun Jan 24 22:47:53 2010 -0800
committer: David S. Miller <davem@davemloft.net> Sun Jan 24 22:47:53 2010 -0800
tree: 1a3c9e7b6c0c9158ddb73faa05b07697c3493cf1
parent: a40ccc6868943e74ec12f26a266ce1d0373b2b32 [diff] [blame]
diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h
index 56f8e55..74f119a 100644
--- a/include/net/netns/xfrm.h
+++ b/include/net/netns/xfrm.h

@@ -5,6 +5,7 @@
 #include <linux/wait.h>
 #include <linux/workqueue.h>
 #include <linux/xfrm.h>
+#include <net/dst_ops.h>
 
 struct ctl_table_header;
 
@@ -42,6 +43,11 @@
 	unsigned int		policy_count[XFRM_POLICY_MAX * 2];
 	struct work_struct	policy_hash_work;
 
+	struct dst_ops		xfrm4_dst_ops;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+	struct dst_ops		xfrm6_dst_ops;
+#endif
+
 	struct sock		*nlsk;
 	struct sock		*nlsk_stash;
commit	d7c7544c3d5f59033d1bf3236bc7b289f5f26b75	[log] [tgz]
author	Alexey Dobriyan <adobriyan@gmail.com>	Sun Jan 24 22:47:53 2010 -0800
committer	David S. Miller <davem@davemloft.net>	Sun Jan 24 22:47:53 2010 -0800
tree	1a3c9e7b6c0c9158ddb73faa05b07697c3493cf1
parent	a40ccc6868943e74ec12f26a266ce1d0373b2b32 [diff] [blame]