Commit 5e7873d1 authored by David S. Miller's avatar David S. Miller

Merge branch 'master' of git://

Steffen Klassert says:

This pull request is intended for 3.7 and contains a single patch to
fix the IPsec gc threshold value for ipv4.
Signed-off-by: default avatarDavid S. Miller <>
parents ef6c5be6 703fb94e
......@@ -1351,7 +1351,7 @@ struct xfrm6_tunnel {
extern void xfrm_init(void);
extern void xfrm4_init(int rt_hash_size);
extern void xfrm4_init(void);
extern int xfrm_state_init(struct net *net);
extern void xfrm_state_fini(struct net *net);
extern void xfrm4_state_init(void);
......@@ -2597,7 +2597,7 @@ int __init ip_rt_init(void)
pr_err("Unable to create route proc files\n");
rtnl_register(PF_INET, RTM_GETROUTE, inet_rtm_getroute, NULL, NULL);
......@@ -279,19 +279,8 @@ static void __exit xfrm4_policy_fini(void)
void __init xfrm4_init(int rt_max_size)
void __init xfrm4_init(void)
* Select a default value for the gc_thresh based on the main route
* table hash size. It seems to me the worst case scenario is when
* we have ipsec operating in transport mode, in which we create a
* dst_entry per socket. The xfrm gc algorithm starts trying to remove
* entries at gc_thresh, and prevents new allocations as 2*gc_thresh
* so lets set an initial xfrm gc_thresh value at the rt_max_size/2.
* That will let us store an ipsec connection per route table entry,
* and start cleaning when were 1/2 full
xfrm4_dst_ops.gc_thresh = rt_max_size/2;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment