linux/net/ipv4
Neil Horman a44a4a006b xfrm: export xfrm garbage collector thresholds via sysctl
Export garbage collector thresholds for xfrm[4|6]_dst_ops

Had a problem reported to me recently in which a high volume of ipsec
connections on a system began reporting ENOBUFS for new connections
eventually.

It seemed that after about 2000 connections we started being unable to
create more.  A quick look revealed that the xfrm code used a dst_ops
structure that limited the gc_thresh value to 1024, and always
dropped route cache entries after 2x the gc_thresh.

It seems the most direct solution is to export the gc_thresh values in
the xfrm[4|6] dst_ops as sysctls, like the main routing table does, so
that higher volumes of connections can be supported.  This patch has
been tested and allows the reporter to increase their ipsec connection
volume successfully.

Reported-by: Joe Nall <joe@nall.com>
Signed-off-by: Neil Horman <nhorman@tuxdriver.com>

ipv4/xfrm4_policy.c |   18 ++++++++++++++++++
ipv6/xfrm6_policy.c |   18 ++++++++++++++++++
2 files changed, 36 insertions(+)
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-07-27 11:35:32 -07:00
..
netfilter netfilter: tcp conntrack: fix unacknowledged data detection with NAT 2009-06-29 14:07:56 +02:00
af_inet.c udpv4: Handle large incoming UDP/IPv4 packets and support software UFO. 2009-07-12 14:29:21 -07:00
ah4.c
arp.c Revert "ipv4: arp announce, arp_proxy and windows ip conflict verification" 2009-06-30 19:47:08 -07:00
cipso_ipv4.c netlabel: Label incoming TCP connections correctly in SELinux 2009-03-28 15:01:36 +11:00
datagram.c
devinet.c net: Fix devinet_sysctl_forward 2009-05-18 22:15:58 -07:00
esp4.c
fib_frontend.c ipv4: cleanup: remove unnecessary include. 2009-05-18 15:16:38 -07:00
fib_hash.c ipv4: cleanup - remove two unused parameters from fib_semantic_match(). 2009-05-18 15:16:37 -07:00
fib_lookup.h ipv4: cleanup - remove two unused parameters from fib_semantic_match(). 2009-05-18 15:16:37 -07:00
fib_rules.c net: Remove unused parameter from fill method in fib_rules_ops. 2009-05-20 17:26:23 -07:00
fib_semantics.c ipv4: cleanup - remove two unused parameters from fib_semantic_match(). 2009-05-18 15:16:37 -07:00
fib_trie.c ipv4: fib_trie: Use tnode_get_child_rcu() and node_parent_rcu() in lookups 2009-07-20 07:39:31 -07:00
icmp.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
igmp.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
inet_connection_sock.c
inet_diag.c net: correct off-by-one write allocations reports 2009-06-18 00:29:12 -07:00
inet_fragment.c
inet_hashtables.c
inet_lro.c
inet_timewait_sock.c Merge branch 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/vegard/kmemcheck 2009-06-16 13:09:51 -07:00
inetpeer.c
ip_forward.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
ip_fragment.c ipv4: Use frag list abstraction interfaces. 2009-06-09 00:19:37 -07:00
ip_gre.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-07-16 20:21:24 -07:00
ip_input.c inet: Call skb_orphan before tproxy activates 2009-06-26 19:22:37 -07:00
ip_options.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
ip_output.c net: ip_push_pending_frames() fix 2009-07-11 20:26:21 -07:00
ip_sockglue.c net: skb->rtable accessor 2009-06-03 02:51:02 -07:00
ipcomp.c
ipconfig.c ipv4: teach ipconfig about the MTU option in DHCP 2009-05-19 15:36:17 -07:00
ipip.c net: use NETDEV_TX_OK instead of 0 in ndo_start_xmit() functions 2009-07-05 19:16:04 -07:00
ipmr.c net: use NETDEV_TX_OK instead of 0 in ndo_start_xmit() functions 2009-07-05 19:16:04 -07:00
Kconfig ipv4: update ARPD help text 2009-06-13 23:36:32 -07:00
Makefile
netfilter.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
proc.c snmp: add missing counters for RFC 4293 2009-04-27 02:45:02 -07:00
protocol.c
raw.c net: correct off-by-one write allocations reports 2009-06-18 00:29:12 -07:00
route.c ipv4 routing: Ensure that route cache entries are usable and reclaimable with caching is off 2009-06-23 16:36:26 -07:00
syncookies.c syncookies: remove last_synq_overflow from struct tcp_sock 2009-04-20 02:25:26 -07:00
sysctl_net_ipv4.c
tcp_bic.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_cong.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_cubic.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_diag.c
tcp_highspeed.c
tcp_htcp.c htcp: merge icsk_ca_state compare 2009-03-02 03:00:14 -08:00
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: fix loop in ofo handling code and reduce its complexity 2009-05-29 15:02:29 -07:00
tcp_ipv4.c tcp: Use correct peer adr when copying MD5 keys 2009-07-20 07:49:08 -07:00
tcp_lp.c
tcp_minisocks.c tcp: missing check ACK flag of received segment in FIN-WAIT-2 state 2009-06-25 20:03:15 -07:00
tcp_output.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-07-23 19:03:51 -07:00
tcp_probe.c tcp: '< 0' test on unsigned 2009-03-13 16:05:14 -07:00
tcp_scalable.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_timer.c tcp: cleanup ca_state mess in tcp_timer 2009-03-02 03:00:13 -08:00
tcp_vegas.c tcp: tcp_vegas ssthresh bugfix 2009-05-25 22:44:59 -07:00
tcp_vegas.h
tcp_veno.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_westwood.c
tcp_yeah.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp.c net: adding memory barrier to the poll and receive callbacks 2009-07-09 17:06:57 -07:00
tunnel4.c
udp_impl.h
udp.c udp: cleanups 2009-07-17 09:47:31 -07:00
udplite.c
xfrm4_input.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm4_output.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm4_policy.c xfrm: export xfrm garbage collector thresholds via sysctl 2009-07-27 11:35:32 -07:00
xfrm4_state.c
xfrm4_tunnel.c