diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-11-25 17:24:15 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-11-25 17:24:15 -0800 |
commit | dc2caba7b321289e7d02e63d7216961ccecfa103 (patch) | |
tree | 639c3da4e2a2b35af3b4dfe980994ce7f9a27c0e /include | |
parent | a35f6c5de32664d82c072a7e2c7d5c5234de4158 (diff) | |
download | linux-dc2caba7b321289e7d02e63d7216961ccecfa103.tar.bz2 |
netns xfrm: per-netns policy counts
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/netns/xfrm.h | 1 | ||||
-rw-r--r-- | include/net/xfrm.h | 6 |
2 files changed, 3 insertions, 4 deletions
diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h index 39cfa799fa90..d5aadf06be46 100644 --- a/include/net/netns/xfrm.h +++ b/include/net/netns/xfrm.h @@ -37,6 +37,7 @@ struct netns_xfrm { unsigned int policy_idx_hmask; struct hlist_head policy_inexact[XFRM_POLICY_MAX * 2]; struct xfrm_policy_hash policy_bydst[XFRM_POLICY_MAX * 2]; + unsigned int policy_count[XFRM_POLICY_MAX * 2]; }; #endif diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 1ab17565f01c..8699620f8c2d 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -559,8 +559,6 @@ struct xfrm_mgr extern int xfrm_register_km(struct xfrm_mgr *km); extern int xfrm_unregister_km(struct xfrm_mgr *km); -extern unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2]; - /* * This structure is used for the duration where packets are being * transformed by IPsec. As soon as the packet leaves IPsec the @@ -999,7 +997,7 @@ static inline int __xfrm_policy_check2(struct sock *sk, int dir, if (sk && sk->sk_policy[XFRM_POLICY_IN]) return __xfrm_policy_check(sk, ndir, skb, family); - return (!xfrm_policy_count[dir] && !skb->sp) || + return (!init_net.xfrm.policy_count[dir] && !skb->sp) || (skb->dst->flags & DST_NOPOLICY) || __xfrm_policy_check(sk, ndir, skb, family); } @@ -1051,7 +1049,7 @@ extern int __xfrm_route_forward(struct sk_buff *skb, unsigned short family); static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family) { - return !xfrm_policy_count[XFRM_POLICY_OUT] || + return !init_net.xfrm.policy_count[XFRM_POLICY_OUT] || (skb->dst->flags & DST_NOXFRM) || __xfrm_route_forward(skb, family); } |