Esempio n. 1
0
int __init br_netfilter_init(void)
{
	int ret;

	ret = dst_entries_init(&fake_dst_ops);
	if (ret < 0)
		return ret;

	ret = nf_register_hooks(br_nf_ops, ARRAY_SIZE(br_nf_ops));
	if (ret < 0) {
		dst_entries_destroy(&fake_dst_ops);
		return ret;
	}
#ifdef CONFIG_SYSCTL
	brnf_sysctl_header = register_sysctl_paths(brnf_path, brnf_table);
	if (brnf_sysctl_header == NULL) {
		printk(KERN_WARNING
		       "br_netfilter: can't register to sysctl.\n");
		nf_unregister_hooks(br_nf_ops, ARRAY_SIZE(br_nf_ops));
		dst_entries_destroy(&fake_dst_ops);
		return -ENOMEM;
	}
#endif
	printk(KERN_NOTICE "Bridge firewalling registered\n");
	return 0;
}
Esempio n. 2
0
int __init xfrm6_init(void)
{
	int ret;

	dst_entries_init(&xfrm6_dst_ops);

	ret = xfrm6_policy_init();
	if (ret) {
		dst_entries_destroy(&xfrm6_dst_ops);
		goto out;
	}
	ret = xfrm6_state_init();
	if (ret)
		goto out_policy;

	ret = xfrm6_protocol_init();
	if (ret)
		goto out_state;

#ifdef CONFIG_SYSCTL
	register_pernet_subsys(&xfrm6_net_ops);
#endif
out:
	return ret;
out_state:
	xfrm6_state_fini();
out_policy:
	xfrm6_policy_fini();
	goto out;
}
Esempio n. 3
0
int __init xfrm6_init(void)
{
	int ret;

	dst_entries_init(&xfrm6_dst_ops);

	ret = xfrm6_policy_init();
	if (ret) {
		dst_entries_destroy(&xfrm6_dst_ops);
		goto out;
	}
	ret = xfrm6_state_init();
	if (ret)
		goto out_policy;

#ifdef CONFIG_SYSCTL
	sysctl_hdr = register_net_sysctl(&init_net, "net/ipv6",
					 xfrm6_policy_table);
#endif
out:
	return ret;
out_policy:
	xfrm6_policy_fini();
	goto out;
}
Esempio n. 4
0
void __init xfrm4_init(void)
{
	dst_entries_init(&xfrm4_dst_ops);

	xfrm4_state_init();
	xfrm4_policy_init();
#ifdef CONFIG_SYSCTL
	register_pernet_subsys(&xfrm4_net_ops);
#endif
}
Esempio n. 5
0
static int __net_init xfrm4_net_init(struct net *net)
{
	int ret;

	memcpy(&net->xfrm.xfrm4_dst_ops, &xfrm4_dst_ops_template,
	       sizeof(xfrm4_dst_ops_template));
	ret = dst_entries_init(&net->xfrm.xfrm4_dst_ops);
	if (ret)
		return ret;

	ret = xfrm4_net_sysctl_init(net);
	if (ret)
		dst_entries_destroy(&net->xfrm.xfrm4_dst_ops);

	return ret;
}
void __init xfrm4_init(int rt_max_size)
{
	/*
	 * Select a default value for the gc_thresh based on the main route
	 * table hash size.  It seems to me the worst case scenario is when
	 * we have ipsec operating in transport mode, in which we create a
	 * dst_entry per socket.  The xfrm gc algorithm starts trying to remove
	 * entries at gc_thresh, and prevents new allocations as 2*gc_thresh
	 * so lets set an initial xfrm gc_thresh value at the rt_max_size/2.
	 * That will let us store an ipsec connection per route table entry,
	 * and start cleaning when were 1/2 full
	 */
	xfrm4_dst_ops.gc_thresh = rt_max_size/2;
	dst_entries_init(&xfrm4_dst_ops);

	xfrm4_state_init();
	xfrm4_policy_init();
#ifdef CONFIG_SYSCTL
	sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path,
						xfrm4_policy_table);
#endif
}
Esempio n. 7
0
int __init xfrm6_init(void)
{
	int ret;
	unsigned int gc_thresh;

	/*
	 * We need a good default value for the xfrm6 gc threshold.
	 * In ipv4 we set it to the route hash table size * 8, which
	 * is half the size of the maximaum route cache for ipv4.  It
	 * would be good to do the same thing for v6, except the table is
	 * constructed differently here.  Here each table for a net namespace
	 * can have FIB_TABLE_HASHSZ entries, so lets go with the same
	 * computation that we used for ipv4 here.  Also, lets keep the initial
	 * gc_thresh to a minimum of 1024, since, the ipv6 route cache defaults
	 * to that as a minimum as well
	 */
	gc_thresh = FIB6_TABLE_HASHSZ * 8;
	xfrm6_dst_ops.gc_thresh = (gc_thresh < 1024) ? 1024 : gc_thresh;
	dst_entries_init(&xfrm6_dst_ops);

	ret = xfrm6_policy_init();
	if (ret) {
		dst_entries_destroy(&xfrm6_dst_ops);
		goto out;
	}
	ret = xfrm6_state_init();
	if (ret)
		goto out_policy;

#ifdef CONFIG_SYSCTL
	sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv6_ctl_path,
						xfrm6_policy_table);
#endif
out:
	return ret;
out_policy:
	xfrm6_policy_fini();
	goto out;
}
int __init br_nf_core_init(void)
{
    return dst_entries_init(&fake_dst_ops);
}