netns xfrm: per-netns sysctls

extern int sysctl_ip_default_ttl;

extern int sysctl_ip_nonlocal_bind;

extern struct ctl_path net_core_path[];

extern struct ctl_path net_ipv4_ctl_path[];

/* From inetpeer.c */

#include <linux/workqueue.h>

#include <linux/xfrm.h>

struct ctl_table_header;

struct xfrm_policy_hash {

	struct hlist_head	*table;

	unsigned int		hmask;

	struct work_struct	policy_hash_work;

	struct sock		*nlsk;

	u32			sysctl_aevent_etime;

	u32			sysctl_aevent_rseqth;

	int			sysctl_larval_drop;

	u32			sysctl_acq_expires;

#ifdef CONFIG_SYSCTL

	struct ctl_table_header	*sysctl_hdr;

#endif

};

#endif

#define XFRM_INC_STATS_USER(net, field)	((void)(net))

#endif

extern u32 sysctl_xfrm_aevent_etime;

extern u32 sysctl_xfrm_aevent_rseqth;

extern int sysctl_xfrm_larval_drop;

extern u32 sysctl_xfrm_acq_expires;

extern struct mutex xfrm_cfg_mutex;

/* Organization of SPD aka "XFRM rules"

extern void xfrm_proc_fini(struct net *net);

#endif

extern int xfrm_sysctl_init(struct net *net);

#ifdef CONFIG_SYSCTL

extern void xfrm_sysctl_fini(struct net *net);

#else

static inline void xfrm_sysctl_fini(struct net *net)

{

}

#endif

extern void xfrm_state_walk_init(struct xfrm_state_walk *walk, u8 proto);

extern int xfrm_state_walk(struct net *net, struct xfrm_state_walk *walk,

			   int (*func)(struct xfrm_state *, int, void*), void *);

#include <linux/netdevice.h>

#include <linux/init.h>

#include <net/sock.h>

#include <net/xfrm.h>

static struct ctl_table net_core_table[] = {

#ifdef CONFIG_NET

		.mode		= 0644,

		.proc_handler	= proc_dointvec

	},

#ifdef CONFIG_XFRM

	{

		.ctl_name	= NET_CORE_AEVENT_ETIME,

		.procname	= "xfrm_aevent_etime",

		.data		= &sysctl_xfrm_aevent_etime,

		.maxlen		= sizeof(u32),

		.mode		= 0644,

		.proc_handler	= proc_dointvec

	},

	{

		.ctl_name	= NET_CORE_AEVENT_RSEQTH,

		.procname	= "xfrm_aevent_rseqth",

		.data		= &sysctl_xfrm_aevent_rseqth,

		.maxlen		= sizeof(u32),

		.mode		= 0644,

		.proc_handler	= proc_dointvec

	},

	{

		.ctl_name	= CTL_UNNUMBERED,

		.procname	= "xfrm_larval_drop",

		.data		= &sysctl_xfrm_larval_drop,

		.maxlen		= sizeof(int),

		.mode		= 0644,

		.proc_handler	= proc_dointvec

	},

	{

		.ctl_name	= CTL_UNNUMBERED,

		.procname	= "xfrm_acq_expires",

		.data		= &sysctl_xfrm_acq_expires,

		.maxlen		= sizeof(int),

		.mode		= 0644,

		.proc_handler	= proc_dointvec

	},

#endif /* CONFIG_XFRM */

#endif /* CONFIG_NET */

	{

		.ctl_name	= NET_CORE_BUDGET,

	{ .ctl_name = 0 }

};

static __net_initdata struct ctl_path net_core_path[] = {

__net_initdata struct ctl_path net_core_path[] = {

	{ .procname = "net", .ctl_name = CTL_NET, },

	{ .procname = "core", .ctl_name = NET_CORE, },

	{ },

static __init int sysctl_core_init(void)

{

	static struct ctl_table empty[1];

	register_sysctl_paths(net_core_path, empty);

	register_net_sysctl_rotable(net_core_path, net_core_table);

	return register_pernet_subsys(&sysctl_core_ops);

}

__initcall(sysctl_core_init);

fs_initcall(sysctl_core_init);

#

obj-$(CONFIG_XFRM) := xfrm_policy.o xfrm_state.o xfrm_hash.o \

		      xfrm_input.o xfrm_output.o xfrm_algo.o

		      xfrm_input.o xfrm_output.o xfrm_algo.o \

		      xfrm_sysctl.o

obj-$(CONFIG_XFRM_STATISTICS) += xfrm_proc.o

obj-$(CONFIG_XFRM_USER) += xfrm_user.o

obj-$(CONFIG_XFRM_IPCOMP) += xfrm_ipcomp.o