lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[NETNS][FRAGS]: Isolate the secret interval from namespaces.

Browse Source 
Since we have one hashtable to lookup the fragment, having
different secret_interval-s for hash rebuild doesn't make
sense, so move this one to inet_frags.

The inet_frags_ctl becomes empty after this, so remove it.
The appropriate ctl table is kept read-only in namespaces.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Pavel Emelyanov
2008-01-22 06:11:04 -08:00
committed by David S. Miller
parent e31e0bdc7e
commit 3b4bc4a2bf
6 changed files with 8 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/net/inet_frag.h
View File

@@ -31,18 +31,14 @@ struct inet_frag_queue {
#define INETFRAGS_HASHSZ 64 #define INETFRAGS_HASHSZ 64
struct inet_frags_ctl {
int secret_interval;
};
struct inet_frags { struct inet_frags {
struct list_head lru_list; struct list_head lru_list;
struct hlist_head hash[INETFRAGS_HASHSZ]; struct hlist_head hash[INETFRAGS_HASHSZ];
rwlock_t lock; rwlock_t lock;
u32 rnd; u32 rnd;
int qsize; int qsize;
int secret_interval;
struct timer_list secret_timer; struct timer_list secret_timer;
struct inet_frags_ctl *ctl;
unsigned int (*hashfn)(struct inet_frag_queue *); unsigned int (*hashfn)(struct inet_frag_queue *);
void (*constructor)(struct inet_frag_queue *q, void (*constructor)(struct inet_frag_queue *q,

1
include/net/netns/ipv6.h
View File

@@ -14,7 +14,6 @@ struct netns_sysctl_ipv6 {
struct ctl_table_header *table; struct ctl_table_header *table;
struct ctl_table_header *frags_hdr; struct ctl_table_header *frags_hdr;
#endif #endif
struct inet_frags_ctl frags;
int bindv6only; int bindv6only;
int flush_delay; int flush_delay;
int ip6_rt_max_size; int ip6_rt_max_size;

4
net/ipv4/inet_fragment.c
View File

@@ -47,7 +47,7 @@ static void inet_frag_secret_rebuild(unsigned long dummy)
} }
write_unlock(&f->lock); write_unlock(&f->lock);
mod_timer(&f->secret_timer, now + f->ctl->secret_interval); mod_timer(&f->secret_timer, now + f->secret_interval);
} }
void inet_frags_init(struct inet_frags *f) void inet_frags_init(struct inet_frags *f)
@@ -65,7 +65,7 @@ void inet_frags_init(struct inet_frags *f)
setup_timer(&f->secret_timer, inet_frag_secret_rebuild, setup_timer(&f->secret_timer, inet_frag_secret_rebuild,
(unsigned long)f); (unsigned long)f);
f->secret_timer.expires = jiffies + f->ctl->secret_interval; f->secret_timer.expires = jiffies + f->secret_interval;
add_timer(&f->secret_timer); add_timer(&f->secret_timer);
} }
EXPORT_SYMBOL(inet_frags_init); EXPORT_SYMBOL(inet_frags_init);

8
net/ipv4/ip_fragment.c
View File

@@ -74,10 +74,6 @@ struct ipq {
struct inet_peer *peer; struct inet_peer *peer;
}; };
static struct inet_frags_ctl ip4_frags_ctl __read_mostly = {
.secret_interval = 10 * 60 * HZ,
};
static struct inet_frags ip4_frags; static struct inet_frags ip4_frags;
int ip_frag_nqueues(struct net *net) int ip_frag_nqueues(struct net *net)
@@ -627,7 +623,7 @@ static struct ctl_table ip4_frags_ctl_table[] = {
{ {
.ctl_name = NET_IPV4_IPFRAG_SECRET_INTERVAL, .ctl_name = NET_IPV4_IPFRAG_SECRET_INTERVAL,
.procname = "ipfrag_secret_interval", .procname = "ipfrag_secret_interval",
.data = &ip4_frags_ctl.secret_interval, .data = &ip4_frags.secret_interval,
.maxlen = sizeof(int), .maxlen = sizeof(int),
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec_jiffies, .proc_handler = &proc_dointvec_jiffies,
@@ -720,7 +716,6 @@ static int ipv4_frags_init_net(struct net *net)
void __init ipfrag_init(void) void __init ipfrag_init(void)
{ {
ipv4_frags_init_net(&init_net); ipv4_frags_init_net(&init_net);
ip4_frags.ctl = &ip4_frags_ctl;
ip4_frags.hashfn = ip4_hashfn; ip4_frags.hashfn = ip4_hashfn;
ip4_frags.constructor = ip4_frag_init; ip4_frags.constructor = ip4_frag_init;
ip4_frags.destructor = ip4_frag_free; ip4_frags.destructor = ip4_frag_free;
@@ -728,6 +723,7 @@ void __init ipfrag_init(void)
ip4_frags.qsize = sizeof(struct ipq); ip4_frags.qsize = sizeof(struct ipq);
ip4_frags.match = ip4_frag_match; ip4_frags.match = ip4_frag_match;
ip4_frags.frag_expire = ip_expire; ip4_frags.frag_expire = ip_expire;
ip4_frags.secret_interval = 10 * 60 * HZ;
inet_frags_init(&ip4_frags); inet_frags_init(&ip4_frags);
} }

6
net/ipv6/netfilter/nf_conntrack_reasm.c
View File

@@ -70,10 +70,6 @@ struct nf_ct_frag6_queue
__u16 nhoffset; __u16 nhoffset;
}; };
static struct inet_frags_ctl nf_frags_ctl __read_mostly = {
.secret_interval = 10 * 60 * HZ,
};
static struct inet_frags nf_frags; static struct inet_frags nf_frags;
static struct netns_frags nf_init_frags; static struct netns_frags nf_init_frags;
@@ -701,7 +697,6 @@ int nf_ct_frag6_kfree_frags(struct sk_buff *skb)
int nf_ct_frag6_init(void) int nf_ct_frag6_init(void)
{ {
nf_frags.ctl = &nf_frags_ctl;
nf_frags.hashfn = nf_hashfn; nf_frags.hashfn = nf_hashfn;
nf_frags.constructor = ip6_frag_init; nf_frags.constructor = ip6_frag_init;
nf_frags.destructor = NULL; nf_frags.destructor = NULL;
@@ -709,6 +704,7 @@ int nf_ct_frag6_init(void)
nf_frags.qsize = sizeof(struct nf_ct_frag6_queue); nf_frags.qsize = sizeof(struct nf_ct_frag6_queue);
nf_frags.match = ip6_frag_match; nf_frags.match = ip6_frag_match;
nf_frags.frag_expire = nf_ct_frag6_expire; nf_frags.frag_expire = nf_ct_frag6_expire;
nf_frags.secret_interval = 10 * 60 * HZ;
nf_init_frags.timeout = IPV6_FRAG_TIMEOUT; nf_init_frags.timeout = IPV6_FRAG_TIMEOUT;
nf_init_frags.high_thresh = 256 * 1024; nf_init_frags.high_thresh = 256 * 1024;
nf_init_frags.low_thresh = 192 * 1024; nf_init_frags.low_thresh = 192 * 1024;

6
net/ipv6/reassembly.c
View File

@@ -658,7 +658,7 @@ static struct ctl_table ip6_frags_ctl_table[] = {
{ {
.ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL, .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL,
.procname = "ip6frag_secret_interval", .procname = "ip6frag_secret_interval",
.data = &init_net.ipv6.sysctl.frags.secret_interval, .data = &ip6_frags.secret_interval,
.maxlen = sizeof(int), .maxlen = sizeof(int),
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec_jiffies, .proc_handler = &proc_dointvec_jiffies,
@@ -719,12 +719,9 @@ static inline void ip6_frags_sysctl_unregister(struct net *net)
static int ipv6_frags_init_net(struct net *net) static int ipv6_frags_init_net(struct net *net)
{ {
ip6_frags.ctl = &net->ipv6.sysctl.frags;
net->ipv6.frags.high_thresh = 256 * 1024; net->ipv6.frags.high_thresh = 256 * 1024;
net->ipv6.frags.low_thresh = 192 * 1024; net->ipv6.frags.low_thresh = 192 * 1024;
net->ipv6.frags.timeout = IPV6_FRAG_TIMEOUT; net->ipv6.frags.timeout = IPV6_FRAG_TIMEOUT;
net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ;
inet_frags_init_net(&net->ipv6.frags); inet_frags_init_net(&net->ipv6.frags);
@@ -748,6 +745,7 @@ int __init ipv6_frag_init(void)
ip6_frags.qsize = sizeof(struct frag_queue); ip6_frags.qsize = sizeof(struct frag_queue);
ip6_frags.match = ip6_frag_match; ip6_frags.match = ip6_frag_match;
ip6_frags.frag_expire = ip6_frag_expire; ip6_frags.frag_expire = ip6_frag_expire;
ip6_frags.secret_interval = 10 * 60 * HZ;
inet_frags_init(&ip6_frags); inet_frags_init(&ip6_frags);
out: out:
return ret; return ret;