diff options
author | Pavel Emelyanov <xemul@openvz.org> | 2007-10-15 05:33:45 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-15 15:26:40 -0400 |
commit | 04128f233f2b344f3438cde09723e9946463a573 (patch) | |
tree | 04f4518ef51c74de4d318d7ea908b3215a6aa9c8 | |
parent | 7eb95156d9dce2f59794264db336ce007d71638b (diff) |
[INET]: Collect common frag sysctl variables together
Some sysctl variables are used to tune the frag queues
management and it will be useful to work with them in
a common way in the future, so move them into one
structure, moreover they are the same for all the frag
management codes.
I don't place them in the existing inet_frags object,
introduced in the previous patch for two reasons:
1. to keep them in the __read_mostly section;
2. not to export the whole inet_frags objects outside.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/inet_frag.h | 8 | ||||
-rw-r--r-- | include/net/ip.h | 6 | ||||
-rw-r--r-- | include/net/ipv6.h | 6 | ||||
-rw-r--r-- | include/net/netfilter/ipv6/nf_conntrack_ipv6.h | 5 | ||||
-rw-r--r-- | net/ipv4/ip_fragment.c | 47 | ||||
-rw-r--r-- | net/ipv4/sysctl_net_ipv4.c | 9 | ||||
-rw-r--r-- | net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 7 | ||||
-rw-r--r-- | net/ipv6/netfilter/nf_conntrack_reasm.c | 29 | ||||
-rw-r--r-- | net/ipv6/reassembly.c | 25 | ||||
-rw-r--r-- | net/ipv6/sysctl_net_ipv6.c | 9 |
10 files changed, 82 insertions, 69 deletions
diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h index d51f23873da9..ada03ba3b341 100644 --- a/include/net/inet_frag.h +++ b/include/net/inet_frag.h | |||
@@ -20,6 +20,13 @@ struct inet_frag_queue { | |||
20 | 20 | ||
21 | #define INETFRAGS_HASHSZ 64 | 21 | #define INETFRAGS_HASHSZ 64 |
22 | 22 | ||
23 | struct inet_frags_ctl { | ||
24 | int high_thresh; | ||
25 | int low_thresh; | ||
26 | int timeout; | ||
27 | int secret_interval; | ||
28 | }; | ||
29 | |||
23 | struct inet_frags { | 30 | struct inet_frags { |
24 | struct list_head lru_list; | 31 | struct list_head lru_list; |
25 | struct hlist_head hash[INETFRAGS_HASHSZ]; | 32 | struct hlist_head hash[INETFRAGS_HASHSZ]; |
@@ -28,6 +35,7 @@ struct inet_frags { | |||
28 | int nqueues; | 35 | int nqueues; |
29 | atomic_t mem; | 36 | atomic_t mem; |
30 | struct timer_list secret_timer; | 37 | struct timer_list secret_timer; |
38 | struct inet_frags_ctl *ctl; | ||
31 | }; | 39 | }; |
32 | 40 | ||
33 | void inet_frags_init(struct inet_frags *); | 41 | void inet_frags_init(struct inet_frags *); |
diff --git a/include/net/ip.h b/include/net/ip.h index c08c59e2384c..e6aa955e241c 100644 --- a/include/net/ip.h +++ b/include/net/ip.h | |||
@@ -177,10 +177,8 @@ extern int sysctl_ip_default_ttl; | |||
177 | extern int sysctl_ip_nonlocal_bind; | 177 | extern int sysctl_ip_nonlocal_bind; |
178 | 178 | ||
179 | /* From ip_fragment.c */ | 179 | /* From ip_fragment.c */ |
180 | extern int sysctl_ipfrag_high_thresh; | 180 | struct inet_frags_ctl; |
181 | extern int sysctl_ipfrag_low_thresh; | 181 | extern struct inet_frags_ctl ip4_frags_ctl; |
182 | extern int sysctl_ipfrag_time; | ||
183 | extern int sysctl_ipfrag_secret_interval; | ||
184 | extern int sysctl_ipfrag_max_dist; | 182 | extern int sysctl_ipfrag_max_dist; |
185 | 183 | ||
186 | /* From inetpeer.c */ | 184 | /* From inetpeer.c */ |
diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 77cdab3ce160..b29d76c715d2 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h | |||
@@ -565,10 +565,8 @@ extern int inet6_hash_connect(struct inet_timewait_death_row *death_row, | |||
565 | /* | 565 | /* |
566 | * reassembly.c | 566 | * reassembly.c |
567 | */ | 567 | */ |
568 | extern int sysctl_ip6frag_high_thresh; | 568 | struct inet_frags_ctl; |
569 | extern int sysctl_ip6frag_low_thresh; | 569 | extern struct inet_frags_ctl ip6_frags_ctl; |
570 | extern int sysctl_ip6frag_time; | ||
571 | extern int sysctl_ip6frag_secret_interval; | ||
572 | 570 | ||
573 | extern const struct proto_ops inet6_stream_ops; | 571 | extern const struct proto_ops inet6_stream_ops; |
574 | extern const struct proto_ops inet6_dgram_ops; | 572 | extern const struct proto_ops inet6_dgram_ops; |
diff --git a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h index 070d12cb4634..f703533fb4db 100644 --- a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h +++ b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h | |||
@@ -15,8 +15,7 @@ extern void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb, | |||
15 | struct net_device *out, | 15 | struct net_device *out, |
16 | int (*okfn)(struct sk_buff *)); | 16 | int (*okfn)(struct sk_buff *)); |
17 | 17 | ||
18 | extern unsigned int nf_ct_frag6_timeout; | 18 | struct inet_frags_ctl; |
19 | extern unsigned int nf_ct_frag6_low_thresh; | 19 | extern struct inet_frags_ctl nf_frags_ctl; |
20 | extern unsigned int nf_ct_frag6_high_thresh; | ||
21 | 20 | ||
22 | #endif /* _NF_CONNTRACK_IPV6_H*/ | 21 | #endif /* _NF_CONNTRACK_IPV6_H*/ |
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index 321e694b72e8..0dd9a31df212 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c | |||
@@ -50,21 +50,8 @@ | |||
50 | * as well. Or notify me, at least. --ANK | 50 | * as well. Or notify me, at least. --ANK |
51 | */ | 51 | */ |
52 | 52 | ||
53 | /* Fragment cache limits. We will commit 256K at one time. Should we | ||
54 | * cross that limit we will prune down to 192K. This should cope with | ||
55 | * even the most extreme cases without allowing an attacker to measurably | ||
56 | * harm machine performance. | ||
57 | */ | ||
58 | int sysctl_ipfrag_high_thresh __read_mostly = 256*1024; | ||
59 | int sysctl_ipfrag_low_thresh __read_mostly = 192*1024; | ||
60 | |||
61 | int sysctl_ipfrag_max_dist __read_mostly = 64; | 53 | int sysctl_ipfrag_max_dist __read_mostly = 64; |
62 | 54 | ||
63 | /* Important NOTE! Fragment queue must be destroyed before MSL expires. | ||
64 | * RFC791 is wrong proposing to prolongate timer each fragment arrival by TTL. | ||
65 | */ | ||
66 | int sysctl_ipfrag_time __read_mostly = IP_FRAG_TIME; | ||
67 | |||
68 | struct ipfrag_skb_cb | 55 | struct ipfrag_skb_cb |
69 | { | 56 | { |
70 | struct inet_skb_parm h; | 57 | struct inet_skb_parm h; |
@@ -87,6 +74,25 @@ struct ipq { | |||
87 | struct inet_peer *peer; | 74 | struct inet_peer *peer; |
88 | }; | 75 | }; |
89 | 76 | ||
77 | struct inet_frags_ctl ip4_frags_ctl __read_mostly = { | ||
78 | /* | ||
79 | * Fragment cache limits. We will commit 256K at one time. Should we | ||
80 | * cross that limit we will prune down to 192K. This should cope with | ||
81 | * even the most extreme cases without allowing an attacker to | ||
82 | * measurably harm machine performance. | ||
83 | */ | ||
84 | .high_thresh = 256 * 1024, | ||
85 | .low_thresh = 192 * 1024, | ||
86 | |||
87 | /* | ||
88 | * Important NOTE! Fragment queue must be destroyed before MSL expires. | ||
89 | * RFC791 is wrong proposing to prolongate timer each fragment arrival | ||
90 | * by TTL. | ||
91 | */ | ||
92 | .timeout = IP_FRAG_TIME, | ||
93 | .secret_interval = 10 * 60 * HZ, | ||
94 | }; | ||
95 | |||
90 | static struct inet_frags ip4_frags; | 96 | static struct inet_frags ip4_frags; |
91 | 97 | ||
92 | int ip_frag_nqueues(void) | 98 | int ip_frag_nqueues(void) |
@@ -123,8 +129,6 @@ static unsigned int ipqhashfn(__be16 id, __be32 saddr, __be32 daddr, u8 prot) | |||
123 | ip4_frags.rnd) & (INETFRAGS_HASHSZ - 1); | 129 | ip4_frags.rnd) & (INETFRAGS_HASHSZ - 1); |
124 | } | 130 | } |
125 | 131 | ||
126 | int sysctl_ipfrag_secret_interval __read_mostly = 10 * 60 * HZ; | ||
127 | |||
128 | static void ipfrag_secret_rebuild(unsigned long dummy) | 132 | static void ipfrag_secret_rebuild(unsigned long dummy) |
129 | { | 133 | { |
130 | unsigned long now = jiffies; | 134 | unsigned long now = jiffies; |
@@ -150,7 +154,7 @@ static void ipfrag_secret_rebuild(unsigned long dummy) | |||
150 | } | 154 | } |
151 | write_unlock(&ip4_frags.lock); | 155 | write_unlock(&ip4_frags.lock); |
152 | 156 | ||
153 | mod_timer(&ip4_frags.secret_timer, now + sysctl_ipfrag_secret_interval); | 157 | mod_timer(&ip4_frags.secret_timer, now + ip4_frags_ctl.secret_interval); |
154 | } | 158 | } |
155 | 159 | ||
156 | /* Memory Tracking Functions. */ | 160 | /* Memory Tracking Functions. */ |
@@ -237,7 +241,7 @@ static void ip_evictor(void) | |||
237 | struct list_head *tmp; | 241 | struct list_head *tmp; |
238 | int work; | 242 | int work; |
239 | 243 | ||
240 | work = atomic_read(&ip4_frags.mem) - sysctl_ipfrag_low_thresh; | 244 | work = atomic_read(&ip4_frags.mem) - ip4_frags_ctl.low_thresh; |
241 | if (work <= 0) | 245 | if (work <= 0) |
242 | return; | 246 | return; |
243 | 247 | ||
@@ -326,7 +330,7 @@ static struct ipq *ip_frag_intern(struct ipq *qp_in) | |||
326 | #endif | 330 | #endif |
327 | qp = qp_in; | 331 | qp = qp_in; |
328 | 332 | ||
329 | if (!mod_timer(&qp->q.timer, jiffies + sysctl_ipfrag_time)) | 333 | if (!mod_timer(&qp->q.timer, jiffies + ip4_frags_ctl.timeout)) |
330 | atomic_inc(&qp->q.refcnt); | 334 | atomic_inc(&qp->q.refcnt); |
331 | 335 | ||
332 | atomic_inc(&qp->q.refcnt); | 336 | atomic_inc(&qp->q.refcnt); |
@@ -432,7 +436,7 @@ static int ip_frag_reinit(struct ipq *qp) | |||
432 | { | 436 | { |
433 | struct sk_buff *fp; | 437 | struct sk_buff *fp; |
434 | 438 | ||
435 | if (!mod_timer(&qp->q.timer, jiffies + sysctl_ipfrag_time)) { | 439 | if (!mod_timer(&qp->q.timer, jiffies + ip4_frags_ctl.timeout)) { |
436 | atomic_inc(&qp->q.refcnt); | 440 | atomic_inc(&qp->q.refcnt); |
437 | return -ETIMEDOUT; | 441 | return -ETIMEDOUT; |
438 | } | 442 | } |
@@ -733,7 +737,7 @@ int ip_defrag(struct sk_buff *skb, u32 user) | |||
733 | IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS); | 737 | IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS); |
734 | 738 | ||
735 | /* Start by cleaning up the memory. */ | 739 | /* Start by cleaning up the memory. */ |
736 | if (atomic_read(&ip4_frags.mem) > sysctl_ipfrag_high_thresh) | 740 | if (atomic_read(&ip4_frags.mem) > ip4_frags_ctl.high_thresh) |
737 | ip_evictor(); | 741 | ip_evictor(); |
738 | 742 | ||
739 | /* Lookup (or create) queue header */ | 743 | /* Lookup (or create) queue header */ |
@@ -758,9 +762,10 @@ void __init ipfrag_init(void) | |||
758 | { | 762 | { |
759 | init_timer(&ip4_frags.secret_timer); | 763 | init_timer(&ip4_frags.secret_timer); |
760 | ip4_frags.secret_timer.function = ipfrag_secret_rebuild; | 764 | ip4_frags.secret_timer.function = ipfrag_secret_rebuild; |
761 | ip4_frags.secret_timer.expires = jiffies + sysctl_ipfrag_secret_interval; | 765 | ip4_frags.secret_timer.expires = jiffies + ip4_frags_ctl.secret_interval; |
762 | add_timer(&ip4_frags.secret_timer); | 766 | add_timer(&ip4_frags.secret_timer); |
763 | 767 | ||
768 | ip4_frags.ctl = &ip4_frags_ctl; | ||
764 | inet_frags_init(&ip4_frags); | 769 | inet_frags_init(&ip4_frags); |
765 | } | 770 | } |
766 | 771 | ||
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index eb286abcf5dc..c98ef16effd2 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c | |||
@@ -19,6 +19,7 @@ | |||
19 | #include <net/route.h> | 19 | #include <net/route.h> |
20 | #include <net/tcp.h> | 20 | #include <net/tcp.h> |
21 | #include <net/cipso_ipv4.h> | 21 | #include <net/cipso_ipv4.h> |
22 | #include <net/inet_frag.h> | ||
22 | 23 | ||
23 | /* From af_inet.c */ | 24 | /* From af_inet.c */ |
24 | extern int sysctl_ip_nonlocal_bind; | 25 | extern int sysctl_ip_nonlocal_bind; |
@@ -357,7 +358,7 @@ ctl_table ipv4_table[] = { | |||
357 | { | 358 | { |
358 | .ctl_name = NET_IPV4_IPFRAG_HIGH_THRESH, | 359 | .ctl_name = NET_IPV4_IPFRAG_HIGH_THRESH, |
359 | .procname = "ipfrag_high_thresh", | 360 | .procname = "ipfrag_high_thresh", |
360 | .data = &sysctl_ipfrag_high_thresh, | 361 | .data = &ip4_frags_ctl.high_thresh, |
361 | .maxlen = sizeof(int), | 362 | .maxlen = sizeof(int), |
362 | .mode = 0644, | 363 | .mode = 0644, |
363 | .proc_handler = &proc_dointvec | 364 | .proc_handler = &proc_dointvec |
@@ -365,7 +366,7 @@ ctl_table ipv4_table[] = { | |||
365 | { | 366 | { |
366 | .ctl_name = NET_IPV4_IPFRAG_LOW_THRESH, | 367 | .ctl_name = NET_IPV4_IPFRAG_LOW_THRESH, |
367 | .procname = "ipfrag_low_thresh", | 368 | .procname = "ipfrag_low_thresh", |
368 | .data = &sysctl_ipfrag_low_thresh, | 369 | .data = &ip4_frags_ctl.low_thresh, |
369 | .maxlen = sizeof(int), | 370 | .maxlen = sizeof(int), |
370 | .mode = 0644, | 371 | .mode = 0644, |
371 | .proc_handler = &proc_dointvec | 372 | .proc_handler = &proc_dointvec |
@@ -381,7 +382,7 @@ ctl_table ipv4_table[] = { | |||
381 | { | 382 | { |
382 | .ctl_name = NET_IPV4_IPFRAG_TIME, | 383 | .ctl_name = NET_IPV4_IPFRAG_TIME, |
383 | .procname = "ipfrag_time", | 384 | .procname = "ipfrag_time", |
384 | .data = &sysctl_ipfrag_time, | 385 | .data = &ip4_frags_ctl.timeout, |
385 | .maxlen = sizeof(int), | 386 | .maxlen = sizeof(int), |
386 | .mode = 0644, | 387 | .mode = 0644, |
387 | .proc_handler = &proc_dointvec_jiffies, | 388 | .proc_handler = &proc_dointvec_jiffies, |
@@ -732,7 +733,7 @@ ctl_table ipv4_table[] = { | |||
732 | { | 733 | { |
733 | .ctl_name = NET_IPV4_IPFRAG_SECRET_INTERVAL, | 734 | .ctl_name = NET_IPV4_IPFRAG_SECRET_INTERVAL, |
734 | .procname = "ipfrag_secret_interval", | 735 | .procname = "ipfrag_secret_interval", |
735 | .data = &sysctl_ipfrag_secret_interval, | 736 | .data = &ip4_frags_ctl.secret_interval, |
736 | .maxlen = sizeof(int), | 737 | .maxlen = sizeof(int), |
737 | .mode = 0644, | 738 | .mode = 0644, |
738 | .proc_handler = &proc_dointvec_jiffies, | 739 | .proc_handler = &proc_dointvec_jiffies, |
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index e9369dc02381..0e40948f4fc6 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
@@ -18,6 +18,7 @@ | |||
18 | #include <linux/icmp.h> | 18 | #include <linux/icmp.h> |
19 | #include <linux/sysctl.h> | 19 | #include <linux/sysctl.h> |
20 | #include <net/ipv6.h> | 20 | #include <net/ipv6.h> |
21 | #include <net/inet_frag.h> | ||
21 | 22 | ||
22 | #include <linux/netfilter_ipv6.h> | 23 | #include <linux/netfilter_ipv6.h> |
23 | #include <net/netfilter/nf_conntrack.h> | 24 | #include <net/netfilter/nf_conntrack.h> |
@@ -307,7 +308,7 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = { | |||
307 | { | 308 | { |
308 | .ctl_name = NET_NF_CONNTRACK_FRAG6_TIMEOUT, | 309 | .ctl_name = NET_NF_CONNTRACK_FRAG6_TIMEOUT, |
309 | .procname = "nf_conntrack_frag6_timeout", | 310 | .procname = "nf_conntrack_frag6_timeout", |
310 | .data = &nf_ct_frag6_timeout, | 311 | .data = &nf_frags_ctl.timeout, |
311 | .maxlen = sizeof(unsigned int), | 312 | .maxlen = sizeof(unsigned int), |
312 | .mode = 0644, | 313 | .mode = 0644, |
313 | .proc_handler = &proc_dointvec_jiffies, | 314 | .proc_handler = &proc_dointvec_jiffies, |
@@ -315,7 +316,7 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = { | |||
315 | { | 316 | { |
316 | .ctl_name = NET_NF_CONNTRACK_FRAG6_LOW_THRESH, | 317 | .ctl_name = NET_NF_CONNTRACK_FRAG6_LOW_THRESH, |
317 | .procname = "nf_conntrack_frag6_low_thresh", | 318 | .procname = "nf_conntrack_frag6_low_thresh", |
318 | .data = &nf_ct_frag6_low_thresh, | 319 | .data = &nf_frags_ctl.low_thresh, |
319 | .maxlen = sizeof(unsigned int), | 320 | .maxlen = sizeof(unsigned int), |
320 | .mode = 0644, | 321 | .mode = 0644, |
321 | .proc_handler = &proc_dointvec, | 322 | .proc_handler = &proc_dointvec, |
@@ -323,7 +324,7 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = { | |||
323 | { | 324 | { |
324 | .ctl_name = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH, | 325 | .ctl_name = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH, |
325 | .procname = "nf_conntrack_frag6_high_thresh", | 326 | .procname = "nf_conntrack_frag6_high_thresh", |
326 | .data = &nf_ct_frag6_high_thresh, | 327 | .data = &nf_frags_ctl.high_thresh, |
327 | .maxlen = sizeof(unsigned int), | 328 | .maxlen = sizeof(unsigned int), |
328 | .mode = 0644, | 329 | .mode = 0644, |
329 | .proc_handler = &proc_dointvec, | 330 | .proc_handler = &proc_dointvec, |
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index eb2ca1b7ddab..966a88848406 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c | |||
@@ -49,10 +49,6 @@ | |||
49 | #define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */ | 49 | #define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */ |
50 | #define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT | 50 | #define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT |
51 | 51 | ||
52 | unsigned int nf_ct_frag6_high_thresh __read_mostly = 256*1024; | ||
53 | unsigned int nf_ct_frag6_low_thresh __read_mostly = 192*1024; | ||
54 | unsigned long nf_ct_frag6_timeout __read_mostly = IPV6_FRAG_TIMEOUT; | ||
55 | |||
56 | struct nf_ct_frag6_skb_cb | 52 | struct nf_ct_frag6_skb_cb |
57 | { | 53 | { |
58 | struct inet6_skb_parm h; | 54 | struct inet6_skb_parm h; |
@@ -74,6 +70,13 @@ struct nf_ct_frag6_queue | |||
74 | __u16 nhoffset; | 70 | __u16 nhoffset; |
75 | }; | 71 | }; |
76 | 72 | ||
73 | struct inet_frags_ctl nf_frags_ctl __read_mostly = { | ||
74 | .high_thresh = 256 * 1024, | ||
75 | .low_thresh = 192 * 1024, | ||
76 | .timeout = IPV6_FRAG_TIMEOUT, | ||
77 | .secret_interval = 10 * 60 * HZ, | ||
78 | }; | ||
79 | |||
77 | static struct inet_frags nf_frags; | 80 | static struct inet_frags nf_frags; |
78 | 81 | ||
79 | static __inline__ void __fq_unlink(struct nf_ct_frag6_queue *fq) | 82 | static __inline__ void __fq_unlink(struct nf_ct_frag6_queue *fq) |
@@ -117,8 +120,6 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, | |||
117 | return c & (INETFRAGS_HASHSZ - 1); | 120 | return c & (INETFRAGS_HASHSZ - 1); |
118 | } | 121 | } |
119 | 122 | ||
120 | int nf_ct_frag6_secret_interval = 10 * 60 * HZ; | ||
121 | |||
122 | static void nf_ct_frag6_secret_rebuild(unsigned long dummy) | 123 | static void nf_ct_frag6_secret_rebuild(unsigned long dummy) |
123 | { | 124 | { |
124 | unsigned long now = jiffies; | 125 | unsigned long now = jiffies; |
@@ -144,7 +145,7 @@ static void nf_ct_frag6_secret_rebuild(unsigned long dummy) | |||
144 | } | 145 | } |
145 | write_unlock(&nf_frags.lock); | 146 | write_unlock(&nf_frags.lock); |
146 | 147 | ||
147 | mod_timer(&nf_frags.secret_timer, now + nf_ct_frag6_secret_interval); | 148 | mod_timer(&nf_frags.secret_timer, now + nf_frags_ctl.secret_interval); |
148 | } | 149 | } |
149 | 150 | ||
150 | /* Memory Tracking Functions. */ | 151 | /* Memory Tracking Functions. */ |
@@ -229,10 +230,10 @@ static void nf_ct_frag6_evictor(void) | |||
229 | unsigned int work; | 230 | unsigned int work; |
230 | 231 | ||
231 | work = atomic_read(&nf_frags.mem); | 232 | work = atomic_read(&nf_frags.mem); |
232 | if (work <= nf_ct_frag6_low_thresh) | 233 | if (work <= nf_frags_ctl.low_thresh) |
233 | return; | 234 | return; |
234 | 235 | ||
235 | work -= nf_ct_frag6_low_thresh; | 236 | work -= nf_frags_ctl.low_thresh; |
236 | while (work > 0) { | 237 | while (work > 0) { |
237 | read_lock(&nf_frags.lock); | 238 | read_lock(&nf_frags.lock); |
238 | if (list_empty(&nf_frags.lru_list)) { | 239 | if (list_empty(&nf_frags.lru_list)) { |
@@ -296,7 +297,7 @@ static struct nf_ct_frag6_queue *nf_ct_frag6_intern(unsigned int hash, | |||
296 | #endif | 297 | #endif |
297 | fq = fq_in; | 298 | fq = fq_in; |
298 | 299 | ||
299 | if (!mod_timer(&fq->q.timer, jiffies + nf_ct_frag6_timeout)) | 300 | if (!mod_timer(&fq->q.timer, jiffies + nf_frags_ctl.timeout)) |
300 | atomic_inc(&fq->q.refcnt); | 301 | atomic_inc(&fq->q.refcnt); |
301 | 302 | ||
302 | atomic_inc(&fq->q.refcnt); | 303 | atomic_inc(&fq->q.refcnt); |
@@ -766,7 +767,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb) | |||
766 | goto ret_orig; | 767 | goto ret_orig; |
767 | } | 768 | } |
768 | 769 | ||
769 | if (atomic_read(&nf_frags.mem) > nf_ct_frag6_high_thresh) | 770 | if (atomic_read(&nf_frags.mem) > nf_frags_ctl.high_thresh) |
770 | nf_ct_frag6_evictor(); | 771 | nf_ct_frag6_evictor(); |
771 | 772 | ||
772 | fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr); | 773 | fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr); |
@@ -838,10 +839,10 @@ int nf_ct_frag6_kfree_frags(struct sk_buff *skb) | |||
838 | int nf_ct_frag6_init(void) | 839 | int nf_ct_frag6_init(void) |
839 | { | 840 | { |
840 | setup_timer(&nf_frags.secret_timer, nf_ct_frag6_secret_rebuild, 0); | 841 | setup_timer(&nf_frags.secret_timer, nf_ct_frag6_secret_rebuild, 0); |
841 | nf_frags.secret_timer.expires = jiffies | 842 | nf_frags.secret_timer.expires = jiffies + nf_frags_ctl.secret_interval; |
842 | + nf_ct_frag6_secret_interval; | ||
843 | add_timer(&nf_frags.secret_timer); | 843 | add_timer(&nf_frags.secret_timer); |
844 | 844 | ||
845 | nf_frags.ctl = &nf_frags_ctl; | ||
845 | inet_frags_init(&nf_frags); | 846 | inet_frags_init(&nf_frags); |
846 | 847 | ||
847 | return 0; | 848 | return 0; |
@@ -852,6 +853,6 @@ void nf_ct_frag6_cleanup(void) | |||
852 | inet_frags_fini(&nf_frags); | 853 | inet_frags_fini(&nf_frags); |
853 | 854 | ||
854 | del_timer(&nf_frags.secret_timer); | 855 | del_timer(&nf_frags.secret_timer); |
855 | nf_ct_frag6_low_thresh = 0; | 856 | nf_frags_ctl.low_thresh = 0; |
856 | nf_ct_frag6_evictor(); | 857 | nf_ct_frag6_evictor(); |
857 | } | 858 | } |
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index ecf340047cde..ced1a5f5b776 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c | |||
@@ -56,11 +56,6 @@ | |||
56 | #include <net/addrconf.h> | 56 | #include <net/addrconf.h> |
57 | #include <net/inet_frag.h> | 57 | #include <net/inet_frag.h> |
58 | 58 | ||
59 | int sysctl_ip6frag_high_thresh __read_mostly = 256*1024; | ||
60 | int sysctl_ip6frag_low_thresh __read_mostly = 192*1024; | ||
61 | |||
62 | int sysctl_ip6frag_time __read_mostly = IPV6_FRAG_TIMEOUT; | ||
63 | |||
64 | struct ip6frag_skb_cb | 59 | struct ip6frag_skb_cb |
65 | { | 60 | { |
66 | struct inet6_skb_parm h; | 61 | struct inet6_skb_parm h; |
@@ -87,6 +82,13 @@ struct frag_queue | |||
87 | __u16 nhoffset; | 82 | __u16 nhoffset; |
88 | }; | 83 | }; |
89 | 84 | ||
85 | struct inet_frags_ctl ip6_frags_ctl __read_mostly = { | ||
86 | .high_thresh = 256 * 1024, | ||
87 | .low_thresh = 192 * 1024, | ||
88 | .timeout = IPV6_FRAG_TIMEOUT, | ||
89 | .secret_interval = 10 * 60 * HZ, | ||
90 | }; | ||
91 | |||
90 | static struct inet_frags ip6_frags; | 92 | static struct inet_frags ip6_frags; |
91 | 93 | ||
92 | int ip6_frag_nqueues(void) | 94 | int ip6_frag_nqueues(void) |
@@ -147,8 +149,6 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, | |||
147 | return c & (INETFRAGS_HASHSZ - 1); | 149 | return c & (INETFRAGS_HASHSZ - 1); |
148 | } | 150 | } |
149 | 151 | ||
150 | int sysctl_ip6frag_secret_interval __read_mostly = 10 * 60 * HZ; | ||
151 | |||
152 | static void ip6_frag_secret_rebuild(unsigned long dummy) | 152 | static void ip6_frag_secret_rebuild(unsigned long dummy) |
153 | { | 153 | { |
154 | unsigned long now = jiffies; | 154 | unsigned long now = jiffies; |
@@ -177,7 +177,7 @@ static void ip6_frag_secret_rebuild(unsigned long dummy) | |||
177 | } | 177 | } |
178 | write_unlock(&ip6_frags.lock); | 178 | write_unlock(&ip6_frags.lock); |
179 | 179 | ||
180 | mod_timer(&ip6_frags.secret_timer, now + sysctl_ip6frag_secret_interval); | 180 | mod_timer(&ip6_frags.secret_timer, now + ip6_frags_ctl.secret_interval); |
181 | } | 181 | } |
182 | 182 | ||
183 | /* Memory Tracking Functions. */ | 183 | /* Memory Tracking Functions. */ |
@@ -256,7 +256,7 @@ static void ip6_evictor(struct inet6_dev *idev) | |||
256 | struct list_head *tmp; | 256 | struct list_head *tmp; |
257 | int work; | 257 | int work; |
258 | 258 | ||
259 | work = atomic_read(&ip6_frags.mem) - sysctl_ip6frag_low_thresh; | 259 | work = atomic_read(&ip6_frags.mem) - ip6_frags_ctl.low_thresh; |
260 | if (work <= 0) | 260 | if (work <= 0) |
261 | return; | 261 | return; |
262 | 262 | ||
@@ -348,7 +348,7 @@ static struct frag_queue *ip6_frag_intern(struct frag_queue *fq_in) | |||
348 | #endif | 348 | #endif |
349 | fq = fq_in; | 349 | fq = fq_in; |
350 | 350 | ||
351 | if (!mod_timer(&fq->q.timer, jiffies + sysctl_ip6frag_time)) | 351 | if (!mod_timer(&fq->q.timer, jiffies + ip6_frags_ctl.timeout)) |
352 | atomic_inc(&fq->q.refcnt); | 352 | atomic_inc(&fq->q.refcnt); |
353 | 353 | ||
354 | atomic_inc(&fq->q.refcnt); | 354 | atomic_inc(&fq->q.refcnt); |
@@ -754,7 +754,7 @@ static int ipv6_frag_rcv(struct sk_buff **skbp) | |||
754 | return 1; | 754 | return 1; |
755 | } | 755 | } |
756 | 756 | ||
757 | if (atomic_read(&ip6_frags.mem) > sysctl_ip6frag_high_thresh) | 757 | if (atomic_read(&ip6_frags.mem) > ip6_frags_ctl.high_thresh) |
758 | ip6_evictor(ip6_dst_idev(skb->dst)); | 758 | ip6_evictor(ip6_dst_idev(skb->dst)); |
759 | 759 | ||
760 | if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr, | 760 | if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr, |
@@ -788,8 +788,9 @@ void __init ipv6_frag_init(void) | |||
788 | 788 | ||
789 | init_timer(&ip6_frags.secret_timer); | 789 | init_timer(&ip6_frags.secret_timer); |
790 | ip6_frags.secret_timer.function = ip6_frag_secret_rebuild; | 790 | ip6_frags.secret_timer.function = ip6_frag_secret_rebuild; |
791 | ip6_frags.secret_timer.expires = jiffies + sysctl_ip6frag_secret_interval; | 791 | ip6_frags.secret_timer.expires = jiffies + ip6_frags_ctl.secret_interval; |
792 | add_timer(&ip6_frags.secret_timer); | 792 | add_timer(&ip6_frags.secret_timer); |
793 | 793 | ||
794 | ip6_frags.ctl = &ip6_frags_ctl; | ||
794 | inet_frags_init(&ip6_frags); | 795 | inet_frags_init(&ip6_frags); |
795 | } | 796 | } |
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c index 3fb44277207b..68bb2548e469 100644 --- a/net/ipv6/sysctl_net_ipv6.c +++ b/net/ipv6/sysctl_net_ipv6.c | |||
@@ -12,6 +12,7 @@ | |||
12 | #include <net/ndisc.h> | 12 | #include <net/ndisc.h> |
13 | #include <net/ipv6.h> | 13 | #include <net/ipv6.h> |
14 | #include <net/addrconf.h> | 14 | #include <net/addrconf.h> |
15 | #include <net/inet_frag.h> | ||
15 | 16 | ||
16 | #ifdef CONFIG_SYSCTL | 17 | #ifdef CONFIG_SYSCTL |
17 | 18 | ||
@@ -41,7 +42,7 @@ static ctl_table ipv6_table[] = { | |||
41 | { | 42 | { |
42 | .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH, | 43 | .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH, |
43 | .procname = "ip6frag_high_thresh", | 44 | .procname = "ip6frag_high_thresh", |
44 | .data = &sysctl_ip6frag_high_thresh, | 45 | .data = &ip6_frags_ctl.high_thresh, |
45 | .maxlen = sizeof(int), | 46 | .maxlen = sizeof(int), |
46 | .mode = 0644, | 47 | .mode = 0644, |
47 | .proc_handler = &proc_dointvec | 48 | .proc_handler = &proc_dointvec |
@@ -49,7 +50,7 @@ static ctl_table ipv6_table[] = { | |||
49 | { | 50 | { |
50 | .ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH, | 51 | .ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH, |
51 | .procname = "ip6frag_low_thresh", | 52 | .procname = "ip6frag_low_thresh", |
52 | .data = &sysctl_ip6frag_low_thresh, | 53 | .data = &ip6_frags_ctl.low_thresh, |
53 | .maxlen = sizeof(int), | 54 | .maxlen = sizeof(int), |
54 | .mode = 0644, | 55 | .mode = 0644, |
55 | .proc_handler = &proc_dointvec | 56 | .proc_handler = &proc_dointvec |
@@ -57,7 +58,7 @@ static ctl_table ipv6_table[] = { | |||
57 | { | 58 | { |
58 | .ctl_name = NET_IPV6_IP6FRAG_TIME, | 59 | .ctl_name = NET_IPV6_IP6FRAG_TIME, |
59 | .procname = "ip6frag_time", | 60 | .procname = "ip6frag_time", |
60 | .data = &sysctl_ip6frag_time, | 61 | .data = &ip6_frags_ctl.timeout, |
61 | .maxlen = sizeof(int), | 62 | .maxlen = sizeof(int), |
62 | .mode = 0644, | 63 | .mode = 0644, |
63 | .proc_handler = &proc_dointvec_jiffies, | 64 | .proc_handler = &proc_dointvec_jiffies, |
@@ -66,7 +67,7 @@ static ctl_table ipv6_table[] = { | |||
66 | { | 67 | { |
67 | .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL, | 68 | .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL, |
68 | .procname = "ip6frag_secret_interval", | 69 | .procname = "ip6frag_secret_interval", |
69 | .data = &sysctl_ip6frag_secret_interval, | 70 | .data = &ip6_frags_ctl.secret_interval, |
70 | .maxlen = sizeof(int), | 71 | .maxlen = sizeof(int), |
71 | .mode = 0644, | 72 | .mode = 0644, |
72 | .proc_handler = &proc_dointvec_jiffies, | 73 | .proc_handler = &proc_dointvec_jiffies, |