aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-01-15 02:45:32 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 18:02:32 -0500
commit2d6462869f8c2edca9dbb53ca3b661a52fc4c144 (patch)
tree5447aedeec36b009b996103afa1ccbaed793a35d
parenta5e73c29d9243cc2e889a9d7155f331923eee655 (diff)
[NETFILTER]: nf_conntrack_tcp: remove timeout indirection
Instead of keeping pointers to the timeout values in a table, simply put the timeout values in the table directly. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c67
1 files changed, 28 insertions, 39 deletions
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index dbd8f84fa192..64c9b910419c 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -64,32 +64,21 @@ static const char *tcp_conntrack_names[] = {
64#define HOURS * 60 MINS 64#define HOURS * 60 MINS
65#define DAYS * 24 HOURS 65#define DAYS * 24 HOURS
66 66
67static unsigned int nf_ct_tcp_timeout_syn_sent __read_mostly = 2 MINS;
68static unsigned int nf_ct_tcp_timeout_syn_recv __read_mostly = 60 SECS;
69static unsigned int nf_ct_tcp_timeout_established __read_mostly = 5 DAYS;
70static unsigned int nf_ct_tcp_timeout_fin_wait __read_mostly = 2 MINS;
71static unsigned int nf_ct_tcp_timeout_close_wait __read_mostly = 60 SECS;
72static unsigned int nf_ct_tcp_timeout_last_ack __read_mostly = 30 SECS;
73static unsigned int nf_ct_tcp_timeout_time_wait __read_mostly = 2 MINS;
74static unsigned int nf_ct_tcp_timeout_close __read_mostly = 10 SECS;
75
76/* RFC1122 says the R2 limit should be at least 100 seconds. 67/* RFC1122 says the R2 limit should be at least 100 seconds.
77 Linux uses 15 packets as limit, which corresponds 68 Linux uses 15 packets as limit, which corresponds
78 to ~13-30min depending on RTO. */ 69 to ~13-30min depending on RTO. */
79static unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS; 70static unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS;
80 71
81static unsigned int * tcp_timeouts[] = { 72static unsigned int tcp_timeouts[TCP_CONNTRACK_MAX] __read_mostly = {
82 NULL, /* TCP_CONNTRACK_NONE */ 73 [TCP_CONNTRACK_SYN_SENT] = 2 MINS,
83 &nf_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */ 74 [TCP_CONNTRACK_SYN_RECV] = 60 SECS,
84 &nf_ct_tcp_timeout_syn_recv, /* TCP_CONNTRACK_SYN_RECV, */ 75 [TCP_CONNTRACK_ESTABLISHED] = 5 DAYS,
85 &nf_ct_tcp_timeout_established, /* TCP_CONNTRACK_ESTABLISHED, */ 76 [TCP_CONNTRACK_FIN_WAIT] = 2 MINS,
86 &nf_ct_tcp_timeout_fin_wait, /* TCP_CONNTRACK_FIN_WAIT, */ 77 [TCP_CONNTRACK_CLOSE_WAIT] = 60 SECS,
87 &nf_ct_tcp_timeout_close_wait, /* TCP_CONNTRACK_CLOSE_WAIT, */ 78 [TCP_CONNTRACK_LAST_ACK] = 30 SECS,
88 &nf_ct_tcp_timeout_last_ack, /* TCP_CONNTRACK_LAST_ACK, */ 79 [TCP_CONNTRACK_TIME_WAIT] = 2 MINS,
89 &nf_ct_tcp_timeout_time_wait, /* TCP_CONNTRACK_TIME_WAIT, */ 80 [TCP_CONNTRACK_CLOSE] = 10 SECS,
90 &nf_ct_tcp_timeout_close, /* TCP_CONNTRACK_CLOSE, */ 81};
91 NULL, /* TCP_CONNTRACK_LISTEN */
92 };
93 82
94#define sNO TCP_CONNTRACK_NONE 83#define sNO TCP_CONNTRACK_NONE
95#define sSS TCP_CONNTRACK_SYN_SENT 84#define sSS TCP_CONNTRACK_SYN_SENT
@@ -941,8 +930,8 @@ static int tcp_packet(struct nf_conn *conntrack,
941 || new_state == TCP_CONNTRACK_CLOSE)) 930 || new_state == TCP_CONNTRACK_CLOSE))
942 conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT; 931 conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
943 timeout = conntrack->proto.tcp.retrans >= nf_ct_tcp_max_retrans 932 timeout = conntrack->proto.tcp.retrans >= nf_ct_tcp_max_retrans
944 && *tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans 933 && tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans
945 ? nf_ct_tcp_timeout_max_retrans : *tcp_timeouts[new_state]; 934 ? nf_ct_tcp_timeout_max_retrans : tcp_timeouts[new_state];
946 write_unlock_bh(&tcp_lock); 935 write_unlock_bh(&tcp_lock);
947 936
948 nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb); 937 nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
@@ -1163,56 +1152,56 @@ static struct ctl_table_header *tcp_sysctl_header;
1163static struct ctl_table tcp_sysctl_table[] = { 1152static struct ctl_table tcp_sysctl_table[] = {
1164 { 1153 {
1165 .procname = "nf_conntrack_tcp_timeout_syn_sent", 1154 .procname = "nf_conntrack_tcp_timeout_syn_sent",
1166 .data = &nf_ct_tcp_timeout_syn_sent, 1155 .data = &tcp_timeouts[TCP_CONNTRACK_SYN_SENT],
1167 .maxlen = sizeof(unsigned int), 1156 .maxlen = sizeof(unsigned int),
1168 .mode = 0644, 1157 .mode = 0644,
1169 .proc_handler = &proc_dointvec_jiffies, 1158 .proc_handler = &proc_dointvec_jiffies,
1170 }, 1159 },
1171 { 1160 {
1172 .procname = "nf_conntrack_tcp_timeout_syn_recv", 1161 .procname = "nf_conntrack_tcp_timeout_syn_recv",
1173 .data = &nf_ct_tcp_timeout_syn_recv, 1162 .data = &tcp_timeouts[TCP_CONNTRACK_SYN_RECV],
1174 .maxlen = sizeof(unsigned int), 1163 .maxlen = sizeof(unsigned int),
1175 .mode = 0644, 1164 .mode = 0644,
1176 .proc_handler = &proc_dointvec_jiffies, 1165 .proc_handler = &proc_dointvec_jiffies,
1177 }, 1166 },
1178 { 1167 {
1179 .procname = "nf_conntrack_tcp_timeout_established", 1168 .procname = "nf_conntrack_tcp_timeout_established",
1180 .data = &nf_ct_tcp_timeout_established, 1169 .data = &tcp_timeouts[TCP_CONNTRACK_ESTABLISHED],
1181 .maxlen = sizeof(unsigned int), 1170 .maxlen = sizeof(unsigned int),
1182 .mode = 0644, 1171 .mode = 0644,
1183 .proc_handler = &proc_dointvec_jiffies, 1172 .proc_handler = &proc_dointvec_jiffies,
1184 }, 1173 },
1185 { 1174 {
1186 .procname = "nf_conntrack_tcp_timeout_fin_wait", 1175 .procname = "nf_conntrack_tcp_timeout_fin_wait",
1187 .data = &nf_ct_tcp_timeout_fin_wait, 1176 .data = &tcp_timeouts[TCP_CONNTRACK_FIN_WAIT],
1188 .maxlen = sizeof(unsigned int), 1177 .maxlen = sizeof(unsigned int),
1189 .mode = 0644, 1178 .mode = 0644,
1190 .proc_handler = &proc_dointvec_jiffies, 1179 .proc_handler = &proc_dointvec_jiffies,
1191 }, 1180 },
1192 { 1181 {
1193 .procname = "nf_conntrack_tcp_timeout_close_wait", 1182 .procname = "nf_conntrack_tcp_timeout_close_wait",
1194 .data = &nf_ct_tcp_timeout_close_wait, 1183 .data = &tcp_timeouts[TCP_CONNTRACK_CLOSE_WAIT],
1195 .maxlen = sizeof(unsigned int), 1184 .maxlen = sizeof(unsigned int),
1196 .mode = 0644, 1185 .mode = 0644,
1197 .proc_handler = &proc_dointvec_jiffies, 1186 .proc_handler = &proc_dointvec_jiffies,
1198 }, 1187 },
1199 { 1188 {
1200 .procname = "nf_conntrack_tcp_timeout_last_ack", 1189 .procname = "nf_conntrack_tcp_timeout_last_ack",
1201 .data = &nf_ct_tcp_timeout_last_ack, 1190 .data = &tcp_timeouts[TCP_CONNTRACK_LAST_ACK],
1202 .maxlen = sizeof(unsigned int), 1191 .maxlen = sizeof(unsigned int),
1203 .mode = 0644, 1192 .mode = 0644,
1204 .proc_handler = &proc_dointvec_jiffies, 1193 .proc_handler = &proc_dointvec_jiffies,
1205 }, 1194 },
1206 { 1195 {
1207 .procname = "nf_conntrack_tcp_timeout_time_wait", 1196 .procname = "nf_conntrack_tcp_timeout_time_wait",
1208 .data = &nf_ct_tcp_timeout_time_wait, 1197 .data = &tcp_timeouts[TCP_CONNTRACK_TIME_WAIT],
1209 .maxlen = sizeof(unsigned int), 1198 .maxlen = sizeof(unsigned int),
1210 .mode = 0644, 1199 .mode = 0644,
1211 .proc_handler = &proc_dointvec_jiffies, 1200 .proc_handler = &proc_dointvec_jiffies,
1212 }, 1201 },
1213 { 1202 {
1214 .procname = "nf_conntrack_tcp_timeout_close", 1203 .procname = "nf_conntrack_tcp_timeout_close",
1215 .data = &nf_ct_tcp_timeout_close, 1204 .data = &tcp_timeouts[TCP_CONNTRACK_CLOSE],
1216 .maxlen = sizeof(unsigned int), 1205 .maxlen = sizeof(unsigned int),
1217 .mode = 0644, 1206 .mode = 0644,
1218 .proc_handler = &proc_dointvec_jiffies, 1207 .proc_handler = &proc_dointvec_jiffies,
@@ -1257,56 +1246,56 @@ static struct ctl_table tcp_sysctl_table[] = {
1257static struct ctl_table tcp_compat_sysctl_table[] = { 1246static struct ctl_table tcp_compat_sysctl_table[] = {
1258 { 1247 {
1259 .procname = "ip_conntrack_tcp_timeout_syn_sent", 1248 .procname = "ip_conntrack_tcp_timeout_syn_sent",
1260 .data = &nf_ct_tcp_timeout_syn_sent, 1249 .data = &tcp_timeouts[TCP_CONNTRACK_SYN_SENT],
1261 .maxlen = sizeof(unsigned int), 1250 .maxlen = sizeof(unsigned int),
1262 .mode = 0644, 1251 .mode = 0644,
1263 .proc_handler = &proc_dointvec_jiffies, 1252 .proc_handler = &proc_dointvec_jiffies,
1264 }, 1253 },
1265 { 1254 {
1266 .procname = "ip_conntrack_tcp_timeout_syn_recv", 1255 .procname = "ip_conntrack_tcp_timeout_syn_recv",
1267 .data = &nf_ct_tcp_timeout_syn_recv, 1256 .data = &tcp_timeouts[TCP_CONNTRACK_SYN_RECV],
1268 .maxlen = sizeof(unsigned int), 1257 .maxlen = sizeof(unsigned int),
1269 .mode = 0644, 1258 .mode = 0644,
1270 .proc_handler = &proc_dointvec_jiffies, 1259 .proc_handler = &proc_dointvec_jiffies,
1271 }, 1260 },
1272 { 1261 {
1273 .procname = "ip_conntrack_tcp_timeout_established", 1262 .procname = "ip_conntrack_tcp_timeout_established",
1274 .data = &nf_ct_tcp_timeout_established, 1263 .data = &tcp_timeouts[TCP_CONNTRACK_ESTABLISHED],
1275 .maxlen = sizeof(unsigned int), 1264 .maxlen = sizeof(unsigned int),
1276 .mode = 0644, 1265 .mode = 0644,
1277 .proc_handler = &proc_dointvec_jiffies, 1266 .proc_handler = &proc_dointvec_jiffies,
1278 }, 1267 },
1279 { 1268 {
1280 .procname = "ip_conntrack_tcp_timeout_fin_wait", 1269 .procname = "ip_conntrack_tcp_timeout_fin_wait",
1281 .data = &nf_ct_tcp_timeout_fin_wait, 1270 .data = &tcp_timeouts[TCP_CONNTRACK_FIN_WAIT],
1282 .maxlen = sizeof(unsigned int), 1271 .maxlen = sizeof(unsigned int),
1283 .mode = 0644, 1272 .mode = 0644,
1284 .proc_handler = &proc_dointvec_jiffies, 1273 .proc_handler = &proc_dointvec_jiffies,
1285 }, 1274 },
1286 { 1275 {
1287 .procname = "ip_conntrack_tcp_timeout_close_wait", 1276 .procname = "ip_conntrack_tcp_timeout_close_wait",
1288 .data = &nf_ct_tcp_timeout_close_wait, 1277 .data = &tcp_timeouts[TCP_CONNTRACK_CLOSE_WAIT],
1289 .maxlen = sizeof(unsigned int), 1278 .maxlen = sizeof(unsigned int),
1290 .mode = 0644, 1279 .mode = 0644,
1291 .proc_handler = &proc_dointvec_jiffies, 1280 .proc_handler = &proc_dointvec_jiffies,
1292 }, 1281 },
1293 { 1282 {
1294 .procname = "ip_conntrack_tcp_timeout_last_ack", 1283 .procname = "ip_conntrack_tcp_timeout_last_ack",
1295 .data = &nf_ct_tcp_timeout_last_ack, 1284 .data = &tcp_timeouts[TCP_CONNTRACK_LAST_ACK],
1296 .maxlen = sizeof(unsigned int), 1285 .maxlen = sizeof(unsigned int),
1297 .mode = 0644, 1286 .mode = 0644,
1298 .proc_handler = &proc_dointvec_jiffies, 1287 .proc_handler = &proc_dointvec_jiffies,
1299 }, 1288 },
1300 { 1289 {
1301 .procname = "ip_conntrack_tcp_timeout_time_wait", 1290 .procname = "ip_conntrack_tcp_timeout_time_wait",
1302 .data = &nf_ct_tcp_timeout_time_wait, 1291 .data = &tcp_timeouts[TCP_CONNTRACK_TIME_WAIT],
1303 .maxlen = sizeof(unsigned int), 1292 .maxlen = sizeof(unsigned int),
1304 .mode = 0644, 1293 .mode = 0644,
1305 .proc_handler = &proc_dointvec_jiffies, 1294 .proc_handler = &proc_dointvec_jiffies,
1306 }, 1295 },
1307 { 1296 {
1308 .procname = "ip_conntrack_tcp_timeout_close", 1297 .procname = "ip_conntrack_tcp_timeout_close",
1309 .data = &nf_ct_tcp_timeout_close, 1298 .data = &tcp_timeouts[TCP_CONNTRACK_CLOSE],
1310 .maxlen = sizeof(unsigned int), 1299 .maxlen = sizeof(unsigned int),
1311 .mode = 0644, 1300 .mode = 0644,
1312 .proc_handler = &proc_dointvec_jiffies, 1301 .proc_handler = &proc_dointvec_jiffies,