diff options
author | Patrick McHardy <kaber@trash.net> | 2008-01-15 02:45:32 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-28 18:02:32 -0500 |
commit | 2d6462869f8c2edca9dbb53ca3b661a52fc4c144 (patch) | |
tree | 5447aedeec36b009b996103afa1ccbaed793a35d | |
parent | a5e73c29d9243cc2e889a9d7155f331923eee655 (diff) |
[NETFILTER]: nf_conntrack_tcp: remove timeout indirection
Instead of keeping pointers to the timeout values in a table, simply
put the timeout values in the table directly.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/netfilter/nf_conntrack_proto_tcp.c | 67 |
1 files changed, 28 insertions, 39 deletions
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c index dbd8f84fa192..64c9b910419c 100644 --- a/net/netfilter/nf_conntrack_proto_tcp.c +++ b/net/netfilter/nf_conntrack_proto_tcp.c | |||
@@ -64,32 +64,21 @@ static const char *tcp_conntrack_names[] = { | |||
64 | #define HOURS * 60 MINS | 64 | #define HOURS * 60 MINS |
65 | #define DAYS * 24 HOURS | 65 | #define DAYS * 24 HOURS |
66 | 66 | ||
67 | static unsigned int nf_ct_tcp_timeout_syn_sent __read_mostly = 2 MINS; | ||
68 | static unsigned int nf_ct_tcp_timeout_syn_recv __read_mostly = 60 SECS; | ||
69 | static unsigned int nf_ct_tcp_timeout_established __read_mostly = 5 DAYS; | ||
70 | static unsigned int nf_ct_tcp_timeout_fin_wait __read_mostly = 2 MINS; | ||
71 | static unsigned int nf_ct_tcp_timeout_close_wait __read_mostly = 60 SECS; | ||
72 | static unsigned int nf_ct_tcp_timeout_last_ack __read_mostly = 30 SECS; | ||
73 | static unsigned int nf_ct_tcp_timeout_time_wait __read_mostly = 2 MINS; | ||
74 | static unsigned int nf_ct_tcp_timeout_close __read_mostly = 10 SECS; | ||
75 | |||
76 | /* RFC1122 says the R2 limit should be at least 100 seconds. | 67 | /* RFC1122 says the R2 limit should be at least 100 seconds. |
77 | Linux uses 15 packets as limit, which corresponds | 68 | Linux uses 15 packets as limit, which corresponds |
78 | to ~13-30min depending on RTO. */ | 69 | to ~13-30min depending on RTO. */ |
79 | static unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS; | 70 | static unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS; |
80 | 71 | ||
81 | static unsigned int * tcp_timeouts[] = { | 72 | static unsigned int tcp_timeouts[TCP_CONNTRACK_MAX] __read_mostly = { |
82 | NULL, /* TCP_CONNTRACK_NONE */ | 73 | [TCP_CONNTRACK_SYN_SENT] = 2 MINS, |
83 | &nf_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */ | 74 | [TCP_CONNTRACK_SYN_RECV] = 60 SECS, |
84 | &nf_ct_tcp_timeout_syn_recv, /* TCP_CONNTRACK_SYN_RECV, */ | 75 | [TCP_CONNTRACK_ESTABLISHED] = 5 DAYS, |
85 | &nf_ct_tcp_timeout_established, /* TCP_CONNTRACK_ESTABLISHED, */ | 76 | [TCP_CONNTRACK_FIN_WAIT] = 2 MINS, |
86 | &nf_ct_tcp_timeout_fin_wait, /* TCP_CONNTRACK_FIN_WAIT, */ | 77 | [TCP_CONNTRACK_CLOSE_WAIT] = 60 SECS, |
87 | &nf_ct_tcp_timeout_close_wait, /* TCP_CONNTRACK_CLOSE_WAIT, */ | 78 | [TCP_CONNTRACK_LAST_ACK] = 30 SECS, |
88 | &nf_ct_tcp_timeout_last_ack, /* TCP_CONNTRACK_LAST_ACK, */ | 79 | [TCP_CONNTRACK_TIME_WAIT] = 2 MINS, |
89 | &nf_ct_tcp_timeout_time_wait, /* TCP_CONNTRACK_TIME_WAIT, */ | 80 | [TCP_CONNTRACK_CLOSE] = 10 SECS, |
90 | &nf_ct_tcp_timeout_close, /* TCP_CONNTRACK_CLOSE, */ | 81 | }; |
91 | NULL, /* TCP_CONNTRACK_LISTEN */ | ||
92 | }; | ||
93 | 82 | ||
94 | #define sNO TCP_CONNTRACK_NONE | 83 | #define sNO TCP_CONNTRACK_NONE |
95 | #define sSS TCP_CONNTRACK_SYN_SENT | 84 | #define sSS TCP_CONNTRACK_SYN_SENT |
@@ -941,8 +930,8 @@ static int tcp_packet(struct nf_conn *conntrack, | |||
941 | || new_state == TCP_CONNTRACK_CLOSE)) | 930 | || new_state == TCP_CONNTRACK_CLOSE)) |
942 | conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT; | 931 | conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT; |
943 | timeout = conntrack->proto.tcp.retrans >= nf_ct_tcp_max_retrans | 932 | timeout = conntrack->proto.tcp.retrans >= nf_ct_tcp_max_retrans |
944 | && *tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans | 933 | && tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans |
945 | ? nf_ct_tcp_timeout_max_retrans : *tcp_timeouts[new_state]; | 934 | ? nf_ct_tcp_timeout_max_retrans : tcp_timeouts[new_state]; |
946 | write_unlock_bh(&tcp_lock); | 935 | write_unlock_bh(&tcp_lock); |
947 | 936 | ||
948 | nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb); | 937 | nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb); |
@@ -1163,56 +1152,56 @@ static struct ctl_table_header *tcp_sysctl_header; | |||
1163 | static struct ctl_table tcp_sysctl_table[] = { | 1152 | static struct ctl_table tcp_sysctl_table[] = { |
1164 | { | 1153 | { |
1165 | .procname = "nf_conntrack_tcp_timeout_syn_sent", | 1154 | .procname = "nf_conntrack_tcp_timeout_syn_sent", |
1166 | .data = &nf_ct_tcp_timeout_syn_sent, | 1155 | .data = &tcp_timeouts[TCP_CONNTRACK_SYN_SENT], |
1167 | .maxlen = sizeof(unsigned int), | 1156 | .maxlen = sizeof(unsigned int), |
1168 | .mode = 0644, | 1157 | .mode = 0644, |
1169 | .proc_handler = &proc_dointvec_jiffies, | 1158 | .proc_handler = &proc_dointvec_jiffies, |
1170 | }, | 1159 | }, |
1171 | { | 1160 | { |
1172 | .procname = "nf_conntrack_tcp_timeout_syn_recv", | 1161 | .procname = "nf_conntrack_tcp_timeout_syn_recv", |
1173 | .data = &nf_ct_tcp_timeout_syn_recv, | 1162 | .data = &tcp_timeouts[TCP_CONNTRACK_SYN_RECV], |
1174 | .maxlen = sizeof(unsigned int), | 1163 | .maxlen = sizeof(unsigned int), |
1175 | .mode = 0644, | 1164 | .mode = 0644, |
1176 | .proc_handler = &proc_dointvec_jiffies, | 1165 | .proc_handler = &proc_dointvec_jiffies, |
1177 | }, | 1166 | }, |
1178 | { | 1167 | { |
1179 | .procname = "nf_conntrack_tcp_timeout_established", | 1168 | .procname = "nf_conntrack_tcp_timeout_established", |
1180 | .data = &nf_ct_tcp_timeout_established, | 1169 | .data = &tcp_timeouts[TCP_CONNTRACK_ESTABLISHED], |
1181 | .maxlen = sizeof(unsigned int), | 1170 | .maxlen = sizeof(unsigned int), |
1182 | .mode = 0644, | 1171 | .mode = 0644, |
1183 | .proc_handler = &proc_dointvec_jiffies, | 1172 | .proc_handler = &proc_dointvec_jiffies, |
1184 | }, | 1173 | }, |
1185 | { | 1174 | { |
1186 | .procname = "nf_conntrack_tcp_timeout_fin_wait", | 1175 | .procname = "nf_conntrack_tcp_timeout_fin_wait", |
1187 | .data = &nf_ct_tcp_timeout_fin_wait, | 1176 | .data = &tcp_timeouts[TCP_CONNTRACK_FIN_WAIT], |
1188 | .maxlen = sizeof(unsigned int), | 1177 | .maxlen = sizeof(unsigned int), |
1189 | .mode = 0644, | 1178 | .mode = 0644, |
1190 | .proc_handler = &proc_dointvec_jiffies, | 1179 | .proc_handler = &proc_dointvec_jiffies, |
1191 | }, | 1180 | }, |
1192 | { | 1181 | { |
1193 | .procname = "nf_conntrack_tcp_timeout_close_wait", | 1182 | .procname = "nf_conntrack_tcp_timeout_close_wait", |
1194 | .data = &nf_ct_tcp_timeout_close_wait, | 1183 | .data = &tcp_timeouts[TCP_CONNTRACK_CLOSE_WAIT], |
1195 | .maxlen = sizeof(unsigned int), | 1184 | .maxlen = sizeof(unsigned int), |
1196 | .mode = 0644, | 1185 | .mode = 0644, |
1197 | .proc_handler = &proc_dointvec_jiffies, | 1186 | .proc_handler = &proc_dointvec_jiffies, |
1198 | }, | 1187 | }, |
1199 | { | 1188 | { |
1200 | .procname = "nf_conntrack_tcp_timeout_last_ack", | 1189 | .procname = "nf_conntrack_tcp_timeout_last_ack", |
1201 | .data = &nf_ct_tcp_timeout_last_ack, | 1190 | .data = &tcp_timeouts[TCP_CONNTRACK_LAST_ACK], |
1202 | .maxlen = sizeof(unsigned int), | 1191 | .maxlen = sizeof(unsigned int), |
1203 | .mode = 0644, | 1192 | .mode = 0644, |
1204 | .proc_handler = &proc_dointvec_jiffies, | 1193 | .proc_handler = &proc_dointvec_jiffies, |
1205 | }, | 1194 | }, |
1206 | { | 1195 | { |
1207 | .procname = "nf_conntrack_tcp_timeout_time_wait", | 1196 | .procname = "nf_conntrack_tcp_timeout_time_wait", |
1208 | .data = &nf_ct_tcp_timeout_time_wait, | 1197 | .data = &tcp_timeouts[TCP_CONNTRACK_TIME_WAIT], |
1209 | .maxlen = sizeof(unsigned int), | 1198 | .maxlen = sizeof(unsigned int), |
1210 | .mode = 0644, | 1199 | .mode = 0644, |
1211 | .proc_handler = &proc_dointvec_jiffies, | 1200 | .proc_handler = &proc_dointvec_jiffies, |
1212 | }, | 1201 | }, |
1213 | { | 1202 | { |
1214 | .procname = "nf_conntrack_tcp_timeout_close", | 1203 | .procname = "nf_conntrack_tcp_timeout_close", |
1215 | .data = &nf_ct_tcp_timeout_close, | 1204 | .data = &tcp_timeouts[TCP_CONNTRACK_CLOSE], |
1216 | .maxlen = sizeof(unsigned int), | 1205 | .maxlen = sizeof(unsigned int), |
1217 | .mode = 0644, | 1206 | .mode = 0644, |
1218 | .proc_handler = &proc_dointvec_jiffies, | 1207 | .proc_handler = &proc_dointvec_jiffies, |
@@ -1257,56 +1246,56 @@ static struct ctl_table tcp_sysctl_table[] = { | |||
1257 | static struct ctl_table tcp_compat_sysctl_table[] = { | 1246 | static struct ctl_table tcp_compat_sysctl_table[] = { |
1258 | { | 1247 | { |
1259 | .procname = "ip_conntrack_tcp_timeout_syn_sent", | 1248 | .procname = "ip_conntrack_tcp_timeout_syn_sent", |
1260 | .data = &nf_ct_tcp_timeout_syn_sent, | 1249 | .data = &tcp_timeouts[TCP_CONNTRACK_SYN_SENT], |
1261 | .maxlen = sizeof(unsigned int), | 1250 | .maxlen = sizeof(unsigned int), |
1262 | .mode = 0644, | 1251 | .mode = 0644, |
1263 | .proc_handler = &proc_dointvec_jiffies, | 1252 | .proc_handler = &proc_dointvec_jiffies, |
1264 | }, | 1253 | }, |
1265 | { | 1254 | { |
1266 | .procname = "ip_conntrack_tcp_timeout_syn_recv", | 1255 | .procname = "ip_conntrack_tcp_timeout_syn_recv", |
1267 | .data = &nf_ct_tcp_timeout_syn_recv, | 1256 | .data = &tcp_timeouts[TCP_CONNTRACK_SYN_RECV], |
1268 | .maxlen = sizeof(unsigned int), | 1257 | .maxlen = sizeof(unsigned int), |
1269 | .mode = 0644, | 1258 | .mode = 0644, |
1270 | .proc_handler = &proc_dointvec_jiffies, | 1259 | .proc_handler = &proc_dointvec_jiffies, |
1271 | }, | 1260 | }, |
1272 | { | 1261 | { |
1273 | .procname = "ip_conntrack_tcp_timeout_established", | 1262 | .procname = "ip_conntrack_tcp_timeout_established", |
1274 | .data = &nf_ct_tcp_timeout_established, | 1263 | .data = &tcp_timeouts[TCP_CONNTRACK_ESTABLISHED], |
1275 | .maxlen = sizeof(unsigned int), | 1264 | .maxlen = sizeof(unsigned int), |
1276 | .mode = 0644, | 1265 | .mode = 0644, |
1277 | .proc_handler = &proc_dointvec_jiffies, | 1266 | .proc_handler = &proc_dointvec_jiffies, |
1278 | }, | 1267 | }, |
1279 | { | 1268 | { |
1280 | .procname = "ip_conntrack_tcp_timeout_fin_wait", | 1269 | .procname = "ip_conntrack_tcp_timeout_fin_wait", |
1281 | .data = &nf_ct_tcp_timeout_fin_wait, | 1270 | .data = &tcp_timeouts[TCP_CONNTRACK_FIN_WAIT], |
1282 | .maxlen = sizeof(unsigned int), | 1271 | .maxlen = sizeof(unsigned int), |
1283 | .mode = 0644, | 1272 | .mode = 0644, |
1284 | .proc_handler = &proc_dointvec_jiffies, | 1273 | .proc_handler = &proc_dointvec_jiffies, |
1285 | }, | 1274 | }, |
1286 | { | 1275 | { |
1287 | .procname = "ip_conntrack_tcp_timeout_close_wait", | 1276 | .procname = "ip_conntrack_tcp_timeout_close_wait", |
1288 | .data = &nf_ct_tcp_timeout_close_wait, | 1277 | .data = &tcp_timeouts[TCP_CONNTRACK_CLOSE_WAIT], |
1289 | .maxlen = sizeof(unsigned int), | 1278 | .maxlen = sizeof(unsigned int), |
1290 | .mode = 0644, | 1279 | .mode = 0644, |
1291 | .proc_handler = &proc_dointvec_jiffies, | 1280 | .proc_handler = &proc_dointvec_jiffies, |
1292 | }, | 1281 | }, |
1293 | { | 1282 | { |
1294 | .procname = "ip_conntrack_tcp_timeout_last_ack", | 1283 | .procname = "ip_conntrack_tcp_timeout_last_ack", |
1295 | .data = &nf_ct_tcp_timeout_last_ack, | 1284 | .data = &tcp_timeouts[TCP_CONNTRACK_LAST_ACK], |
1296 | .maxlen = sizeof(unsigned int), | 1285 | .maxlen = sizeof(unsigned int), |
1297 | .mode = 0644, | 1286 | .mode = 0644, |
1298 | .proc_handler = &proc_dointvec_jiffies, | 1287 | .proc_handler = &proc_dointvec_jiffies, |
1299 | }, | 1288 | }, |
1300 | { | 1289 | { |
1301 | .procname = "ip_conntrack_tcp_timeout_time_wait", | 1290 | .procname = "ip_conntrack_tcp_timeout_time_wait", |
1302 | .data = &nf_ct_tcp_timeout_time_wait, | 1291 | .data = &tcp_timeouts[TCP_CONNTRACK_TIME_WAIT], |
1303 | .maxlen = sizeof(unsigned int), | 1292 | .maxlen = sizeof(unsigned int), |
1304 | .mode = 0644, | 1293 | .mode = 0644, |
1305 | .proc_handler = &proc_dointvec_jiffies, | 1294 | .proc_handler = &proc_dointvec_jiffies, |
1306 | }, | 1295 | }, |
1307 | { | 1296 | { |
1308 | .procname = "ip_conntrack_tcp_timeout_close", | 1297 | .procname = "ip_conntrack_tcp_timeout_close", |
1309 | .data = &nf_ct_tcp_timeout_close, | 1298 | .data = &tcp_timeouts[TCP_CONNTRACK_CLOSE], |
1310 | .maxlen = sizeof(unsigned int), | 1299 | .maxlen = sizeof(unsigned int), |
1311 | .mode = 0644, | 1300 | .mode = 0644, |
1312 | .proc_handler = &proc_dointvec_jiffies, | 1301 | .proc_handler = &proc_dointvec_jiffies, |