diff options
author | Pavel Emelyanov <xemul@openvz.org> | 2008-01-22 09:09:37 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-28 18:10:37 -0500 |
commit | b2fd5321dd160ef309dfb6cfc78ed8de4a830659 (patch) | |
tree | 48d56923c239a2f5174e82528ee2632e159d33a7 | |
parent | e4a2d5c2bccd5bd29de5ae4f14ff4448fac9cfc8 (diff) |
[NETNS][FRAGS]: Make the net.ipv4.ipfrag_timeout work in namespaces.
Move it to the netns_frags, adjust the usage and
make the appropriate ctl table writable.
Now fragment, that live in different namespaces can
live for different times.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/inet_frag.h | 4 | ||||
-rw-r--r-- | net/ipv4/inet_fragment.c | 2 | ||||
-rw-r--r-- | net/ipv4/ip_fragment.c | 20 | ||||
-rw-r--r-- | net/ipv6/netfilter/nf_conntrack_reasm.c | 4 | ||||
-rw-r--r-- | net/ipv6/reassembly.c | 6 |
5 files changed, 19 insertions, 17 deletions
diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h index 6edce7b2ff13..f56e296e6227 100644 --- a/include/net/inet_frag.h +++ b/include/net/inet_frag.h | |||
@@ -4,6 +4,9 @@ | |||
4 | struct netns_frags { | 4 | struct netns_frags { |
5 | int nqueues; | 5 | int nqueues; |
6 | atomic_t mem; | 6 | atomic_t mem; |
7 | |||
8 | /* sysctls */ | ||
9 | int timeout; | ||
7 | }; | 10 | }; |
8 | 11 | ||
9 | struct inet_frag_queue { | 12 | struct inet_frag_queue { |
@@ -29,7 +32,6 @@ struct inet_frag_queue { | |||
29 | struct inet_frags_ctl { | 32 | struct inet_frags_ctl { |
30 | int high_thresh; | 33 | int high_thresh; |
31 | int low_thresh; | 34 | int low_thresh; |
32 | int timeout; | ||
33 | int secret_interval; | 35 | int secret_interval; |
34 | }; | 36 | }; |
35 | 37 | ||
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c index ad79ae0c0264..9da96792fffb 100644 --- a/net/ipv4/inet_fragment.c +++ b/net/ipv4/inet_fragment.c | |||
@@ -206,7 +206,7 @@ static struct inet_frag_queue *inet_frag_intern(struct netns_frags *nf, | |||
206 | } | 206 | } |
207 | #endif | 207 | #endif |
208 | qp = qp_in; | 208 | qp = qp_in; |
209 | if (!mod_timer(&qp->timer, jiffies + f->ctl->timeout)) | 209 | if (!mod_timer(&qp->timer, jiffies + nf->timeout)) |
210 | atomic_inc(&qp->refcnt); | 210 | atomic_inc(&qp->refcnt); |
211 | 211 | ||
212 | atomic_inc(&qp->refcnt); | 212 | atomic_inc(&qp->refcnt); |
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index c51e1a11dc6b..70d241c8d2a8 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c | |||
@@ -83,13 +83,6 @@ static struct inet_frags_ctl ip4_frags_ctl __read_mostly = { | |||
83 | */ | 83 | */ |
84 | .high_thresh = 256 * 1024, | 84 | .high_thresh = 256 * 1024, |
85 | .low_thresh = 192 * 1024, | 85 | .low_thresh = 192 * 1024, |
86 | |||
87 | /* | ||
88 | * Important NOTE! Fragment queue must be destroyed before MSL expires. | ||
89 | * RFC791 is wrong proposing to prolongate timer each fragment arrival | ||
90 | * by TTL. | ||
91 | */ | ||
92 | .timeout = IP_FRAG_TIME, | ||
93 | .secret_interval = 10 * 60 * HZ, | 86 | .secret_interval = 10 * 60 * HZ, |
94 | }; | 87 | }; |
95 | 88 | ||
@@ -287,7 +280,7 @@ static int ip_frag_reinit(struct ipq *qp) | |||
287 | { | 280 | { |
288 | struct sk_buff *fp; | 281 | struct sk_buff *fp; |
289 | 282 | ||
290 | if (!mod_timer(&qp->q.timer, jiffies + ip4_frags_ctl.timeout)) { | 283 | if (!mod_timer(&qp->q.timer, jiffies + qp->q.net->timeout)) { |
291 | atomic_inc(&qp->q.refcnt); | 284 | atomic_inc(&qp->q.refcnt); |
292 | return -ETIMEDOUT; | 285 | return -ETIMEDOUT; |
293 | } | 286 | } |
@@ -633,7 +626,7 @@ static struct ctl_table ip4_frags_ctl_table[] = { | |||
633 | { | 626 | { |
634 | .ctl_name = NET_IPV4_IPFRAG_TIME, | 627 | .ctl_name = NET_IPV4_IPFRAG_TIME, |
635 | .procname = "ipfrag_time", | 628 | .procname = "ipfrag_time", |
636 | .data = &ip4_frags_ctl.timeout, | 629 | .data = &init_net.ipv4.frags.timeout, |
637 | .maxlen = sizeof(int), | 630 | .maxlen = sizeof(int), |
638 | .mode = 0644, | 631 | .mode = 0644, |
639 | .proc_handler = &proc_dointvec_jiffies, | 632 | .proc_handler = &proc_dointvec_jiffies, |
@@ -672,7 +665,7 @@ static int ip4_frags_ctl_register(struct net *net) | |||
672 | 665 | ||
673 | table[0].mode &= ~0222; | 666 | table[0].mode &= ~0222; |
674 | table[1].mode &= ~0222; | 667 | table[1].mode &= ~0222; |
675 | table[2].mode &= ~0222; | 668 | table[2].data = &net->ipv4.frags.timeout; |
676 | table[3].mode &= ~0222; | 669 | table[3].mode &= ~0222; |
677 | table[4].mode &= ~0222; | 670 | table[4].mode &= ~0222; |
678 | } | 671 | } |
@@ -712,6 +705,13 @@ static inline void ip4_frags_ctl_unregister(struct net *net) | |||
712 | 705 | ||
713 | static int ipv4_frags_init_net(struct net *net) | 706 | static int ipv4_frags_init_net(struct net *net) |
714 | { | 707 | { |
708 | /* | ||
709 | * Important NOTE! Fragment queue must be destroyed before MSL expires. | ||
710 | * RFC791 is wrong proposing to prolongate timer each fragment arrival | ||
711 | * by TTL. | ||
712 | */ | ||
713 | net->ipv4.frags.timeout = IP_FRAG_TIME; | ||
714 | |||
715 | inet_frags_init_net(&net->ipv4.frags); | 715 | inet_frags_init_net(&net->ipv4.frags); |
716 | 716 | ||
717 | return ip4_frags_ctl_register(net); | 717 | return ip4_frags_ctl_register(net); |
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index cb826bea4b1b..92a311ff79c7 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c | |||
@@ -73,7 +73,6 @@ struct nf_ct_frag6_queue | |||
73 | static struct inet_frags_ctl nf_frags_ctl __read_mostly = { | 73 | static struct inet_frags_ctl nf_frags_ctl __read_mostly = { |
74 | .high_thresh = 256 * 1024, | 74 | .high_thresh = 256 * 1024, |
75 | .low_thresh = 192 * 1024, | 75 | .low_thresh = 192 * 1024, |
76 | .timeout = IPV6_FRAG_TIMEOUT, | ||
77 | .secret_interval = 10 * 60 * HZ, | 76 | .secret_interval = 10 * 60 * HZ, |
78 | }; | 77 | }; |
79 | 78 | ||
@@ -84,7 +83,7 @@ static struct netns_frags nf_init_frags; | |||
84 | struct ctl_table nf_ct_ipv6_sysctl_table[] = { | 83 | struct ctl_table nf_ct_ipv6_sysctl_table[] = { |
85 | { | 84 | { |
86 | .procname = "nf_conntrack_frag6_timeout", | 85 | .procname = "nf_conntrack_frag6_timeout", |
87 | .data = &nf_frags_ctl.timeout, | 86 | .data = &nf_init_frags.timeout, |
88 | .maxlen = sizeof(unsigned int), | 87 | .maxlen = sizeof(unsigned int), |
89 | .mode = 0644, | 88 | .mode = 0644, |
90 | .proc_handler = &proc_dointvec_jiffies, | 89 | .proc_handler = &proc_dointvec_jiffies, |
@@ -712,6 +711,7 @@ int nf_ct_frag6_init(void) | |||
712 | nf_frags.qsize = sizeof(struct nf_ct_frag6_queue); | 711 | nf_frags.qsize = sizeof(struct nf_ct_frag6_queue); |
713 | nf_frags.match = ip6_frag_match; | 712 | nf_frags.match = ip6_frag_match; |
714 | nf_frags.frag_expire = nf_ct_frag6_expire; | 713 | nf_frags.frag_expire = nf_ct_frag6_expire; |
714 | nf_init_frags.timeout = IPV6_FRAG_TIMEOUT; | ||
715 | inet_frags_init_net(&nf_init_frags); | 715 | inet_frags_init_net(&nf_init_frags); |
716 | inet_frags_init(&nf_frags); | 716 | inet_frags_init(&nf_frags); |
717 | 717 | ||
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index 0300dcbf1a75..91761365b181 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c | |||
@@ -650,7 +650,7 @@ static struct ctl_table ip6_frags_ctl_table[] = { | |||
650 | { | 650 | { |
651 | .ctl_name = NET_IPV6_IP6FRAG_TIME, | 651 | .ctl_name = NET_IPV6_IP6FRAG_TIME, |
652 | .procname = "ip6frag_time", | 652 | .procname = "ip6frag_time", |
653 | .data = &init_net.ipv6.sysctl.frags.timeout, | 653 | .data = &init_net.ipv6.frags.timeout, |
654 | .maxlen = sizeof(int), | 654 | .maxlen = sizeof(int), |
655 | .mode = 0644, | 655 | .mode = 0644, |
656 | .proc_handler = &proc_dointvec_jiffies, | 656 | .proc_handler = &proc_dointvec_jiffies, |
@@ -681,7 +681,7 @@ static int ip6_frags_sysctl_register(struct net *net) | |||
681 | 681 | ||
682 | table[0].mode &= ~0222; | 682 | table[0].mode &= ~0222; |
683 | table[1].mode &= ~0222; | 683 | table[1].mode &= ~0222; |
684 | table[2].mode &= ~0222; | 684 | table[2].data = &net->ipv6.frags.timeout; |
685 | table[3].mode &= ~0222; | 685 | table[3].mode &= ~0222; |
686 | } | 686 | } |
687 | 687 | ||
@@ -724,7 +724,7 @@ static int ipv6_frags_init_net(struct net *net) | |||
724 | 724 | ||
725 | net->ipv6.sysctl.frags.high_thresh = 256 * 1024; | 725 | net->ipv6.sysctl.frags.high_thresh = 256 * 1024; |
726 | net->ipv6.sysctl.frags.low_thresh = 192 * 1024; | 726 | net->ipv6.sysctl.frags.low_thresh = 192 * 1024; |
727 | net->ipv6.sysctl.frags.timeout = IPV6_FRAG_TIMEOUT; | 727 | net->ipv6.frags.timeout = IPV6_FRAG_TIMEOUT; |
728 | net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ; | 728 | net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ; |
729 | 729 | ||
730 | inet_frags_init_net(&net->ipv6.frags); | 730 | inet_frags_init_net(&net->ipv6.frags); |