aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2008-10-08 05:35:03 -0400
committerPatrick McHardy <kaber@trash.net>2008-10-08 05:35:03 -0400
commit9b03f38d0487f3908696242286d934c9b38f9d2a (patch)
tree8f45ef997e2badfe7c534b6991f3a4816905e4d3 /include/net
parentb21f89019399ff75d9c239010e38b840eb6e01e7 (diff)
netfilter: netns nf_conntrack: per-netns expectations
Make per-netns a) expectation hash and b) expectations count. Expectations always belongs to netns to which it's master conntrack belong. This is natural and doesn't bloat expectation. Proc files and leaf users are stubbed to init_net, this is temporary. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/netfilter/nf_conntrack_expect.h20
-rw-r--r--include/net/netns/conntrack.h3
2 files changed, 17 insertions, 6 deletions
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h
index 4c4d894cb9b5..37a7fc1164b0 100644
--- a/include/net/netfilter/nf_conntrack_expect.h
+++ b/include/net/netfilter/nf_conntrack_expect.h
@@ -6,7 +6,6 @@
6#define _NF_CONNTRACK_EXPECT_H 6#define _NF_CONNTRACK_EXPECT_H
7#include <net/netfilter/nf_conntrack.h> 7#include <net/netfilter/nf_conntrack.h>
8 8
9extern struct hlist_head *nf_ct_expect_hash;
10extern unsigned int nf_ct_expect_hsize; 9extern unsigned int nf_ct_expect_hsize;
11extern unsigned int nf_ct_expect_max; 10extern unsigned int nf_ct_expect_max;
12 11
@@ -56,6 +55,15 @@ struct nf_conntrack_expect
56 struct rcu_head rcu; 55 struct rcu_head rcu;
57}; 56};
58 57
58static inline struct net *nf_ct_exp_net(struct nf_conntrack_expect *exp)
59{
60#ifdef CONFIG_NET_NS
61 return exp->master->ct_net; /* by definition */
62#else
63 return &init_net;
64#endif
65}
66
59struct nf_conntrack_expect_policy 67struct nf_conntrack_expect_policy
60{ 68{
61 unsigned int max_expected; 69 unsigned int max_expected;
@@ -67,17 +75,17 @@ struct nf_conntrack_expect_policy
67#define NF_CT_EXPECT_PERMANENT 0x1 75#define NF_CT_EXPECT_PERMANENT 0x1
68#define NF_CT_EXPECT_INACTIVE 0x2 76#define NF_CT_EXPECT_INACTIVE 0x2
69 77
70int nf_conntrack_expect_init(void); 78int nf_conntrack_expect_init(struct net *net);
71void nf_conntrack_expect_fini(void); 79void nf_conntrack_expect_fini(struct net *net);
72 80
73struct nf_conntrack_expect * 81struct nf_conntrack_expect *
74__nf_ct_expect_find(const struct nf_conntrack_tuple *tuple); 82__nf_ct_expect_find(struct net *net, const struct nf_conntrack_tuple *tuple);
75 83
76struct nf_conntrack_expect * 84struct nf_conntrack_expect *
77nf_ct_expect_find_get(const struct nf_conntrack_tuple *tuple); 85nf_ct_expect_find_get(struct net *net, const struct nf_conntrack_tuple *tuple);
78 86
79struct nf_conntrack_expect * 87struct nf_conntrack_expect *
80nf_ct_find_expectation(const struct nf_conntrack_tuple *tuple); 88nf_ct_find_expectation(struct net *net, const struct nf_conntrack_tuple *tuple);
81 89
82void nf_ct_unlink_expect(struct nf_conntrack_expect *exp); 90void nf_ct_unlink_expect(struct nf_conntrack_expect *exp);
83void nf_ct_remove_expectations(struct nf_conn *ct); 91void nf_ct_remove_expectations(struct nf_conn *ct);
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
index b767683f112b..e453a33f3e93 100644
--- a/include/net/netns/conntrack.h
+++ b/include/net/netns/conntrack.h
@@ -5,7 +5,10 @@
5 5
6struct netns_ct { 6struct netns_ct {
7 atomic_t count; 7 atomic_t count;
8 unsigned int expect_count;
8 struct hlist_head *hash; 9 struct hlist_head *hash;
10 struct hlist_head *expect_hash;
9 int hash_vmalloc; 11 int hash_vmalloc;
12 int expect_vmalloc;
10}; 13};
11#endif 14#endif