diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-08 05:35:03 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:03 -0400 |
commit | 9b03f38d0487f3908696242286d934c9b38f9d2a (patch) | |
tree | 8f45ef997e2badfe7c534b6991f3a4816905e4d3 /include/net | |
parent | b21f89019399ff75d9c239010e38b840eb6e01e7 (diff) |
netfilter: netns nf_conntrack: per-netns expectations
Make per-netns a) expectation hash and b) expectations count.
Expectations always belongs to netns to which it's master conntrack belong.
This is natural and doesn't bloat expectation.
Proc files and leaf users are stubbed to init_net, this is temporary.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/netfilter/nf_conntrack_expect.h | 20 | ||||
-rw-r--r-- | include/net/netns/conntrack.h | 3 |
2 files changed, 17 insertions, 6 deletions
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h index 4c4d894cb9b5..37a7fc1164b0 100644 --- a/include/net/netfilter/nf_conntrack_expect.h +++ b/include/net/netfilter/nf_conntrack_expect.h | |||
@@ -6,7 +6,6 @@ | |||
6 | #define _NF_CONNTRACK_EXPECT_H | 6 | #define _NF_CONNTRACK_EXPECT_H |
7 | #include <net/netfilter/nf_conntrack.h> | 7 | #include <net/netfilter/nf_conntrack.h> |
8 | 8 | ||
9 | extern struct hlist_head *nf_ct_expect_hash; | ||
10 | extern unsigned int nf_ct_expect_hsize; | 9 | extern unsigned int nf_ct_expect_hsize; |
11 | extern unsigned int nf_ct_expect_max; | 10 | extern unsigned int nf_ct_expect_max; |
12 | 11 | ||
@@ -56,6 +55,15 @@ struct nf_conntrack_expect | |||
56 | struct rcu_head rcu; | 55 | struct rcu_head rcu; |
57 | }; | 56 | }; |
58 | 57 | ||
58 | static inline struct net *nf_ct_exp_net(struct nf_conntrack_expect *exp) | ||
59 | { | ||
60 | #ifdef CONFIG_NET_NS | ||
61 | return exp->master->ct_net; /* by definition */ | ||
62 | #else | ||
63 | return &init_net; | ||
64 | #endif | ||
65 | } | ||
66 | |||
59 | struct nf_conntrack_expect_policy | 67 | struct nf_conntrack_expect_policy |
60 | { | 68 | { |
61 | unsigned int max_expected; | 69 | unsigned int max_expected; |
@@ -67,17 +75,17 @@ struct nf_conntrack_expect_policy | |||
67 | #define NF_CT_EXPECT_PERMANENT 0x1 | 75 | #define NF_CT_EXPECT_PERMANENT 0x1 |
68 | #define NF_CT_EXPECT_INACTIVE 0x2 | 76 | #define NF_CT_EXPECT_INACTIVE 0x2 |
69 | 77 | ||
70 | int nf_conntrack_expect_init(void); | 78 | int nf_conntrack_expect_init(struct net *net); |
71 | void nf_conntrack_expect_fini(void); | 79 | void nf_conntrack_expect_fini(struct net *net); |
72 | 80 | ||
73 | struct nf_conntrack_expect * | 81 | struct nf_conntrack_expect * |
74 | __nf_ct_expect_find(const struct nf_conntrack_tuple *tuple); | 82 | __nf_ct_expect_find(struct net *net, const struct nf_conntrack_tuple *tuple); |
75 | 83 | ||
76 | struct nf_conntrack_expect * | 84 | struct nf_conntrack_expect * |
77 | nf_ct_expect_find_get(const struct nf_conntrack_tuple *tuple); | 85 | nf_ct_expect_find_get(struct net *net, const struct nf_conntrack_tuple *tuple); |
78 | 86 | ||
79 | struct nf_conntrack_expect * | 87 | struct nf_conntrack_expect * |
80 | nf_ct_find_expectation(const struct nf_conntrack_tuple *tuple); | 88 | nf_ct_find_expectation(struct net *net, const struct nf_conntrack_tuple *tuple); |
81 | 89 | ||
82 | void nf_ct_unlink_expect(struct nf_conntrack_expect *exp); | 90 | void nf_ct_unlink_expect(struct nf_conntrack_expect *exp); |
83 | void nf_ct_remove_expectations(struct nf_conn *ct); | 91 | void nf_ct_remove_expectations(struct nf_conn *ct); |
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h index b767683f112b..e453a33f3e93 100644 --- a/include/net/netns/conntrack.h +++ b/include/net/netns/conntrack.h | |||
@@ -5,7 +5,10 @@ | |||
5 | 5 | ||
6 | struct netns_ct { | 6 | struct netns_ct { |
7 | atomic_t count; | 7 | atomic_t count; |
8 | unsigned int expect_count; | ||
8 | struct hlist_head *hash; | 9 | struct hlist_head *hash; |
10 | struct hlist_head *expect_hash; | ||
9 | int hash_vmalloc; | 11 | int hash_vmalloc; |
12 | int expect_vmalloc; | ||
10 | }; | 13 | }; |
11 | #endif | 14 | #endif |