netfilter: netns nf_conntrack: per-netns conntrack hash

* make per-netns conntrack hash Other solution is to add ->ct_net pointer to tuplehashes and still has one hash, I tried that it's ugly and requires more code deep down in protocol modules et al. * propagate netns pointer to where needed, e. g. to conntrack iterators. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Alexey Dobriyan <adobriyan@gmail.com> 2008-10-08 05:35:03 -0400
committer: Patrick McHardy <kaber@trash.net> 2008-10-08 05:35:03 -0400
commit: 400dad39d1c33fe797e47326d87a3f54d0ac5181 (patch)
tree: f3bb7c9f75bd24161c2dd745f1b475f5a6165cae /include/net
parent: 49ac8713b6d064adf7474080fdccebd7cce76be0 (diff)
3 files changed, 6 insertions, 5 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 5999c5313d0b..f5447f143047 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -195,11 +195,11 @@ extern void nf_ct_free_hashtable(struct hlist_head *hash, int vmalloced,
                                 unsigned int size);
 extern struct nf_conntrack_tuple_hash *
-__nf_conntrack_find(const struct nf_conntrack_tuple *tuple);
+__nf_conntrack_find(struct net *net, const struct nf_conntrack_tuple *tuple);
 extern void nf_conntrack_hash_insert(struct nf_conn *ct);
-extern void nf_conntrack_flush(void);
+extern void nf_conntrack_flush(struct net *net);
 extern bool nf_ct_get_tuplepr(const struct sk_buff *skb,
                              unsigned int nhoff, u_int16_t l3num,
@@ -261,7 +261,7 @@ extern struct nf_conn nf_conntrack_untracked;
 /* Iterate over all conntracks: if iter returns true, it's deleted. */
 extern void
-nf_ct_iterate_cleanup(int (*iter)(struct nf_conn *i, void *data), void *data);
+nf_ct_iterate_cleanup(struct net *net, int (*iter)(struct nf_conn *i, void *data), void *data);
 extern void nf_conntrack_free(struct nf_conn *ct);
 extern struct nf_conn *
 nf_conntrack_alloc(struct net *net,
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index 532aa200cbc9..1c373564396a 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -48,7 +48,7 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,
 /* Find a connection corresponding to a tuple. */
 extern struct nf_conntrack_tuple_hash *
-nf_conntrack_find_get(const struct nf_conntrack_tuple *tuple);
+nf_conntrack_find_get(struct net *net, const struct nf_conntrack_tuple *tuple);
 extern int __nf_conntrack_confirm(struct sk_buff *skb);
@@ -71,7 +71,6 @@ print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple,
            const struct nf_conntrack_l3proto *l3proto,
            const struct nf_conntrack_l4proto *proto);
-extern struct hlist_head *nf_conntrack_hash;
 extern spinlock_t nf_conntrack_lock ;
 extern struct hlist_head unconfirmed;
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
index edf84714d7c7..b767683f112b 100644
--- a/include/net/netns/conntrack.h
+++ b/include/net/netns/conntrack.h
@@ -5,5 +5,7 @@
 struct netns_ct {
        atomic_t                count;
+        struct hlist_head       *hash;
+        int                     hash_vmalloc;
 };
 #endif
author	Alexey Dobriyan <adobriyan@gmail.com>	2008-10-08 05:35:03 -0400
committer	Patrick McHardy <kaber@trash.net>	2008-10-08 05:35:03 -0400
commit	400dad39d1c33fe797e47326d87a3f54d0ac5181 (patch)
tree	f3bb7c9f75bd24161c2dd745f1b475f5a6165cae /include/net
parent	49ac8713b6d064adf7474080fdccebd7cce76be0 (diff)