diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-08 05:35:03 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:03 -0400 |
| commit | 400dad39d1c33fe797e47326d87a3f54d0ac5181 (patch) | |
| tree | f3bb7c9f75bd24161c2dd745f1b475f5a6165cae /net/ipv4 | |
| parent | 49ac8713b6d064adf7474080fdccebd7cce76be0 (diff) | |
netfilter: netns nf_conntrack: per-netns conntrack hash
* make per-netns conntrack hash
Other solution is to add ->ct_net pointer to tuplehashes and still has one
hash, I tried that it's ugly and requires more code deep down in protocol
modules et al.
* propagate netns pointer to where needed, e. g. to conntrack iterators.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/ipt_MASQUERADE.c | 3 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | 4 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_core.c | 2 |
5 files changed, 7 insertions, 6 deletions
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c index 9a4822f8243f..5e1c81791e5a 100644 --- a/net/ipv4/netfilter/ipt_MASQUERADE.c +++ b/net/ipv4/netfilter/ipt_MASQUERADE.c | |||
| @@ -129,7 +129,8 @@ static int masq_device_event(struct notifier_block *this, | |||
| 129 | and forget them. */ | 129 | and forget them. */ |
| 130 | NF_CT_ASSERT(dev->ifindex != 0); | 130 | NF_CT_ASSERT(dev->ifindex != 0); |
| 131 | 131 | ||
| 132 | nf_ct_iterate_cleanup(device_cmp, (void *)(long)dev->ifindex); | 132 | nf_ct_iterate_cleanup(&init_net, device_cmp, |
| 133 | (void *)(long)dev->ifindex); | ||
| 133 | } | 134 | } |
| 134 | 135 | ||
| 135 | return NOTIFY_DONE; | 136 | return NOTIFY_DONE; |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 31abee3e29f9..03dd108015c2 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
| @@ -323,7 +323,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len) | |||
| 323 | return -EINVAL; | 323 | return -EINVAL; |
| 324 | } | 324 | } |
| 325 | 325 | ||
| 326 | h = nf_conntrack_find_get(&tuple); | 326 | h = nf_conntrack_find_get(sock_net(sk), &tuple); |
| 327 | if (h) { | 327 | if (h) { |
| 328 | struct sockaddr_in sin; | 328 | struct sockaddr_in sin; |
| 329 | struct nf_conn *ct = nf_ct_tuplehash_to_ctrack(h); | 329 | struct nf_conn *ct = nf_ct_tuplehash_to_ctrack(h); |
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c index 4556805027f7..8e0afdc2b134 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | |||
| @@ -32,7 +32,7 @@ static struct hlist_node *ct_get_first(struct seq_file *seq) | |||
| 32 | for (st->bucket = 0; | 32 | for (st->bucket = 0; |
| 33 | st->bucket < nf_conntrack_htable_size; | 33 | st->bucket < nf_conntrack_htable_size; |
| 34 | st->bucket++) { | 34 | st->bucket++) { |
| 35 | n = rcu_dereference(nf_conntrack_hash[st->bucket].first); | 35 | n = rcu_dereference(init_net.ct.hash[st->bucket].first); |
| 36 | if (n) | 36 | if (n) |
| 37 | return n; | 37 | return n; |
| 38 | } | 38 | } |
| @@ -48,7 +48,7 @@ static struct hlist_node *ct_get_next(struct seq_file *seq, | |||
| 48 | while (head == NULL) { | 48 | while (head == NULL) { |
| 49 | if (++st->bucket >= nf_conntrack_htable_size) | 49 | if (++st->bucket >= nf_conntrack_htable_size) |
| 50 | return NULL; | 50 | return NULL; |
| 51 | head = rcu_dereference(nf_conntrack_hash[st->bucket].first); | 51 | head = rcu_dereference(init_net.ct.hash[st->bucket].first); |
| 52 | } | 52 | } |
| 53 | return head; | 53 | return head; |
| 54 | } | 54 | } |
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index da8edcdaef32..daf346377b66 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c | |||
| @@ -155,7 +155,7 @@ icmp_error_message(struct sk_buff *skb, | |||
| 155 | 155 | ||
| 156 | *ctinfo = IP_CT_RELATED; | 156 | *ctinfo = IP_CT_RELATED; |
| 157 | 157 | ||
| 158 | h = nf_conntrack_find_get(&innertuple); | 158 | h = nf_conntrack_find_get(&init_net, &innertuple); |
| 159 | if (!h) { | 159 | if (!h) { |
| 160 | pr_debug("icmp_error_message: no match\n"); | 160 | pr_debug("icmp_error_message: no match\n"); |
| 161 | return -NF_ACCEPT; | 161 | return -NF_ACCEPT; |
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 6c6a3cba8d50..5d4a5b70da2b 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c | |||
| @@ -643,7 +643,7 @@ static int clean_nat(struct nf_conn *i, void *data) | |||
| 643 | 643 | ||
| 644 | static void __exit nf_nat_cleanup(void) | 644 | static void __exit nf_nat_cleanup(void) |
| 645 | { | 645 | { |
| 646 | nf_ct_iterate_cleanup(&clean_nat, NULL); | 646 | nf_ct_iterate_cleanup(&init_net, &clean_nat, NULL); |
| 647 | synchronize_rcu(); | 647 | synchronize_rcu(); |
| 648 | nf_ct_free_hashtable(bysource, nf_nat_vmalloced, nf_nat_htable_size); | 648 | nf_ct_free_hashtable(bysource, nf_nat_vmalloced, nf_nat_htable_size); |
| 649 | nf_ct_l3proto_put(l3proto); | 649 | nf_ct_l3proto_put(l3proto); |