diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-08 05:35:03 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:03 -0400 |
| commit | 9b03f38d0487f3908696242286d934c9b38f9d2a (patch) | |
| tree | 8f45ef997e2badfe7c534b6991f3a4816905e4d3 /net/ipv4 | |
| parent | b21f89019399ff75d9c239010e38b840eb6e01e7 (diff) | |
netfilter: netns nf_conntrack: per-netns expectations
Make per-netns a) expectation hash and b) expectations count.
Expectations always belongs to netns to which it's master conntrack belong.
This is natural and doesn't bloat expectation.
Proc files and leaf users are stubbed to init_net, this is temporary.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | 6 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_pptp.c | 2 |
2 files changed, 5 insertions, 3 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c index 8e0afdc2b134..f8636a57e8cc 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | |||
| @@ -177,11 +177,12 @@ struct ct_expect_iter_state { | |||
| 177 | 177 | ||
| 178 | static struct hlist_node *ct_expect_get_first(struct seq_file *seq) | 178 | static struct hlist_node *ct_expect_get_first(struct seq_file *seq) |
| 179 | { | 179 | { |
| 180 | struct net *net = &init_net; | ||
| 180 | struct ct_expect_iter_state *st = seq->private; | 181 | struct ct_expect_iter_state *st = seq->private; |
| 181 | struct hlist_node *n; | 182 | struct hlist_node *n; |
| 182 | 183 | ||
| 183 | for (st->bucket = 0; st->bucket < nf_ct_expect_hsize; st->bucket++) { | 184 | for (st->bucket = 0; st->bucket < nf_ct_expect_hsize; st->bucket++) { |
| 184 | n = rcu_dereference(nf_ct_expect_hash[st->bucket].first); | 185 | n = rcu_dereference(net->ct.expect_hash[st->bucket].first); |
| 185 | if (n) | 186 | if (n) |
| 186 | return n; | 187 | return n; |
| 187 | } | 188 | } |
| @@ -191,13 +192,14 @@ static struct hlist_node *ct_expect_get_first(struct seq_file *seq) | |||
| 191 | static struct hlist_node *ct_expect_get_next(struct seq_file *seq, | 192 | static struct hlist_node *ct_expect_get_next(struct seq_file *seq, |
| 192 | struct hlist_node *head) | 193 | struct hlist_node *head) |
| 193 | { | 194 | { |
| 195 | struct net *net = &init_net; | ||
| 194 | struct ct_expect_iter_state *st = seq->private; | 196 | struct ct_expect_iter_state *st = seq->private; |
| 195 | 197 | ||
| 196 | head = rcu_dereference(head->next); | 198 | head = rcu_dereference(head->next); |
| 197 | while (head == NULL) { | 199 | while (head == NULL) { |
| 198 | if (++st->bucket >= nf_ct_expect_hsize) | 200 | if (++st->bucket >= nf_ct_expect_hsize) |
| 199 | return NULL; | 201 | return NULL; |
| 200 | head = rcu_dereference(nf_ct_expect_hash[st->bucket].first); | 202 | head = rcu_dereference(net->ct.expect_hash[st->bucket].first); |
| 201 | } | 203 | } |
| 202 | return head; | 204 | return head; |
| 203 | } | 205 | } |
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c index da3d91a5ef5c..e4bdddc60343 100644 --- a/net/ipv4/netfilter/nf_nat_pptp.c +++ b/net/ipv4/netfilter/nf_nat_pptp.c | |||
| @@ -73,7 +73,7 @@ static void pptp_nat_expected(struct nf_conn *ct, | |||
| 73 | 73 | ||
| 74 | pr_debug("trying to unexpect other dir: "); | 74 | pr_debug("trying to unexpect other dir: "); |
| 75 | nf_ct_dump_tuple_ip(&t); | 75 | nf_ct_dump_tuple_ip(&t); |
| 76 | other_exp = nf_ct_expect_find_get(&t); | 76 | other_exp = nf_ct_expect_find_get(&init_net, &t); |
| 77 | if (other_exp) { | 77 | if (other_exp) { |
| 78 | nf_ct_unexpect_related(other_exp); | 78 | nf_ct_unexpect_related(other_exp); |
| 79 | nf_ct_expect_put(other_exp); | 79 | nf_ct_expect_put(other_exp); |