diff options
| author | Florian Westphal <fw@strlen.de> | 2014-07-24 10:50:35 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2014-07-28 01:34:36 -0400 |
| commit | e3a57d18b06179d68fcf7a0a06ad844493c65e06 (patch) | |
| tree | 8a7dcc0a88235136f76a3deb8818c439abb8a944 /net/ipv6 | |
| parent | 3fd588eb90bfbba17091381006ecafe29c45db4a (diff) | |
inet: frag: remove periodic secret rebuild timer
merge functionality into the eviction workqueue.
Instead of rebuilding every n seconds, take advantage of the upper
hash chain length limit.
If we hit it, mark table for rebuild and schedule workqueue.
To prevent frequent rebuilds when we're completely overloaded,
don't rebuild more than once every 5 seconds.
ipfrag_secret_interval sysctl is now obsolete and has been marked as
deprecated, it still can be changed so scripts won't be broken but it
won't have any effect. A comment is left above each unused secret_timer
variable to avoid confusion.
Joint work with Nikolay Aleksandrov.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_reasm.c | 1 | ||||
| -rw-r--r-- | net/ipv6/reassembly.c | 5 |
2 files changed, 3 insertions, 3 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index fb0f72a0ff31..3b3ef9774cc2 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c | |||
| @@ -669,7 +669,6 @@ int nf_ct_frag6_init(void) | |||
| 669 | nf_frags.qsize = sizeof(struct frag_queue); | 669 | nf_frags.qsize = sizeof(struct frag_queue); |
| 670 | nf_frags.match = ip6_frag_match; | 670 | nf_frags.match = ip6_frag_match; |
| 671 | nf_frags.frag_expire = nf_ct_frag6_expire; | 671 | nf_frags.frag_expire = nf_ct_frag6_expire; |
| 672 | nf_frags.secret_interval = 10 * 60 * HZ; | ||
| 673 | inet_frags_init(&nf_frags); | 672 | inet_frags_init(&nf_frags); |
| 674 | 673 | ||
| 675 | ret = register_pernet_subsys(&nf_ct_net_ops); | 674 | ret = register_pernet_subsys(&nf_ct_net_ops); |
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index af85551682c2..987fea46b915 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c | |||
| @@ -604,10 +604,12 @@ static struct ctl_table ip6_frags_ns_ctl_table[] = { | |||
| 604 | { } | 604 | { } |
| 605 | }; | 605 | }; |
| 606 | 606 | ||
| 607 | /* secret interval has been deprecated */ | ||
| 608 | static int ip6_frags_secret_interval_unused; | ||
| 607 | static struct ctl_table ip6_frags_ctl_table[] = { | 609 | static struct ctl_table ip6_frags_ctl_table[] = { |
| 608 | { | 610 | { |
| 609 | .procname = "ip6frag_secret_interval", | 611 | .procname = "ip6frag_secret_interval", |
| 610 | .data = &ip6_frags.secret_interval, | 612 | .data = &ip6_frags_secret_interval_unused, |
| 611 | .maxlen = sizeof(int), | 613 | .maxlen = sizeof(int), |
| 612 | .mode = 0644, | 614 | .mode = 0644, |
| 613 | .proc_handler = proc_dointvec_jiffies, | 615 | .proc_handler = proc_dointvec_jiffies, |
| @@ -737,7 +739,6 @@ int __init ipv6_frag_init(void) | |||
| 737 | ip6_frags.qsize = sizeof(struct frag_queue); | 739 | ip6_frags.qsize = sizeof(struct frag_queue); |
| 738 | ip6_frags.match = ip6_frag_match; | 740 | ip6_frags.match = ip6_frag_match; |
| 739 | ip6_frags.frag_expire = ip6_frag_expire; | 741 | ip6_frags.frag_expire = ip6_frag_expire; |
| 740 | ip6_frags.secret_interval = 10 * 60 * HZ; | ||
| 741 | inet_frags_init(&ip6_frags); | 742 | inet_frags_init(&ip6_frags); |
| 742 | out: | 743 | out: |
| 743 | return ret; | 744 | return ret; |