diff options
| author | Pavel Emelyanov <xemul@openvz.org> | 2008-01-22 09:10:13 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-28 18:10:38 -0500 |
| commit | e31e0bdc7e7fb9a4b09d2f3266c035a18fdcee9d (patch) | |
| tree | 30e25f733781cf80aa9fef0d58ff3476424cb9b3 /net/ipv6 | |
| parent | b2fd5321dd160ef309dfb6cfc78ed8de4a830659 (diff) | |
[NETNS][FRAGS]: Make thresholds work in namespaces.
This is the same as with the timeout variable.
Currently, after exceeding the high threshold _all_
the fragments are evicted, but it will be fixed in
later patch.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_reasm.c | 12 | ||||
| -rw-r--r-- | net/ipv6/reassembly.c | 15 |
2 files changed, 13 insertions, 14 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 92a311ff79c7..c75ac17e3945 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c | |||
| @@ -71,8 +71,6 @@ struct nf_ct_frag6_queue | |||
| 71 | }; | 71 | }; |
| 72 | 72 | ||
| 73 | static struct inet_frags_ctl nf_frags_ctl __read_mostly = { | 73 | static struct inet_frags_ctl nf_frags_ctl __read_mostly = { |
| 74 | .high_thresh = 256 * 1024, | ||
| 75 | .low_thresh = 192 * 1024, | ||
| 76 | .secret_interval = 10 * 60 * HZ, | 74 | .secret_interval = 10 * 60 * HZ, |
| 77 | }; | 75 | }; |
| 78 | 76 | ||
| @@ -91,7 +89,7 @@ struct ctl_table nf_ct_ipv6_sysctl_table[] = { | |||
| 91 | { | 89 | { |
| 92 | .ctl_name = NET_NF_CONNTRACK_FRAG6_LOW_THRESH, | 90 | .ctl_name = NET_NF_CONNTRACK_FRAG6_LOW_THRESH, |
| 93 | .procname = "nf_conntrack_frag6_low_thresh", | 91 | .procname = "nf_conntrack_frag6_low_thresh", |
| 94 | .data = &nf_frags_ctl.low_thresh, | 92 | .data = &nf_init_frags.low_thresh, |
| 95 | .maxlen = sizeof(unsigned int), | 93 | .maxlen = sizeof(unsigned int), |
| 96 | .mode = 0644, | 94 | .mode = 0644, |
| 97 | .proc_handler = &proc_dointvec, | 95 | .proc_handler = &proc_dointvec, |
| @@ -99,7 +97,7 @@ struct ctl_table nf_ct_ipv6_sysctl_table[] = { | |||
| 99 | { | 97 | { |
| 100 | .ctl_name = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH, | 98 | .ctl_name = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH, |
| 101 | .procname = "nf_conntrack_frag6_high_thresh", | 99 | .procname = "nf_conntrack_frag6_high_thresh", |
| 102 | .data = &nf_frags_ctl.high_thresh, | 100 | .data = &nf_init_frags.high_thresh, |
| 103 | .maxlen = sizeof(unsigned int), | 101 | .maxlen = sizeof(unsigned int), |
| 104 | .mode = 0644, | 102 | .mode = 0644, |
| 105 | .proc_handler = &proc_dointvec, | 103 | .proc_handler = &proc_dointvec, |
| @@ -632,7 +630,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb) | |||
| 632 | goto ret_orig; | 630 | goto ret_orig; |
| 633 | } | 631 | } |
| 634 | 632 | ||
| 635 | if (atomic_read(&nf_init_frags.mem) > nf_frags_ctl.high_thresh) | 633 | if (atomic_read(&nf_init_frags.mem) > nf_init_frags.high_thresh) |
| 636 | nf_ct_frag6_evictor(); | 634 | nf_ct_frag6_evictor(); |
| 637 | 635 | ||
| 638 | fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr); | 636 | fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr); |
| @@ -712,6 +710,8 @@ int nf_ct_frag6_init(void) | |||
| 712 | nf_frags.match = ip6_frag_match; | 710 | nf_frags.match = ip6_frag_match; |
| 713 | nf_frags.frag_expire = nf_ct_frag6_expire; | 711 | nf_frags.frag_expire = nf_ct_frag6_expire; |
| 714 | nf_init_frags.timeout = IPV6_FRAG_TIMEOUT; | 712 | nf_init_frags.timeout = IPV6_FRAG_TIMEOUT; |
| 713 | nf_init_frags.high_thresh = 256 * 1024; | ||
| 714 | nf_init_frags.low_thresh = 192 * 1024; | ||
| 715 | inet_frags_init_net(&nf_init_frags); | 715 | inet_frags_init_net(&nf_init_frags); |
| 716 | inet_frags_init(&nf_frags); | 716 | inet_frags_init(&nf_frags); |
| 717 | 717 | ||
| @@ -722,6 +722,6 @@ void nf_ct_frag6_cleanup(void) | |||
| 722 | { | 722 | { |
| 723 | inet_frags_fini(&nf_frags); | 723 | inet_frags_fini(&nf_frags); |
| 724 | 724 | ||
| 725 | nf_frags_ctl.low_thresh = 0; | 725 | nf_init_frags.low_thresh = 0; |
| 726 | nf_ct_frag6_evictor(); | 726 | nf_ct_frag6_evictor(); |
| 727 | } | 727 | } |
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index 91761365b181..85f3fa382230 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c | |||
| @@ -601,8 +601,7 @@ static int ipv6_frag_rcv(struct sk_buff *skb) | |||
| 601 | } | 601 | } |
| 602 | 602 | ||
| 603 | net = skb->dev->nd_net; | 603 | net = skb->dev->nd_net; |
| 604 | if (atomic_read(&net->ipv6.frags.mem) > | 604 | if (atomic_read(&net->ipv6.frags.mem) > net->ipv6.frags.high_thresh) |
| 605 | init_net.ipv6.sysctl.frags.high_thresh) | ||
| 606 | ip6_evictor(net, ip6_dst_idev(skb->dst)); | 605 | ip6_evictor(net, ip6_dst_idev(skb->dst)); |
| 607 | 606 | ||
| 608 | if ((fq = fq_find(net, fhdr->identification, &hdr->saddr, &hdr->daddr, | 607 | if ((fq = fq_find(net, fhdr->identification, &hdr->saddr, &hdr->daddr, |
| @@ -634,7 +633,7 @@ static struct ctl_table ip6_frags_ctl_table[] = { | |||
| 634 | { | 633 | { |
| 635 | .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH, | 634 | .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH, |
| 636 | .procname = "ip6frag_high_thresh", | 635 | .procname = "ip6frag_high_thresh", |
| 637 | .data = &init_net.ipv6.sysctl.frags.high_thresh, | 636 | .data = &init_net.ipv6.frags.high_thresh, |
| 638 | .maxlen = sizeof(int), | 637 | .maxlen = sizeof(int), |
| 639 | .mode = 0644, | 638 | .mode = 0644, |
| 640 | .proc_handler = &proc_dointvec | 639 | .proc_handler = &proc_dointvec |
| @@ -642,7 +641,7 @@ static struct ctl_table ip6_frags_ctl_table[] = { | |||
| 642 | { | 641 | { |
| 643 | .ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH, | 642 | .ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH, |
| 644 | .procname = "ip6frag_low_thresh", | 643 | .procname = "ip6frag_low_thresh", |
| 645 | .data = &init_net.ipv6.sysctl.frags.low_thresh, | 644 | .data = &init_net.ipv6.frags.low_thresh, |
| 646 | .maxlen = sizeof(int), | 645 | .maxlen = sizeof(int), |
| 647 | .mode = 0644, | 646 | .mode = 0644, |
| 648 | .proc_handler = &proc_dointvec | 647 | .proc_handler = &proc_dointvec |
| @@ -679,8 +678,8 @@ static int ip6_frags_sysctl_register(struct net *net) | |||
| 679 | if (table == NULL) | 678 | if (table == NULL) |
| 680 | goto err_alloc; | 679 | goto err_alloc; |
| 681 | 680 | ||
| 682 | table[0].mode &= ~0222; | 681 | table[0].data = &net->ipv6.frags.high_thresh; |
| 683 | table[1].mode &= ~0222; | 682 | table[1].data = &net->ipv6.frags.low_thresh; |
| 684 | table[2].data = &net->ipv6.frags.timeout; | 683 | table[2].data = &net->ipv6.frags.timeout; |
| 685 | table[3].mode &= ~0222; | 684 | table[3].mode &= ~0222; |
| 686 | } | 685 | } |
| @@ -722,8 +721,8 @@ static int ipv6_frags_init_net(struct net *net) | |||
| 722 | { | 721 | { |
| 723 | ip6_frags.ctl = &net->ipv6.sysctl.frags; | 722 | ip6_frags.ctl = &net->ipv6.sysctl.frags; |
| 724 | 723 | ||
| 725 | net->ipv6.sysctl.frags.high_thresh = 256 * 1024; | 724 | net->ipv6.frags.high_thresh = 256 * 1024; |
| 726 | net->ipv6.sysctl.frags.low_thresh = 192 * 1024; | 725 | net->ipv6.frags.low_thresh = 192 * 1024; |
| 727 | net->ipv6.frags.timeout = IPV6_FRAG_TIMEOUT; | 726 | net->ipv6.frags.timeout = IPV6_FRAG_TIMEOUT; |
| 728 | net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ; | 727 | net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ; |
| 729 | 728 | ||