netfilter: nf_ct_udp[lite]: convert UDP[lite] timeouts to array

Use one array to store the UDP timeouts instead of two variables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2012-02-27 20:23:28 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2012-03-07 11:41:13 -0500
commit: 5a41db94c60ac2a12b5a559de658a10d174b046d (patch)
tree: a990182cf5ae5ecb31a87e315c6b5cf5f8bbdd29 /net
parent: 3b988ece9b42452c59da5844942661cd782b2473 (diff)
2 files changed, 37 insertions, 18 deletions
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index 5f35757fbff0..5b24ff882f95 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -25,8 +25,16 @@
 #include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
 #include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
-static unsigned int nf_ct_udp_timeout __read_mostly = 30*HZ;
+enum udp_conntrack {
-static unsigned int nf_ct_udp_timeout_stream __read_mostly = 180*HZ;
+        UDP_CT_UNREPLIED,
+        UDP_CT_REPLIED,
+        UDP_CT_MAX
+};
+static unsigned int udp_timeouts[UDP_CT_MAX] = {
+        [UDP_CT_UNREPLIED]      = 30*HZ,
+        [UDP_CT_REPLIED]        = 180*HZ,
+};
 static bool udp_pkt_to_tuple(const struct sk_buff *skb,
                             unsigned int dataoff,
@@ -74,13 +82,15 @@ static int udp_packet(struct nf_conn *ct,
        /* If we've seen traffic both ways, this is some kind of UDP
           stream.  Extend timeout. */
        if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
-                nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udp_timeout_stream);
+                nf_ct_refresh_acct(ct, ctinfo, skb,
+                                   udp_timeouts[UDP_CT_REPLIED]);
                /* Also, more likely to be important, and not a probe */
                if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status))
                        nf_conntrack_event_cache(IPCT_ASSURED, ct);
-        } else
+        } else {
-                nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udp_timeout);
+                nf_ct_refresh_acct(ct, ctinfo, skb,
+                                   udp_timeouts[UDP_CT_UNREPLIED]);
+        }
        return NF_ACCEPT;
 }
@@ -142,14 +152,14 @@ static struct ctl_table_header *udp_sysctl_header;
 static struct ctl_table udp_sysctl_table[] = {
        {
                .procname       = "nf_conntrack_udp_timeout",
-                .data           = &nf_ct_udp_timeout,
+                .data           = &udp_timeouts[UDP_CT_UNREPLIED],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
        },
        {
                .procname       = "nf_conntrack_udp_timeout_stream",
-                .data           = &nf_ct_udp_timeout_stream,
+                .data           = &udp_timeouts[UDP_CT_REPLIED],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
@@ -160,14 +170,14 @@ static struct ctl_table udp_sysctl_table[] = {
 static struct ctl_table udp_compat_sysctl_table[] = {
        {
                .procname       = "ip_conntrack_udp_timeout",
-                .data           = &nf_ct_udp_timeout,
+                .data           = &udp_timeouts[UDP_CT_UNREPLIED],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
        },
        {
                .procname       = "ip_conntrack_udp_timeout_stream",
-                .data           = &nf_ct_udp_timeout_stream,
+                .data           = &udp_timeouts[UDP_CT_REPLIED],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
diff --git a/net/netfilter/nf_conntrack_proto_udplite.c b/net/netfilter/nf_conntrack_proto_udplite.c
index f52ca1181013..e73071743e01 100644
--- a/net/netfilter/nf_conntrack_proto_udplite.c
+++ b/net/netfilter/nf_conntrack_proto_udplite.c
@@ -24,8 +24,16 @@
 #include <net/netfilter/nf_conntrack_ecache.h>
 #include <net/netfilter/nf_log.h>
-static unsigned int nf_ct_udplite_timeout __read_mostly = 30*HZ;
+enum udplite_conntrack {
-static unsigned int nf_ct_udplite_timeout_stream __read_mostly = 180*HZ;
+        UDPLITE_CT_UNREPLIED,
+        UDPLITE_CT_REPLIED,
+        UDPLITE_CT_MAX
+};
+static unsigned int udplite_timeouts[UDPLITE_CT_MAX] = {
+        [UDPLITE_CT_UNREPLIED]  = 30*HZ,
+        [UDPLITE_CT_REPLIED]    = 180*HZ,
+};
 static bool udplite_pkt_to_tuple(const struct sk_buff *skb,
                                 unsigned int dataoff,
@@ -72,13 +80,14 @@ static int udplite_packet(struct nf_conn *ct,
           stream.  Extend timeout. */
        if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
                nf_ct_refresh_acct(ct, ctinfo, skb,
-                                   nf_ct_udplite_timeout_stream);
+                                   udplite_timeouts[UDPLITE_CT_REPLIED]);
                /* Also, more likely to be important, and not a probe */
                if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status))
                        nf_conntrack_event_cache(IPCT_ASSURED, ct);
-        } else
+        } else {
-                nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udplite_timeout);
+                nf_ct_refresh_acct(ct, ctinfo, skb,
+                                   udplite_timeouts[UDPLITE_CT_UNREPLIED]);
+        }
        return NF_ACCEPT;
 }
@@ -147,14 +156,14 @@ static struct ctl_table_header *udplite_sysctl_header;
 static struct ctl_table udplite_sysctl_table[] = {
        {
                .procname       = "nf_conntrack_udplite_timeout",
-                .data           = &nf_ct_udplite_timeout,
+                .data           = &udplite_timeouts[UDPLITE_CT_UNREPLIED],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
        },
        {
                .procname       = "nf_conntrack_udplite_timeout_stream",
-                .data           = &nf_ct_udplite_timeout_stream,
+                .data           = &udplite_timeouts[UDPLITE_CT_REPLIED],
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
author	Pablo Neira Ayuso <pablo@netfilter.org>	2012-02-27 20:23:28 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2012-03-07 11:41:13 -0500
commit	5a41db94c60ac2a12b5a559de658a10d174b046d (patch)
tree	a990182cf5ae5ecb31a87e315c6b5cf5f8bbdd29 /net
parent	3b988ece9b42452c59da5844942661cd782b2473 (diff)

diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c index 5f35757fbff0..5b24ff882f95 100644 --- a/net/netfilter/nf_conntrack_proto_udp.c +++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -25,8 +25,16 @@
25	#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>	25	#include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
26	#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>	26	#include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
27		27
28	static unsigned int nf_ct_udp_timeout __read_mostly = 30*HZ;	28	enum udp_conntrack {
29	static unsigned int nf_ct_udp_timeout_stream __read_mostly = 180*HZ;	29	UDP_CT_UNREPLIED,
		30	UDP_CT_REPLIED,
		31	UDP_CT_MAX
		32	};
		33
		34	static unsigned int udp_timeouts[UDP_CT_MAX] = {
		35	[UDP_CT_UNREPLIED] = 30*HZ,
		36	[UDP_CT_REPLIED] = 180*HZ,
		37	};
30		38
31	static bool udp_pkt_to_tuple(const struct sk_buff *skb,	39	static bool udp_pkt_to_tuple(const struct sk_buff *skb,
32	unsigned int dataoff,	40	unsigned int dataoff,
@@ -74,13 +82,15 @@ static int udp_packet(struct nf_conn *ct,
74	/* If we've seen traffic both ways, this is some kind of UDP	82	/* If we've seen traffic both ways, this is some kind of UDP
75	stream. Extend timeout. */	83	stream. Extend timeout. */
76	if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {	84	if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
77	nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udp_timeout_stream);	85	nf_ct_refresh_acct(ct, ctinfo, skb,
		86	udp_timeouts[UDP_CT_REPLIED]);
78	/* Also, more likely to be important, and not a probe */	87	/* Also, more likely to be important, and not a probe */
79	if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status))	88	if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status))
80	nf_conntrack_event_cache(IPCT_ASSURED, ct);	89	nf_conntrack_event_cache(IPCT_ASSURED, ct);
81	} else	90	} else {
82	nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udp_timeout);	91	nf_ct_refresh_acct(ct, ctinfo, skb,
83		92	udp_timeouts[UDP_CT_UNREPLIED]);
		93	}
84	return NF_ACCEPT;	94	return NF_ACCEPT;
85	}	95	}
86		96
@@ -142,14 +152,14 @@ static struct ctl_table_header *udp_sysctl_header;
142	static struct ctl_table udp_sysctl_table[] = {	152	static struct ctl_table udp_sysctl_table[] = {
143	{	153	{
144	.procname = "nf_conntrack_udp_timeout",	154	.procname = "nf_conntrack_udp_timeout",
145	.data = &nf_ct_udp_timeout,	155	.data = &udp_timeouts[UDP_CT_UNREPLIED],
146	.maxlen = sizeof(unsigned int),	156	.maxlen = sizeof(unsigned int),
147	.mode = 0644,	157	.mode = 0644,
148	.proc_handler = proc_dointvec_jiffies,	158	.proc_handler = proc_dointvec_jiffies,
149	},	159	},
150	{	160	{
151	.procname = "nf_conntrack_udp_timeout_stream",	161	.procname = "nf_conntrack_udp_timeout_stream",
152	.data = &nf_ct_udp_timeout_stream,	162	.data = &udp_timeouts[UDP_CT_REPLIED],
153	.maxlen = sizeof(unsigned int),	163	.maxlen = sizeof(unsigned int),
154	.mode = 0644,	164	.mode = 0644,
155	.proc_handler = proc_dointvec_jiffies,	165	.proc_handler = proc_dointvec_jiffies,
@@ -160,14 +170,14 @@ static struct ctl_table udp_sysctl_table[] = {
160	static struct ctl_table udp_compat_sysctl_table[] = {	170	static struct ctl_table udp_compat_sysctl_table[] = {
161	{	171	{
162	.procname = "ip_conntrack_udp_timeout",	172	.procname = "ip_conntrack_udp_timeout",
163	.data = &nf_ct_udp_timeout,	173	.data = &udp_timeouts[UDP_CT_UNREPLIED],
164	.maxlen = sizeof(unsigned int),	174	.maxlen = sizeof(unsigned int),
165	.mode = 0644,	175	.mode = 0644,
166	.proc_handler = proc_dointvec_jiffies,	176	.proc_handler = proc_dointvec_jiffies,
167	},	177	},
168	{	178	{
169	.procname = "ip_conntrack_udp_timeout_stream",	179	.procname = "ip_conntrack_udp_timeout_stream",
170	.data = &nf_ct_udp_timeout_stream,	180	.data = &udp_timeouts[UDP_CT_REPLIED],
171	.maxlen = sizeof(unsigned int),	181	.maxlen = sizeof(unsigned int),
172	.mode = 0644,	182	.mode = 0644,
173	.proc_handler = proc_dointvec_jiffies,	183	.proc_handler = proc_dointvec_jiffies,


diff --git a/net/netfilter/nf_conntrack_proto_udplite.c b/net/netfilter/nf_conntrack_proto_udplite.c index f52ca1181013..e73071743e01 100644 --- a/net/netfilter/nf_conntrack_proto_udplite.c +++ b/net/netfilter/nf_conntrack_proto_udplite.c
@@ -24,8 +24,16 @@
24	#include <net/netfilter/nf_conntrack_ecache.h>	24	#include <net/netfilter/nf_conntrack_ecache.h>
25	#include <net/netfilter/nf_log.h>	25	#include <net/netfilter/nf_log.h>
26		26
27	static unsigned int nf_ct_udplite_timeout __read_mostly = 30*HZ;	27	enum udplite_conntrack {
28	static unsigned int nf_ct_udplite_timeout_stream __read_mostly = 180*HZ;	28	UDPLITE_CT_UNREPLIED,
		29	UDPLITE_CT_REPLIED,
		30	UDPLITE_CT_MAX
		31	};
		32
		33	static unsigned int udplite_timeouts[UDPLITE_CT_MAX] = {
		34	[UDPLITE_CT_UNREPLIED] = 30*HZ,
		35	[UDPLITE_CT_REPLIED] = 180*HZ,
		36	};
29		37
30	static bool udplite_pkt_to_tuple(const struct sk_buff *skb,	38	static bool udplite_pkt_to_tuple(const struct sk_buff *skb,
31	unsigned int dataoff,	39	unsigned int dataoff,
@@ -72,13 +80,14 @@ static int udplite_packet(struct nf_conn *ct,
72	stream. Extend timeout. */	80	stream. Extend timeout. */
73	if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {	81	if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
74	nf_ct_refresh_acct(ct, ctinfo, skb,	82	nf_ct_refresh_acct(ct, ctinfo, skb,
75	nf_ct_udplite_timeout_stream);	83	udplite_timeouts[UDPLITE_CT_REPLIED]);
76	/* Also, more likely to be important, and not a probe */	84	/* Also, more likely to be important, and not a probe */
77	if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status))	85	if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status))
78	nf_conntrack_event_cache(IPCT_ASSURED, ct);	86	nf_conntrack_event_cache(IPCT_ASSURED, ct);
79	} else	87	} else {
80	nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udplite_timeout);	88	nf_ct_refresh_acct(ct, ctinfo, skb,
81		89	udplite_timeouts[UDPLITE_CT_UNREPLIED]);
		90	}
82	return NF_ACCEPT;	91	return NF_ACCEPT;
83	}	92	}
84		93
@@ -147,14 +156,14 @@ static struct ctl_table_header *udplite_sysctl_header;
147	static struct ctl_table udplite_sysctl_table[] = {	156	static struct ctl_table udplite_sysctl_table[] = {
148	{	157	{
149	.procname = "nf_conntrack_udplite_timeout",	158	.procname = "nf_conntrack_udplite_timeout",
150	.data = &nf_ct_udplite_timeout,	159	.data = &udplite_timeouts[UDPLITE_CT_UNREPLIED],
151	.maxlen = sizeof(unsigned int),	160	.maxlen = sizeof(unsigned int),
152	.mode = 0644,	161	.mode = 0644,
153	.proc_handler = proc_dointvec_jiffies,	162	.proc_handler = proc_dointvec_jiffies,
154	},	163	},
155	{	164	{
156	.procname = "nf_conntrack_udplite_timeout_stream",	165	.procname = "nf_conntrack_udplite_timeout_stream",
157	.data = &nf_ct_udplite_timeout_stream,	166	.data = &udplite_timeouts[UDPLITE_CT_REPLIED],
158	.maxlen = sizeof(unsigned int),	167	.maxlen = sizeof(unsigned int),
159	.mode = 0644,	168	.mode = 0644,
160	.proc_handler = proc_dointvec_jiffies,	169	.proc_handler = proc_dointvec_jiffies,