aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/net/inet_frag.h4
-rw-r--r--net/ipv4/inet_fragment.c2
-rw-r--r--net/ipv4/ip_fragment.c20
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c4
-rw-r--r--net/ipv6/reassembly.c6
5 files changed, 19 insertions, 17 deletions
diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h
index 6edce7b2ff13..f56e296e6227 100644
--- a/include/net/inet_frag.h
+++ b/include/net/inet_frag.h
@@ -4,6 +4,9 @@
4struct netns_frags { 4struct netns_frags {
5 int nqueues; 5 int nqueues;
6 atomic_t mem; 6 atomic_t mem;
7
8 /* sysctls */
9 int timeout;
7}; 10};
8 11
9struct inet_frag_queue { 12struct inet_frag_queue {
@@ -29,7 +32,6 @@ struct inet_frag_queue {
29struct inet_frags_ctl { 32struct inet_frags_ctl {
30 int high_thresh; 33 int high_thresh;
31 int low_thresh; 34 int low_thresh;
32 int timeout;
33 int secret_interval; 35 int secret_interval;
34}; 36};
35 37
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
index ad79ae0c0264..9da96792fffb 100644
--- a/net/ipv4/inet_fragment.c
+++ b/net/ipv4/inet_fragment.c
@@ -206,7 +206,7 @@ static struct inet_frag_queue *inet_frag_intern(struct netns_frags *nf,
206 } 206 }
207#endif 207#endif
208 qp = qp_in; 208 qp = qp_in;
209 if (!mod_timer(&qp->timer, jiffies + f->ctl->timeout)) 209 if (!mod_timer(&qp->timer, jiffies + nf->timeout))
210 atomic_inc(&qp->refcnt); 210 atomic_inc(&qp->refcnt);
211 211
212 atomic_inc(&qp->refcnt); 212 atomic_inc(&qp->refcnt);
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index c51e1a11dc6b..70d241c8d2a8 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -83,13 +83,6 @@ static struct inet_frags_ctl ip4_frags_ctl __read_mostly = {
83 */ 83 */
84 .high_thresh = 256 * 1024, 84 .high_thresh = 256 * 1024,
85 .low_thresh = 192 * 1024, 85 .low_thresh = 192 * 1024,
86
87 /*
88 * Important NOTE! Fragment queue must be destroyed before MSL expires.
89 * RFC791 is wrong proposing to prolongate timer each fragment arrival
90 * by TTL.
91 */
92 .timeout = IP_FRAG_TIME,
93 .secret_interval = 10 * 60 * HZ, 86 .secret_interval = 10 * 60 * HZ,
94}; 87};
95 88
@@ -287,7 +280,7 @@ static int ip_frag_reinit(struct ipq *qp)
287{ 280{
288 struct sk_buff *fp; 281 struct sk_buff *fp;
289 282
290 if (!mod_timer(&qp->q.timer, jiffies + ip4_frags_ctl.timeout)) { 283 if (!mod_timer(&qp->q.timer, jiffies + qp->q.net->timeout)) {
291 atomic_inc(&qp->q.refcnt); 284 atomic_inc(&qp->q.refcnt);
292 return -ETIMEDOUT; 285 return -ETIMEDOUT;
293 } 286 }
@@ -633,7 +626,7 @@ static struct ctl_table ip4_frags_ctl_table[] = {
633 { 626 {
634 .ctl_name = NET_IPV4_IPFRAG_TIME, 627 .ctl_name = NET_IPV4_IPFRAG_TIME,
635 .procname = "ipfrag_time", 628 .procname = "ipfrag_time",
636 .data = &ip4_frags_ctl.timeout, 629 .data = &init_net.ipv4.frags.timeout,
637 .maxlen = sizeof(int), 630 .maxlen = sizeof(int),
638 .mode = 0644, 631 .mode = 0644,
639 .proc_handler = &proc_dointvec_jiffies, 632 .proc_handler = &proc_dointvec_jiffies,
@@ -672,7 +665,7 @@ static int ip4_frags_ctl_register(struct net *net)
672 665
673 table[0].mode &= ~0222; 666 table[0].mode &= ~0222;
674 table[1].mode &= ~0222; 667 table[1].mode &= ~0222;
675 table[2].mode &= ~0222; 668 table[2].data = &net->ipv4.frags.timeout;
676 table[3].mode &= ~0222; 669 table[3].mode &= ~0222;
677 table[4].mode &= ~0222; 670 table[4].mode &= ~0222;
678 } 671 }
@@ -712,6 +705,13 @@ static inline void ip4_frags_ctl_unregister(struct net *net)
712 705
713static int ipv4_frags_init_net(struct net *net) 706static int ipv4_frags_init_net(struct net *net)
714{ 707{
708 /*
709 * Important NOTE! Fragment queue must be destroyed before MSL expires.
710 * RFC791 is wrong proposing to prolongate timer each fragment arrival
711 * by TTL.
712 */
713 net->ipv4.frags.timeout = IP_FRAG_TIME;
714
715 inet_frags_init_net(&net->ipv4.frags); 715 inet_frags_init_net(&net->ipv4.frags);
716 716
717 return ip4_frags_ctl_register(net); 717 return ip4_frags_ctl_register(net);
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index cb826bea4b1b..92a311ff79c7 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -73,7 +73,6 @@ struct nf_ct_frag6_queue
73static struct inet_frags_ctl nf_frags_ctl __read_mostly = { 73static struct inet_frags_ctl nf_frags_ctl __read_mostly = {
74 .high_thresh = 256 * 1024, 74 .high_thresh = 256 * 1024,
75 .low_thresh = 192 * 1024, 75 .low_thresh = 192 * 1024,
76 .timeout = IPV6_FRAG_TIMEOUT,
77 .secret_interval = 10 * 60 * HZ, 76 .secret_interval = 10 * 60 * HZ,
78}; 77};
79 78
@@ -84,7 +83,7 @@ static struct netns_frags nf_init_frags;
84struct ctl_table nf_ct_ipv6_sysctl_table[] = { 83struct ctl_table nf_ct_ipv6_sysctl_table[] = {
85 { 84 {
86 .procname = "nf_conntrack_frag6_timeout", 85 .procname = "nf_conntrack_frag6_timeout",
87 .data = &nf_frags_ctl.timeout, 86 .data = &nf_init_frags.timeout,
88 .maxlen = sizeof(unsigned int), 87 .maxlen = sizeof(unsigned int),
89 .mode = 0644, 88 .mode = 0644,
90 .proc_handler = &proc_dointvec_jiffies, 89 .proc_handler = &proc_dointvec_jiffies,
@@ -712,6 +711,7 @@ int nf_ct_frag6_init(void)
712 nf_frags.qsize = sizeof(struct nf_ct_frag6_queue); 711 nf_frags.qsize = sizeof(struct nf_ct_frag6_queue);
713 nf_frags.match = ip6_frag_match; 712 nf_frags.match = ip6_frag_match;
714 nf_frags.frag_expire = nf_ct_frag6_expire; 713 nf_frags.frag_expire = nf_ct_frag6_expire;
714 nf_init_frags.timeout = IPV6_FRAG_TIMEOUT;
715 inet_frags_init_net(&nf_init_frags); 715 inet_frags_init_net(&nf_init_frags);
716 inet_frags_init(&nf_frags); 716 inet_frags_init(&nf_frags);
717 717
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 0300dcbf1a75..91761365b181 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -650,7 +650,7 @@ static struct ctl_table ip6_frags_ctl_table[] = {
650 { 650 {
651 .ctl_name = NET_IPV6_IP6FRAG_TIME, 651 .ctl_name = NET_IPV6_IP6FRAG_TIME,
652 .procname = "ip6frag_time", 652 .procname = "ip6frag_time",
653 .data = &init_net.ipv6.sysctl.frags.timeout, 653 .data = &init_net.ipv6.frags.timeout,
654 .maxlen = sizeof(int), 654 .maxlen = sizeof(int),
655 .mode = 0644, 655 .mode = 0644,
656 .proc_handler = &proc_dointvec_jiffies, 656 .proc_handler = &proc_dointvec_jiffies,
@@ -681,7 +681,7 @@ static int ip6_frags_sysctl_register(struct net *net)
681 681
682 table[0].mode &= ~0222; 682 table[0].mode &= ~0222;
683 table[1].mode &= ~0222; 683 table[1].mode &= ~0222;
684 table[2].mode &= ~0222; 684 table[2].data = &net->ipv6.frags.timeout;
685 table[3].mode &= ~0222; 685 table[3].mode &= ~0222;
686 } 686 }
687 687
@@ -724,7 +724,7 @@ static int ipv6_frags_init_net(struct net *net)
724 724
725 net->ipv6.sysctl.frags.high_thresh = 256 * 1024; 725 net->ipv6.sysctl.frags.high_thresh = 256 * 1024;
726 net->ipv6.sysctl.frags.low_thresh = 192 * 1024; 726 net->ipv6.sysctl.frags.low_thresh = 192 * 1024;
727 net->ipv6.sysctl.frags.timeout = IPV6_FRAG_TIMEOUT; 727 net->ipv6.frags.timeout = IPV6_FRAG_TIMEOUT;
728 net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ; 728 net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ;
729 729
730 inet_frags_init_net(&net->ipv6.frags); 730 inet_frags_init_net(&net->ipv6.frags);