5 files changed, 26 insertions, 16 deletions
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index d03a4076e227..c8e8cb241090 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -572,9 +572,6 @@ extern int inet6_hash_connect(struct inet_timewait_death_row *death_row,
 /*
 * reassembly.c
 */
-struct inet_frags_ctl;
-extern struct inet_frags_ctl ip6_frags_ctl;
 extern const struct proto_ops inet6_stream_ops;
 extern const struct proto_ops inet6_dgram_ops;
diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
index 42b9b412fb87..ea4a71ac23d4 100644
--- a/include/net/netns/ipv6.h
+++ b/include/net/netns/ipv6.h
@@ -2,6 +2,8 @@
 * ipv6 in net namespaces
 */
+#include <net/inet_frag.h>
 #ifndef __NETNS_IPV6_H__
 #define __NETNS_IPV6_H__
@@ -11,6 +13,7 @@ struct netns_sysctl_ipv6 {
 #ifdef CONFIG_SYSCTL
        struct ctl_table_header *table;
 #endif
+        struct inet_frags_ctl frags;
        int bindv6only;
 };
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 70662bf8ab98..c4a1882fa80f 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -72,6 +72,8 @@ MODULE_LICENSE("GPL");
 static struct list_head inetsw6[SOCK_MAX];
 static DEFINE_SPINLOCK(inetsw6_lock);
+void ipv6_frag_sysctl_init(struct net *net);
 static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk)
 {
        const int offset = sk->sk_prot->obj_size - sizeof(struct ipv6_pinfo);
@@ -720,6 +722,12 @@ static void cleanup_ipv6_mibs(void)
 static int inet6_net_init(struct net *net)
 {
        net->ipv6.sysctl.bindv6only = 0;
+        net->ipv6.sysctl.frags.high_thresh = 256 * 1024;
+        net->ipv6.sysctl.frags.low_thresh = 192 * 1024;
+        net->ipv6.sysctl.frags.timeout = IPV6_FRAG_TIMEOUT;
+        net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ;
+        ipv6_frag_sysctl_init(net);
        return 0;
 }
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index bf4173daecbb..5cd0bc693a5f 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -82,13 +82,6 @@ struct frag_queue
        __u16                   nhoffset;
 };
-struct inet_frags_ctl ip6_frags_ctl __read_mostly = {
-        .high_thresh     = 256 * 1024,
-        .low_thresh      = 192 * 1024,
-        .timeout         = IPV6_FRAG_TIMEOUT,
-        .secret_interval = 10 * 60 * HZ,
-};
 static struct inet_frags ip6_frags;
 int ip6_frag_nqueues(void)
@@ -605,7 +598,7 @@ static int ipv6_frag_rcv(struct sk_buff *skb)
                return 1;
        }
-        if (atomic_read(&ip6_frags.mem) > ip6_frags_ctl.high_thresh)
+        if (atomic_read(&ip6_frags.mem) > init_net.ipv6.sysctl.frags.high_thresh)
                ip6_evictor(ip6_dst_idev(skb->dst));
        if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr,
@@ -632,6 +625,11 @@ static struct inet6_protocol frag_protocol =
        .flags          =       INET6_PROTO_NOPOLICY,
 };
+void ipv6_frag_sysctl_init(struct net *net)
+{
+        ip6_frags.ctl = &net->ipv6.sysctl.frags;
+}
 int __init ipv6_frag_init(void)
 {
        int ret;
@@ -639,7 +637,7 @@ int __init ipv6_frag_init(void)
        ret = inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT);
        if (ret)
                goto out;
-        ip6_frags.ctl = &ip6_frags_ctl;
        ip6_frags.hashfn = ip6_hashfn;
        ip6_frags.constructor = ip6_frag_init;
        ip6_frags.destructor = NULL;
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c
index 13be97a928cb..ae3cfd1b8e0e 100644
--- a/net/ipv6/sysctl_net_ipv6.c
+++ b/net/ipv6/sysctl_net_ipv6.c
@@ -43,7 +43,7 @@ static ctl_table ipv6_table_template[] = {
        {
                .ctl_name       = NET_IPV6_IP6FRAG_HIGH_THRESH,
                .procname       = "ip6frag_high_thresh",
-                .data           = &ip6_frags_ctl.high_thresh,
+                .data           = &init_net.ipv6.sysctl.frags.high_thresh,
                .maxlen         = sizeof(int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec
@@ -51,7 +51,7 @@ static ctl_table ipv6_table_template[] = {
        {
                .ctl_name       = NET_IPV6_IP6FRAG_LOW_THRESH,
                .procname       = "ip6frag_low_thresh",
-                .data           = &ip6_frags_ctl.low_thresh,
+                .data           = &init_net.ipv6.sysctl.frags.low_thresh,
                .maxlen         = sizeof(int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec
@@ -59,7 +59,7 @@ static ctl_table ipv6_table_template[] = {
        {
                .ctl_name       = NET_IPV6_IP6FRAG_TIME,
                .procname       = "ip6frag_time",
-                .data           = &ip6_frags_ctl.timeout,
+                .data           = &init_net.ipv6.sysctl.frags.timeout,
                .maxlen         = sizeof(int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
@@ -68,7 +68,7 @@ static ctl_table ipv6_table_template[] = {
        {
                .ctl_name       = NET_IPV6_IP6FRAG_SECRET_INTERVAL,
                .procname       = "ip6frag_secret_interval",
-                .data           = &ip6_frags_ctl.secret_interval,
+                .data           = &init_net.ipv6.sysctl.frags.secret_interval,
                .maxlen         = sizeof(int),
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
@@ -117,6 +117,10 @@ static int ipv6_sysctl_net_init(struct net *net)
        ipv6_table[1].child = ipv6_icmp_table;
        ipv6_table[2].data = &net->ipv6.sysctl.bindv6only;
+        ipv6_table[3].data = &net->ipv6.sysctl.frags.high_thresh;
+        ipv6_table[4].data = &net->ipv6.sysctl.frags.low_thresh;
+        ipv6_table[5].data = &net->ipv6.sysctl.frags.timeout;
+        ipv6_table[6].data = &net->ipv6.sysctl.frags.secret_interval;
        net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path,
                                                           ipv6_table);

diff --git a/include/net/ipv6.h b/include/net/ipv6.h index d03a4076e227..c8e8cb241090 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h
@@ -572,9 +572,6 @@ extern int inet6_hash_connect(struct inet_timewait_death_row *death_row,
572	/*	572	/*
573	* reassembly.c	573	* reassembly.c
574	*/	574	*/
575	struct inet_frags_ctl;
576	extern struct inet_frags_ctl ip6_frags_ctl;
577
578	extern const struct proto_ops inet6_stream_ops;	575	extern const struct proto_ops inet6_stream_ops;
579	extern const struct proto_ops inet6_dgram_ops;	576	extern const struct proto_ops inet6_dgram_ops;
580		577


diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h index 42b9b412fb87..ea4a71ac23d4 100644 --- a/include/net/netns/ipv6.h +++ b/include/net/netns/ipv6.h
@@ -2,6 +2,8 @@
2	* ipv6 in net namespaces	2	* ipv6 in net namespaces
3	*/	3	*/
4		4
		5	#include <net/inet_frag.h>
		6
5	#ifndef __NETNS_IPV6_H__	7	#ifndef __NETNS_IPV6_H__
6	#define __NETNS_IPV6_H__	8	#define __NETNS_IPV6_H__
7		9
@@ -11,6 +13,7 @@ struct netns_sysctl_ipv6 {
11	#ifdef CONFIG_SYSCTL	13	#ifdef CONFIG_SYSCTL
12	struct ctl_table_header *table;	14	struct ctl_table_header *table;
13	#endif	15	#endif
		16	struct inet_frags_ctl frags;
14	int bindv6only;	17	int bindv6only;
15	};	18	};
16		19


diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 70662bf8ab98..c4a1882fa80f 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c
@@ -72,6 +72,8 @@ MODULE_LICENSE("GPL");
72	static struct list_head inetsw6[SOCK_MAX];	72	static struct list_head inetsw6[SOCK_MAX];
73	static DEFINE_SPINLOCK(inetsw6_lock);	73	static DEFINE_SPINLOCK(inetsw6_lock);
74		74
		75	void ipv6_frag_sysctl_init(struct net *net);
		76
75	static __inline__ struct ipv6_pinfo inet6_sk_generic(struct sock sk)	77	static __inline__ struct ipv6_pinfo inet6_sk_generic(struct sock sk)
76	{	78	{
77	const int offset = sk->sk_prot->obj_size - sizeof(struct ipv6_pinfo);	79	const int offset = sk->sk_prot->obj_size - sizeof(struct ipv6_pinfo);
@@ -720,6 +722,12 @@ static void cleanup_ipv6_mibs(void)
720	static int inet6_net_init(struct net *net)	722	static int inet6_net_init(struct net *net)
721	{	723	{
722	net->ipv6.sysctl.bindv6only = 0;	724	net->ipv6.sysctl.bindv6only = 0;
		725	net->ipv6.sysctl.frags.high_thresh = 256 * 1024;
		726	net->ipv6.sysctl.frags.low_thresh = 192 * 1024;
		727	net->ipv6.sysctl.frags.timeout = IPV6_FRAG_TIMEOUT;
		728	net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ;
		729	ipv6_frag_sysctl_init(net);
		730
723	return 0;	731	return 0;
724	}	732	}
725		733


diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index bf4173daecbb..5cd0bc693a5f 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c
@@ -82,13 +82,6 @@ struct frag_queue
82	__u16 nhoffset;	82	__u16 nhoffset;
83	};	83	};
84		84
85	struct inet_frags_ctl ip6_frags_ctl __read_mostly = {
86	.high_thresh = 256 * 1024,
87	.low_thresh = 192 * 1024,
88	.timeout = IPV6_FRAG_TIMEOUT,
89	.secret_interval = 10 * 60 * HZ,
90	};
91
92	static struct inet_frags ip6_frags;	85	static struct inet_frags ip6_frags;
93		86
94	int ip6_frag_nqueues(void)	87	int ip6_frag_nqueues(void)
@@ -605,7 +598,7 @@ static int ipv6_frag_rcv(struct sk_buff *skb)
605	return 1;	598	return 1;
606	}	599	}
607		600
608	if (atomic_read(&ip6_frags.mem) > ip6_frags_ctl.high_thresh)	601	if (atomic_read(&ip6_frags.mem) > init_net.ipv6.sysctl.frags.high_thresh)
609	ip6_evictor(ip6_dst_idev(skb->dst));	602	ip6_evictor(ip6_dst_idev(skb->dst));
610		603
611	if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr,	604	if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr,
@@ -632,6 +625,11 @@ static struct inet6_protocol frag_protocol =
632	.flags = INET6_PROTO_NOPOLICY,	625	.flags = INET6_PROTO_NOPOLICY,
633	};	626	};
634		627
		628	void ipv6_frag_sysctl_init(struct net *net)
		629	{
		630	ip6_frags.ctl = &net->ipv6.sysctl.frags;
		631	}
		632
635	int __init ipv6_frag_init(void)	633	int __init ipv6_frag_init(void)
636	{	634	{
637	int ret;	635	int ret;
@@ -639,7 +637,7 @@ int __init ipv6_frag_init(void)
639	ret = inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT);	637	ret = inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT);
640	if (ret)	638	if (ret)
641	goto out;	639	goto out;
642	ip6_frags.ctl = &ip6_frags_ctl;	640
643	ip6_frags.hashfn = ip6_hashfn;	641	ip6_frags.hashfn = ip6_hashfn;
644	ip6_frags.constructor = ip6_frag_init;	642	ip6_frags.constructor = ip6_frag_init;
645	ip6_frags.destructor = NULL;	643	ip6_frags.destructor = NULL;


diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c index 13be97a928cb..ae3cfd1b8e0e 100644 --- a/net/ipv6/sysctl_net_ipv6.c +++ b/net/ipv6/sysctl_net_ipv6.c
@@ -43,7 +43,7 @@ static ctl_table ipv6_table_template[] = {
43	{	43	{
44	.ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH,	44	.ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH,
45	.procname = "ip6frag_high_thresh",	45	.procname = "ip6frag_high_thresh",
46	.data = &ip6_frags_ctl.high_thresh,	46	.data = &init_net.ipv6.sysctl.frags.high_thresh,
47	.maxlen = sizeof(int),	47	.maxlen = sizeof(int),
48	.mode = 0644,	48	.mode = 0644,
49	.proc_handler = &proc_dointvec	49	.proc_handler = &proc_dointvec
@@ -51,7 +51,7 @@ static ctl_table ipv6_table_template[] = {
51	{	51	{
52	.ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH,	52	.ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH,
53	.procname = "ip6frag_low_thresh",	53	.procname = "ip6frag_low_thresh",
54	.data = &ip6_frags_ctl.low_thresh,	54	.data = &init_net.ipv6.sysctl.frags.low_thresh,
55	.maxlen = sizeof(int),	55	.maxlen = sizeof(int),
56	.mode = 0644,	56	.mode = 0644,
57	.proc_handler = &proc_dointvec	57	.proc_handler = &proc_dointvec
@@ -59,7 +59,7 @@ static ctl_table ipv6_table_template[] = {
59	{	59	{
60	.ctl_name = NET_IPV6_IP6FRAG_TIME,	60	.ctl_name = NET_IPV6_IP6FRAG_TIME,
61	.procname = "ip6frag_time",	61	.procname = "ip6frag_time",
62	.data = &ip6_frags_ctl.timeout,	62	.data = &init_net.ipv6.sysctl.frags.timeout,
63	.maxlen = sizeof(int),	63	.maxlen = sizeof(int),
64	.mode = 0644,	64	.mode = 0644,
65	.proc_handler = &proc_dointvec_jiffies,	65	.proc_handler = &proc_dointvec_jiffies,
@@ -68,7 +68,7 @@ static ctl_table ipv6_table_template[] = {
68	{	68	{
69	.ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL,	69	.ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL,
70	.procname = "ip6frag_secret_interval",	70	.procname = "ip6frag_secret_interval",
71	.data = &ip6_frags_ctl.secret_interval,	71	.data = &init_net.ipv6.sysctl.frags.secret_interval,
72	.maxlen = sizeof(int),	72	.maxlen = sizeof(int),
73	.mode = 0644,	73	.mode = 0644,
74	.proc_handler = &proc_dointvec_jiffies,	74	.proc_handler = &proc_dointvec_jiffies,
@@ -117,6 +117,10 @@ static int ipv6_sysctl_net_init(struct net *net)
117	ipv6_table[1].child = ipv6_icmp_table;	117	ipv6_table[1].child = ipv6_icmp_table;
118		118
119	ipv6_table[2].data = &net->ipv6.sysctl.bindv6only;	119	ipv6_table[2].data = &net->ipv6.sysctl.bindv6only;
		120	ipv6_table[3].data = &net->ipv6.sysctl.frags.high_thresh;
		121	ipv6_table[4].data = &net->ipv6.sysctl.frags.low_thresh;
		122	ipv6_table[5].data = &net->ipv6.sysctl.frags.timeout;
		123	ipv6_table[6].data = &net->ipv6.sysctl.frags.secret_interval;
120		124
121	net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path,	125	net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path,
122	ipv6_table);	126	ipv6_table);