diff options
| -rw-r--r-- | include/net/inet_frag.h | 2 | ||||
| -rw-r--r-- | net/ipv4/inet_fragment.c | 35 | ||||
| -rw-r--r-- | net/ipv4/ip_fragment.c | 34 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_reasm.c | 34 | ||||
| -rw-r--r-- | net/ipv6/reassembly.c | 37 |
5 files changed, 52 insertions, 90 deletions
diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h index 9902363f5bcc..e374412ff42b 100644 --- a/include/net/inet_frag.h +++ b/include/net/inet_frag.h | |||
| @@ -36,6 +36,8 @@ struct inet_frags { | |||
| 36 | atomic_t mem; | 36 | atomic_t mem; |
| 37 | struct timer_list secret_timer; | 37 | struct timer_list secret_timer; |
| 38 | struct inet_frags_ctl *ctl; | 38 | struct inet_frags_ctl *ctl; |
| 39 | |||
| 40 | unsigned int (*hashfn)(struct inet_frag_queue *); | ||
| 39 | }; | 41 | }; |
| 40 | 42 | ||
| 41 | void inet_frags_init(struct inet_frags *); | 43 | void inet_frags_init(struct inet_frags *); |
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c index 534eaa8cdcf3..ec10e05c6666 100644 --- a/net/ipv4/inet_fragment.c +++ b/net/ipv4/inet_fragment.c | |||
| @@ -16,9 +16,38 @@ | |||
| 16 | #include <linux/module.h> | 16 | #include <linux/module.h> |
| 17 | #include <linux/timer.h> | 17 | #include <linux/timer.h> |
| 18 | #include <linux/mm.h> | 18 | #include <linux/mm.h> |
| 19 | #include <linux/random.h> | ||
| 19 | 20 | ||
| 20 | #include <net/inet_frag.h> | 21 | #include <net/inet_frag.h> |
| 21 | 22 | ||
| 23 | static void inet_frag_secret_rebuild(unsigned long dummy) | ||
| 24 | { | ||
| 25 | struct inet_frags *f = (struct inet_frags *)dummy; | ||
| 26 | unsigned long now = jiffies; | ||
| 27 | int i; | ||
| 28 | |||
| 29 | write_lock(&f->lock); | ||
| 30 | get_random_bytes(&f->rnd, sizeof(u32)); | ||
| 31 | for (i = 0; i < INETFRAGS_HASHSZ; i++) { | ||
| 32 | struct inet_frag_queue *q; | ||
| 33 | struct hlist_node *p, *n; | ||
| 34 | |||
| 35 | hlist_for_each_entry_safe(q, p, n, &f->hash[i], list) { | ||
| 36 | unsigned int hval = f->hashfn(q); | ||
| 37 | |||
| 38 | if (hval != i) { | ||
| 39 | hlist_del(&q->list); | ||
| 40 | |||
| 41 | /* Relink to new hash chain. */ | ||
| 42 | hlist_add_head(&q->list, &f->hash[hval]); | ||
| 43 | } | ||
| 44 | } | ||
| 45 | } | ||
| 46 | write_unlock(&f->lock); | ||
| 47 | |||
| 48 | mod_timer(&f->secret_timer, now + f->ctl->secret_interval); | ||
| 49 | } | ||
| 50 | |||
| 22 | void inet_frags_init(struct inet_frags *f) | 51 | void inet_frags_init(struct inet_frags *f) |
| 23 | { | 52 | { |
| 24 | int i; | 53 | int i; |
| @@ -35,11 +64,17 @@ void inet_frags_init(struct inet_frags *f) | |||
| 35 | f->nqueues = 0; | 64 | f->nqueues = 0; |
| 36 | atomic_set(&f->mem, 0); | 65 | atomic_set(&f->mem, 0); |
| 37 | 66 | ||
| 67 | init_timer(&f->secret_timer); | ||
| 68 | f->secret_timer.function = inet_frag_secret_rebuild; | ||
| 69 | f->secret_timer.data = (unsigned long)f; | ||
| 70 | f->secret_timer.expires = jiffies + f->ctl->secret_interval; | ||
| 71 | add_timer(&f->secret_timer); | ||
| 38 | } | 72 | } |
| 39 | EXPORT_SYMBOL(inet_frags_init); | 73 | EXPORT_SYMBOL(inet_frags_init); |
| 40 | 74 | ||
| 41 | void inet_frags_fini(struct inet_frags *f) | 75 | void inet_frags_fini(struct inet_frags *f) |
| 42 | { | 76 | { |
| 77 | del_timer(&f->secret_timer); | ||
| 43 | } | 78 | } |
| 44 | EXPORT_SYMBOL(inet_frags_fini); | 79 | EXPORT_SYMBOL(inet_frags_fini); |
| 45 | 80 | ||
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index 7416c05dd334..e231c248aea7 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c | |||
| @@ -115,32 +115,12 @@ static unsigned int ipqhashfn(__be16 id, __be32 saddr, __be32 daddr, u8 prot) | |||
| 115 | ip4_frags.rnd) & (INETFRAGS_HASHSZ - 1); | 115 | ip4_frags.rnd) & (INETFRAGS_HASHSZ - 1); |
| 116 | } | 116 | } |
| 117 | 117 | ||
| 118 | static void ipfrag_secret_rebuild(unsigned long dummy) | 118 | static unsigned int ip4_hashfn(struct inet_frag_queue *q) |
| 119 | { | 119 | { |
| 120 | unsigned long now = jiffies; | 120 | struct ipq *ipq; |
| 121 | int i; | ||
| 122 | 121 | ||
| 123 | write_lock(&ip4_frags.lock); | 122 | ipq = container_of(q, struct ipq, q); |
| 124 | get_random_bytes(&ip4_frags.rnd, sizeof(u32)); | 123 | return ipqhashfn(ipq->id, ipq->saddr, ipq->daddr, ipq->protocol); |
| 125 | for (i = 0; i < INETFRAGS_HASHSZ; i++) { | ||
| 126 | struct ipq *q; | ||
| 127 | struct hlist_node *p, *n; | ||
| 128 | |||
| 129 | hlist_for_each_entry_safe(q, p, n, &ip4_frags.hash[i], q.list) { | ||
| 130 | unsigned int hval = ipqhashfn(q->id, q->saddr, | ||
| 131 | q->daddr, q->protocol); | ||
| 132 | |||
| 133 | if (hval != i) { | ||
| 134 | hlist_del(&q->q.list); | ||
| 135 | |||
| 136 | /* Relink to new hash chain. */ | ||
| 137 | hlist_add_head(&q->q.list, &ip4_frags.hash[hval]); | ||
| 138 | } | ||
| 139 | } | ||
| 140 | } | ||
| 141 | write_unlock(&ip4_frags.lock); | ||
| 142 | |||
| 143 | mod_timer(&ip4_frags.secret_timer, now + ip4_frags_ctl.secret_interval); | ||
| 144 | } | 124 | } |
| 145 | 125 | ||
| 146 | /* Memory Tracking Functions. */ | 126 | /* Memory Tracking Functions. */ |
| @@ -739,12 +719,8 @@ int ip_defrag(struct sk_buff *skb, u32 user) | |||
| 739 | 719 | ||
| 740 | void __init ipfrag_init(void) | 720 | void __init ipfrag_init(void) |
| 741 | { | 721 | { |
| 742 | init_timer(&ip4_frags.secret_timer); | ||
| 743 | ip4_frags.secret_timer.function = ipfrag_secret_rebuild; | ||
| 744 | ip4_frags.secret_timer.expires = jiffies + ip4_frags_ctl.secret_interval; | ||
| 745 | add_timer(&ip4_frags.secret_timer); | ||
| 746 | |||
| 747 | ip4_frags.ctl = &ip4_frags_ctl; | 722 | ip4_frags.ctl = &ip4_frags_ctl; |
| 723 | ip4_frags.hashfn = ip4_hashfn; | ||
| 748 | inet_frags_init(&ip4_frags); | 724 | inet_frags_init(&ip4_frags); |
| 749 | } | 725 | } |
| 750 | 726 | ||
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index 2ebe515d914e..a3aef387bcfb 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c | |||
| @@ -106,32 +106,12 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, | |||
| 106 | return c & (INETFRAGS_HASHSZ - 1); | 106 | return c & (INETFRAGS_HASHSZ - 1); |
| 107 | } | 107 | } |
| 108 | 108 | ||
| 109 | static void nf_ct_frag6_secret_rebuild(unsigned long dummy) | 109 | static unsigned int nf_hashfn(struct inet_frag_queue *q) |
| 110 | { | 110 | { |
| 111 | unsigned long now = jiffies; | 111 | struct nf_ct_frag6_queue *nq; |
| 112 | int i; | ||
| 113 | 112 | ||
| 114 | write_lock(&nf_frags.lock); | 113 | nq = container_of(q, struct nf_ct_frag6_queue, q); |
| 115 | get_random_bytes(&nf_frags.rnd, sizeof(u32)); | 114 | return ip6qhashfn(nq->id, &nq->saddr, &nq->daddr); |
| 116 | for (i = 0; i < INETFRAGS_HASHSZ; i++) { | ||
| 117 | struct nf_ct_frag6_queue *q; | ||
| 118 | struct hlist_node *p, *n; | ||
| 119 | |||
| 120 | hlist_for_each_entry_safe(q, p, n, &nf_frags.hash[i], q.list) { | ||
| 121 | unsigned int hval = ip6qhashfn(q->id, | ||
| 122 | &q->saddr, | ||
| 123 | &q->daddr); | ||
| 124 | if (hval != i) { | ||
| 125 | hlist_del(&q->q.list); | ||
| 126 | /* Relink to new hash chain. */ | ||
| 127 | hlist_add_head(&q->q.list, | ||
| 128 | &nf_frags.hash[hval]); | ||
| 129 | } | ||
| 130 | } | ||
| 131 | } | ||
| 132 | write_unlock(&nf_frags.lock); | ||
| 133 | |||
| 134 | mod_timer(&nf_frags.secret_timer, now + nf_frags_ctl.secret_interval); | ||
| 135 | } | 115 | } |
| 136 | 116 | ||
| 137 | /* Memory Tracking Functions. */ | 117 | /* Memory Tracking Functions. */ |
| @@ -817,11 +797,8 @@ int nf_ct_frag6_kfree_frags(struct sk_buff *skb) | |||
| 817 | 797 | ||
| 818 | int nf_ct_frag6_init(void) | 798 | int nf_ct_frag6_init(void) |
| 819 | { | 799 | { |
| 820 | setup_timer(&nf_frags.secret_timer, nf_ct_frag6_secret_rebuild, 0); | ||
| 821 | nf_frags.secret_timer.expires = jiffies + nf_frags_ctl.secret_interval; | ||
| 822 | add_timer(&nf_frags.secret_timer); | ||
| 823 | |||
| 824 | nf_frags.ctl = &nf_frags_ctl; | 800 | nf_frags.ctl = &nf_frags_ctl; |
| 801 | nf_frags.hashfn = nf_hashfn; | ||
| 825 | inet_frags_init(&nf_frags); | 802 | inet_frags_init(&nf_frags); |
| 826 | 803 | ||
| 827 | return 0; | 804 | return 0; |
| @@ -831,7 +808,6 @@ void nf_ct_frag6_cleanup(void) | |||
| 831 | { | 808 | { |
| 832 | inet_frags_fini(&nf_frags); | 809 | inet_frags_fini(&nf_frags); |
| 833 | 810 | ||
| 834 | del_timer(&nf_frags.secret_timer); | ||
| 835 | nf_frags_ctl.low_thresh = 0; | 811 | nf_frags_ctl.low_thresh = 0; |
| 836 | nf_ct_frag6_evictor(); | 812 | nf_ct_frag6_evictor(); |
| 837 | } | 813 | } |
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index db129a7a6192..c7d4961bbcf7 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c | |||
| @@ -135,35 +135,12 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, | |||
| 135 | return c & (INETFRAGS_HASHSZ - 1); | 135 | return c & (INETFRAGS_HASHSZ - 1); |
| 136 | } | 136 | } |
| 137 | 137 | ||
| 138 | static void ip6_frag_secret_rebuild(unsigned long dummy) | 138 | static unsigned int ip6_hashfn(struct inet_frag_queue *q) |
| 139 | { | 139 | { |
| 140 | unsigned long now = jiffies; | 140 | struct frag_queue *fq; |
| 141 | int i; | ||
| 142 | |||
| 143 | write_lock(&ip6_frags.lock); | ||
| 144 | get_random_bytes(&ip6_frags.rnd, sizeof(u32)); | ||
| 145 | for (i = 0; i < INETFRAGS_HASHSZ; i++) { | ||
| 146 | struct frag_queue *q; | ||
| 147 | struct hlist_node *p, *n; | ||
| 148 | |||
| 149 | hlist_for_each_entry_safe(q, p, n, &ip6_frags.hash[i], q.list) { | ||
| 150 | unsigned int hval = ip6qhashfn(q->id, | ||
| 151 | &q->saddr, | ||
| 152 | &q->daddr); | ||
| 153 | |||
| 154 | if (hval != i) { | ||
| 155 | hlist_del(&q->q.list); | ||
| 156 | |||
| 157 | /* Relink to new hash chain. */ | ||
| 158 | hlist_add_head(&q->q.list, | ||
| 159 | &ip6_frags.hash[hval]); | ||
| 160 | |||
| 161 | } | ||
| 162 | } | ||
| 163 | } | ||
| 164 | write_unlock(&ip6_frags.lock); | ||
| 165 | 141 | ||
| 166 | mod_timer(&ip6_frags.secret_timer, now + ip6_frags_ctl.secret_interval); | 142 | fq = container_of(q, struct frag_queue, q); |
| 143 | return ip6qhashfn(fq->id, &fq->saddr, &fq->daddr); | ||
| 167 | } | 144 | } |
| 168 | 145 | ||
| 169 | /* Memory Tracking Functions. */ | 146 | /* Memory Tracking Functions. */ |
| @@ -765,11 +742,7 @@ void __init ipv6_frag_init(void) | |||
| 765 | if (inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT) < 0) | 742 | if (inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT) < 0) |
| 766 | printk(KERN_ERR "ipv6_frag_init: Could not register protocol\n"); | 743 | printk(KERN_ERR "ipv6_frag_init: Could not register protocol\n"); |
| 767 | 744 | ||
| 768 | init_timer(&ip6_frags.secret_timer); | ||
| 769 | ip6_frags.secret_timer.function = ip6_frag_secret_rebuild; | ||
| 770 | ip6_frags.secret_timer.expires = jiffies + ip6_frags_ctl.secret_interval; | ||
| 771 | add_timer(&ip6_frags.secret_timer); | ||
| 772 | |||
| 773 | ip6_frags.ctl = &ip6_frags_ctl; | 745 | ip6_frags.ctl = &ip6_frags_ctl; |
| 746 | ip6_frags.hashfn = ip6_hashfn; | ||
| 774 | inet_frags_init(&ip6_frags); | 747 | inet_frags_init(&ip6_frags); |
| 775 | } | 748 | } |