aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/net/inet_frag.h2
-rw-r--r--net/ipv4/inet_fragment.c35
-rw-r--r--net/ipv4/ip_fragment.c34
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c34
-rw-r--r--net/ipv6/reassembly.c37
5 files changed, 52 insertions, 90 deletions
diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h
index 9902363f5bcc..e374412ff42b 100644
--- a/include/net/inet_frag.h
+++ b/include/net/inet_frag.h
@@ -36,6 +36,8 @@ struct inet_frags {
36 atomic_t mem; 36 atomic_t mem;
37 struct timer_list secret_timer; 37 struct timer_list secret_timer;
38 struct inet_frags_ctl *ctl; 38 struct inet_frags_ctl *ctl;
39
40 unsigned int (*hashfn)(struct inet_frag_queue *);
39}; 41};
40 42
41void inet_frags_init(struct inet_frags *); 43void inet_frags_init(struct inet_frags *);
diff --git a/net/ipv4/inet_fragment.c b/net/ipv4/inet_fragment.c
index 534eaa8cdcf3..ec10e05c6666 100644
--- a/net/ipv4/inet_fragment.c
+++ b/net/ipv4/inet_fragment.c
@@ -16,9 +16,38 @@
16#include <linux/module.h> 16#include <linux/module.h>
17#include <linux/timer.h> 17#include <linux/timer.h>
18#include <linux/mm.h> 18#include <linux/mm.h>
19#include <linux/random.h>
19 20
20#include <net/inet_frag.h> 21#include <net/inet_frag.h>
21 22
23static void inet_frag_secret_rebuild(unsigned long dummy)
24{
25 struct inet_frags *f = (struct inet_frags *)dummy;
26 unsigned long now = jiffies;
27 int i;
28
29 write_lock(&f->lock);
30 get_random_bytes(&f->rnd, sizeof(u32));
31 for (i = 0; i < INETFRAGS_HASHSZ; i++) {
32 struct inet_frag_queue *q;
33 struct hlist_node *p, *n;
34
35 hlist_for_each_entry_safe(q, p, n, &f->hash[i], list) {
36 unsigned int hval = f->hashfn(q);
37
38 if (hval != i) {
39 hlist_del(&q->list);
40
41 /* Relink to new hash chain. */
42 hlist_add_head(&q->list, &f->hash[hval]);
43 }
44 }
45 }
46 write_unlock(&f->lock);
47
48 mod_timer(&f->secret_timer, now + f->ctl->secret_interval);
49}
50
22void inet_frags_init(struct inet_frags *f) 51void inet_frags_init(struct inet_frags *f)
23{ 52{
24 int i; 53 int i;
@@ -35,11 +64,17 @@ void inet_frags_init(struct inet_frags *f)
35 f->nqueues = 0; 64 f->nqueues = 0;
36 atomic_set(&f->mem, 0); 65 atomic_set(&f->mem, 0);
37 66
67 init_timer(&f->secret_timer);
68 f->secret_timer.function = inet_frag_secret_rebuild;
69 f->secret_timer.data = (unsigned long)f;
70 f->secret_timer.expires = jiffies + f->ctl->secret_interval;
71 add_timer(&f->secret_timer);
38} 72}
39EXPORT_SYMBOL(inet_frags_init); 73EXPORT_SYMBOL(inet_frags_init);
40 74
41void inet_frags_fini(struct inet_frags *f) 75void inet_frags_fini(struct inet_frags *f)
42{ 76{
77 del_timer(&f->secret_timer);
43} 78}
44EXPORT_SYMBOL(inet_frags_fini); 79EXPORT_SYMBOL(inet_frags_fini);
45 80
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 7416c05dd334..e231c248aea7 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -115,32 +115,12 @@ static unsigned int ipqhashfn(__be16 id, __be32 saddr, __be32 daddr, u8 prot)
115 ip4_frags.rnd) & (INETFRAGS_HASHSZ - 1); 115 ip4_frags.rnd) & (INETFRAGS_HASHSZ - 1);
116} 116}
117 117
118static void ipfrag_secret_rebuild(unsigned long dummy) 118static unsigned int ip4_hashfn(struct inet_frag_queue *q)
119{ 119{
120 unsigned long now = jiffies; 120 struct ipq *ipq;
121 int i;
122 121
123 write_lock(&ip4_frags.lock); 122 ipq = container_of(q, struct ipq, q);
124 get_random_bytes(&ip4_frags.rnd, sizeof(u32)); 123 return ipqhashfn(ipq->id, ipq->saddr, ipq->daddr, ipq->protocol);
125 for (i = 0; i < INETFRAGS_HASHSZ; i++) {
126 struct ipq *q;
127 struct hlist_node *p, *n;
128
129 hlist_for_each_entry_safe(q, p, n, &ip4_frags.hash[i], q.list) {
130 unsigned int hval = ipqhashfn(q->id, q->saddr,
131 q->daddr, q->protocol);
132
133 if (hval != i) {
134 hlist_del(&q->q.list);
135
136 /* Relink to new hash chain. */
137 hlist_add_head(&q->q.list, &ip4_frags.hash[hval]);
138 }
139 }
140 }
141 write_unlock(&ip4_frags.lock);
142
143 mod_timer(&ip4_frags.secret_timer, now + ip4_frags_ctl.secret_interval);
144} 124}
145 125
146/* Memory Tracking Functions. */ 126/* Memory Tracking Functions. */
@@ -739,12 +719,8 @@ int ip_defrag(struct sk_buff *skb, u32 user)
739 719
740void __init ipfrag_init(void) 720void __init ipfrag_init(void)
741{ 721{
742 init_timer(&ip4_frags.secret_timer);
743 ip4_frags.secret_timer.function = ipfrag_secret_rebuild;
744 ip4_frags.secret_timer.expires = jiffies + ip4_frags_ctl.secret_interval;
745 add_timer(&ip4_frags.secret_timer);
746
747 ip4_frags.ctl = &ip4_frags_ctl; 722 ip4_frags.ctl = &ip4_frags_ctl;
723 ip4_frags.hashfn = ip4_hashfn;
748 inet_frags_init(&ip4_frags); 724 inet_frags_init(&ip4_frags);
749} 725}
750 726
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 2ebe515d914e..a3aef387bcfb 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -106,32 +106,12 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
106 return c & (INETFRAGS_HASHSZ - 1); 106 return c & (INETFRAGS_HASHSZ - 1);
107} 107}
108 108
109static void nf_ct_frag6_secret_rebuild(unsigned long dummy) 109static unsigned int nf_hashfn(struct inet_frag_queue *q)
110{ 110{
111 unsigned long now = jiffies; 111 struct nf_ct_frag6_queue *nq;
112 int i;
113 112
114 write_lock(&nf_frags.lock); 113 nq = container_of(q, struct nf_ct_frag6_queue, q);
115 get_random_bytes(&nf_frags.rnd, sizeof(u32)); 114 return ip6qhashfn(nq->id, &nq->saddr, &nq->daddr);
116 for (i = 0; i < INETFRAGS_HASHSZ; i++) {
117 struct nf_ct_frag6_queue *q;
118 struct hlist_node *p, *n;
119
120 hlist_for_each_entry_safe(q, p, n, &nf_frags.hash[i], q.list) {
121 unsigned int hval = ip6qhashfn(q->id,
122 &q->saddr,
123 &q->daddr);
124 if (hval != i) {
125 hlist_del(&q->q.list);
126 /* Relink to new hash chain. */
127 hlist_add_head(&q->q.list,
128 &nf_frags.hash[hval]);
129 }
130 }
131 }
132 write_unlock(&nf_frags.lock);
133
134 mod_timer(&nf_frags.secret_timer, now + nf_frags_ctl.secret_interval);
135} 115}
136 116
137/* Memory Tracking Functions. */ 117/* Memory Tracking Functions. */
@@ -817,11 +797,8 @@ int nf_ct_frag6_kfree_frags(struct sk_buff *skb)
817 797
818int nf_ct_frag6_init(void) 798int nf_ct_frag6_init(void)
819{ 799{
820 setup_timer(&nf_frags.secret_timer, nf_ct_frag6_secret_rebuild, 0);
821 nf_frags.secret_timer.expires = jiffies + nf_frags_ctl.secret_interval;
822 add_timer(&nf_frags.secret_timer);
823
824 nf_frags.ctl = &nf_frags_ctl; 800 nf_frags.ctl = &nf_frags_ctl;
801 nf_frags.hashfn = nf_hashfn;
825 inet_frags_init(&nf_frags); 802 inet_frags_init(&nf_frags);
826 803
827 return 0; 804 return 0;
@@ -831,7 +808,6 @@ void nf_ct_frag6_cleanup(void)
831{ 808{
832 inet_frags_fini(&nf_frags); 809 inet_frags_fini(&nf_frags);
833 810
834 del_timer(&nf_frags.secret_timer);
835 nf_frags_ctl.low_thresh = 0; 811 nf_frags_ctl.low_thresh = 0;
836 nf_ct_frag6_evictor(); 812 nf_ct_frag6_evictor();
837} 813}
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index db129a7a6192..c7d4961bbcf7 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -135,35 +135,12 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
135 return c & (INETFRAGS_HASHSZ - 1); 135 return c & (INETFRAGS_HASHSZ - 1);
136} 136}
137 137
138static void ip6_frag_secret_rebuild(unsigned long dummy) 138static unsigned int ip6_hashfn(struct inet_frag_queue *q)
139{ 139{
140 unsigned long now = jiffies; 140 struct frag_queue *fq;
141 int i;
142
143 write_lock(&ip6_frags.lock);
144 get_random_bytes(&ip6_frags.rnd, sizeof(u32));
145 for (i = 0; i < INETFRAGS_HASHSZ; i++) {
146 struct frag_queue *q;
147 struct hlist_node *p, *n;
148
149 hlist_for_each_entry_safe(q, p, n, &ip6_frags.hash[i], q.list) {
150 unsigned int hval = ip6qhashfn(q->id,
151 &q->saddr,
152 &q->daddr);
153
154 if (hval != i) {
155 hlist_del(&q->q.list);
156
157 /* Relink to new hash chain. */
158 hlist_add_head(&q->q.list,
159 &ip6_frags.hash[hval]);
160
161 }
162 }
163 }
164 write_unlock(&ip6_frags.lock);
165 141
166 mod_timer(&ip6_frags.secret_timer, now + ip6_frags_ctl.secret_interval); 142 fq = container_of(q, struct frag_queue, q);
143 return ip6qhashfn(fq->id, &fq->saddr, &fq->daddr);
167} 144}
168 145
169/* Memory Tracking Functions. */ 146/* Memory Tracking Functions. */
@@ -765,11 +742,7 @@ void __init ipv6_frag_init(void)
765 if (inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT) < 0) 742 if (inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT) < 0)
766 printk(KERN_ERR "ipv6_frag_init: Could not register protocol\n"); 743 printk(KERN_ERR "ipv6_frag_init: Could not register protocol\n");
767 744
768 init_timer(&ip6_frags.secret_timer);
769 ip6_frags.secret_timer.function = ip6_frag_secret_rebuild;
770 ip6_frags.secret_timer.expires = jiffies + ip6_frags_ctl.secret_interval;
771 add_timer(&ip6_frags.secret_timer);
772
773 ip6_frags.ctl = &ip6_frags_ctl; 745 ip6_frags.ctl = &ip6_frags_ctl;
746 ip6_frags.hashfn = ip6_hashfn;
774 inet_frags_init(&ip6_frags); 747 inet_frags_init(&ip6_frags);
775} 748}