diff options
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 7 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_conntrack_reasm.c | 29 | ||||
| -rw-r--r-- | net/ipv6/reassembly.c | 25 | ||||
| -rw-r--r-- | net/ipv6/sysctl_net_ipv6.c | 9 |
4 files changed, 37 insertions, 33 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index e9369dc02381..0e40948f4fc6 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
| @@ -18,6 +18,7 @@ | |||
| 18 | #include <linux/icmp.h> | 18 | #include <linux/icmp.h> |
| 19 | #include <linux/sysctl.h> | 19 | #include <linux/sysctl.h> |
| 20 | #include <net/ipv6.h> | 20 | #include <net/ipv6.h> |
| 21 | #include <net/inet_frag.h> | ||
| 21 | 22 | ||
| 22 | #include <linux/netfilter_ipv6.h> | 23 | #include <linux/netfilter_ipv6.h> |
| 23 | #include <net/netfilter/nf_conntrack.h> | 24 | #include <net/netfilter/nf_conntrack.h> |
| @@ -307,7 +308,7 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = { | |||
| 307 | { | 308 | { |
| 308 | .ctl_name = NET_NF_CONNTRACK_FRAG6_TIMEOUT, | 309 | .ctl_name = NET_NF_CONNTRACK_FRAG6_TIMEOUT, |
| 309 | .procname = "nf_conntrack_frag6_timeout", | 310 | .procname = "nf_conntrack_frag6_timeout", |
| 310 | .data = &nf_ct_frag6_timeout, | 311 | .data = &nf_frags_ctl.timeout, |
| 311 | .maxlen = sizeof(unsigned int), | 312 | .maxlen = sizeof(unsigned int), |
| 312 | .mode = 0644, | 313 | .mode = 0644, |
| 313 | .proc_handler = &proc_dointvec_jiffies, | 314 | .proc_handler = &proc_dointvec_jiffies, |
| @@ -315,7 +316,7 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = { | |||
| 315 | { | 316 | { |
| 316 | .ctl_name = NET_NF_CONNTRACK_FRAG6_LOW_THRESH, | 317 | .ctl_name = NET_NF_CONNTRACK_FRAG6_LOW_THRESH, |
| 317 | .procname = "nf_conntrack_frag6_low_thresh", | 318 | .procname = "nf_conntrack_frag6_low_thresh", |
| 318 | .data = &nf_ct_frag6_low_thresh, | 319 | .data = &nf_frags_ctl.low_thresh, |
| 319 | .maxlen = sizeof(unsigned int), | 320 | .maxlen = sizeof(unsigned int), |
| 320 | .mode = 0644, | 321 | .mode = 0644, |
| 321 | .proc_handler = &proc_dointvec, | 322 | .proc_handler = &proc_dointvec, |
| @@ -323,7 +324,7 @@ static ctl_table nf_ct_ipv6_sysctl_table[] = { | |||
| 323 | { | 324 | { |
| 324 | .ctl_name = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH, | 325 | .ctl_name = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH, |
| 325 | .procname = "nf_conntrack_frag6_high_thresh", | 326 | .procname = "nf_conntrack_frag6_high_thresh", |
| 326 | .data = &nf_ct_frag6_high_thresh, | 327 | .data = &nf_frags_ctl.high_thresh, |
| 327 | .maxlen = sizeof(unsigned int), | 328 | .maxlen = sizeof(unsigned int), |
| 328 | .mode = 0644, | 329 | .mode = 0644, |
| 329 | .proc_handler = &proc_dointvec, | 330 | .proc_handler = &proc_dointvec, |
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c index eb2ca1b7ddab..966a88848406 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c | |||
| @@ -49,10 +49,6 @@ | |||
| 49 | #define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */ | 49 | #define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */ |
| 50 | #define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT | 50 | #define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT |
| 51 | 51 | ||
| 52 | unsigned int nf_ct_frag6_high_thresh __read_mostly = 256*1024; | ||
| 53 | unsigned int nf_ct_frag6_low_thresh __read_mostly = 192*1024; | ||
| 54 | unsigned long nf_ct_frag6_timeout __read_mostly = IPV6_FRAG_TIMEOUT; | ||
| 55 | |||
| 56 | struct nf_ct_frag6_skb_cb | 52 | struct nf_ct_frag6_skb_cb |
| 57 | { | 53 | { |
| 58 | struct inet6_skb_parm h; | 54 | struct inet6_skb_parm h; |
| @@ -74,6 +70,13 @@ struct nf_ct_frag6_queue | |||
| 74 | __u16 nhoffset; | 70 | __u16 nhoffset; |
| 75 | }; | 71 | }; |
| 76 | 72 | ||
| 73 | struct inet_frags_ctl nf_frags_ctl __read_mostly = { | ||
| 74 | .high_thresh = 256 * 1024, | ||
| 75 | .low_thresh = 192 * 1024, | ||
| 76 | .timeout = IPV6_FRAG_TIMEOUT, | ||
| 77 | .secret_interval = 10 * 60 * HZ, | ||
| 78 | }; | ||
| 79 | |||
| 77 | static struct inet_frags nf_frags; | 80 | static struct inet_frags nf_frags; |
| 78 | 81 | ||
| 79 | static __inline__ void __fq_unlink(struct nf_ct_frag6_queue *fq) | 82 | static __inline__ void __fq_unlink(struct nf_ct_frag6_queue *fq) |
| @@ -117,8 +120,6 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, | |||
| 117 | return c & (INETFRAGS_HASHSZ - 1); | 120 | return c & (INETFRAGS_HASHSZ - 1); |
| 118 | } | 121 | } |
| 119 | 122 | ||
| 120 | int nf_ct_frag6_secret_interval = 10 * 60 * HZ; | ||
| 121 | |||
| 122 | static void nf_ct_frag6_secret_rebuild(unsigned long dummy) | 123 | static void nf_ct_frag6_secret_rebuild(unsigned long dummy) |
| 123 | { | 124 | { |
| 124 | unsigned long now = jiffies; | 125 | unsigned long now = jiffies; |
| @@ -144,7 +145,7 @@ static void nf_ct_frag6_secret_rebuild(unsigned long dummy) | |||
| 144 | } | 145 | } |
| 145 | write_unlock(&nf_frags.lock); | 146 | write_unlock(&nf_frags.lock); |
| 146 | 147 | ||
| 147 | mod_timer(&nf_frags.secret_timer, now + nf_ct_frag6_secret_interval); | 148 | mod_timer(&nf_frags.secret_timer, now + nf_frags_ctl.secret_interval); |
| 148 | } | 149 | } |
| 149 | 150 | ||
| 150 | /* Memory Tracking Functions. */ | 151 | /* Memory Tracking Functions. */ |
| @@ -229,10 +230,10 @@ static void nf_ct_frag6_evictor(void) | |||
| 229 | unsigned int work; | 230 | unsigned int work; |
| 230 | 231 | ||
| 231 | work = atomic_read(&nf_frags.mem); | 232 | work = atomic_read(&nf_frags.mem); |
| 232 | if (work <= nf_ct_frag6_low_thresh) | 233 | if (work <= nf_frags_ctl.low_thresh) |
| 233 | return; | 234 | return; |
| 234 | 235 | ||
| 235 | work -= nf_ct_frag6_low_thresh; | 236 | work -= nf_frags_ctl.low_thresh; |
| 236 | while (work > 0) { | 237 | while (work > 0) { |
| 237 | read_lock(&nf_frags.lock); | 238 | read_lock(&nf_frags.lock); |
| 238 | if (list_empty(&nf_frags.lru_list)) { | 239 | if (list_empty(&nf_frags.lru_list)) { |
| @@ -296,7 +297,7 @@ static struct nf_ct_frag6_queue *nf_ct_frag6_intern(unsigned int hash, | |||
| 296 | #endif | 297 | #endif |
| 297 | fq = fq_in; | 298 | fq = fq_in; |
| 298 | 299 | ||
| 299 | if (!mod_timer(&fq->q.timer, jiffies + nf_ct_frag6_timeout)) | 300 | if (!mod_timer(&fq->q.timer, jiffies + nf_frags_ctl.timeout)) |
| 300 | atomic_inc(&fq->q.refcnt); | 301 | atomic_inc(&fq->q.refcnt); |
| 301 | 302 | ||
| 302 | atomic_inc(&fq->q.refcnt); | 303 | atomic_inc(&fq->q.refcnt); |
| @@ -766,7 +767,7 @@ struct sk_buff *nf_ct_frag6_gather(struct sk_buff *skb) | |||
| 766 | goto ret_orig; | 767 | goto ret_orig; |
| 767 | } | 768 | } |
| 768 | 769 | ||
| 769 | if (atomic_read(&nf_frags.mem) > nf_ct_frag6_high_thresh) | 770 | if (atomic_read(&nf_frags.mem) > nf_frags_ctl.high_thresh) |
| 770 | nf_ct_frag6_evictor(); | 771 | nf_ct_frag6_evictor(); |
| 771 | 772 | ||
| 772 | fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr); | 773 | fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr); |
| @@ -838,10 +839,10 @@ int nf_ct_frag6_kfree_frags(struct sk_buff *skb) | |||
| 838 | int nf_ct_frag6_init(void) | 839 | int nf_ct_frag6_init(void) |
| 839 | { | 840 | { |
| 840 | setup_timer(&nf_frags.secret_timer, nf_ct_frag6_secret_rebuild, 0); | 841 | setup_timer(&nf_frags.secret_timer, nf_ct_frag6_secret_rebuild, 0); |
| 841 | nf_frags.secret_timer.expires = jiffies | 842 | nf_frags.secret_timer.expires = jiffies + nf_frags_ctl.secret_interval; |
| 842 | + nf_ct_frag6_secret_interval; | ||
| 843 | add_timer(&nf_frags.secret_timer); | 843 | add_timer(&nf_frags.secret_timer); |
| 844 | 844 | ||
| 845 | nf_frags.ctl = &nf_frags_ctl; | ||
| 845 | inet_frags_init(&nf_frags); | 846 | inet_frags_init(&nf_frags); |
| 846 | 847 | ||
| 847 | return 0; | 848 | return 0; |
| @@ -852,6 +853,6 @@ void nf_ct_frag6_cleanup(void) | |||
| 852 | inet_frags_fini(&nf_frags); | 853 | inet_frags_fini(&nf_frags); |
| 853 | 854 | ||
| 854 | del_timer(&nf_frags.secret_timer); | 855 | del_timer(&nf_frags.secret_timer); |
| 855 | nf_ct_frag6_low_thresh = 0; | 856 | nf_frags_ctl.low_thresh = 0; |
| 856 | nf_ct_frag6_evictor(); | 857 | nf_ct_frag6_evictor(); |
| 857 | } | 858 | } |
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c index ecf340047cde..ced1a5f5b776 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c | |||
| @@ -56,11 +56,6 @@ | |||
| 56 | #include <net/addrconf.h> | 56 | #include <net/addrconf.h> |
| 57 | #include <net/inet_frag.h> | 57 | #include <net/inet_frag.h> |
| 58 | 58 | ||
| 59 | int sysctl_ip6frag_high_thresh __read_mostly = 256*1024; | ||
| 60 | int sysctl_ip6frag_low_thresh __read_mostly = 192*1024; | ||
| 61 | |||
| 62 | int sysctl_ip6frag_time __read_mostly = IPV6_FRAG_TIMEOUT; | ||
| 63 | |||
| 64 | struct ip6frag_skb_cb | 59 | struct ip6frag_skb_cb |
| 65 | { | 60 | { |
| 66 | struct inet6_skb_parm h; | 61 | struct inet6_skb_parm h; |
| @@ -87,6 +82,13 @@ struct frag_queue | |||
| 87 | __u16 nhoffset; | 82 | __u16 nhoffset; |
| 88 | }; | 83 | }; |
| 89 | 84 | ||
| 85 | struct inet_frags_ctl ip6_frags_ctl __read_mostly = { | ||
| 86 | .high_thresh = 256 * 1024, | ||
| 87 | .low_thresh = 192 * 1024, | ||
| 88 | .timeout = IPV6_FRAG_TIMEOUT, | ||
| 89 | .secret_interval = 10 * 60 * HZ, | ||
| 90 | }; | ||
| 91 | |||
| 90 | static struct inet_frags ip6_frags; | 92 | static struct inet_frags ip6_frags; |
| 91 | 93 | ||
| 92 | int ip6_frag_nqueues(void) | 94 | int ip6_frag_nqueues(void) |
| @@ -147,8 +149,6 @@ static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr, | |||
| 147 | return c & (INETFRAGS_HASHSZ - 1); | 149 | return c & (INETFRAGS_HASHSZ - 1); |
| 148 | } | 150 | } |
| 149 | 151 | ||
| 150 | int sysctl_ip6frag_secret_interval __read_mostly = 10 * 60 * HZ; | ||
| 151 | |||
| 152 | static void ip6_frag_secret_rebuild(unsigned long dummy) | 152 | static void ip6_frag_secret_rebuild(unsigned long dummy) |
| 153 | { | 153 | { |
| 154 | unsigned long now = jiffies; | 154 | unsigned long now = jiffies; |
| @@ -177,7 +177,7 @@ static void ip6_frag_secret_rebuild(unsigned long dummy) | |||
| 177 | } | 177 | } |
| 178 | write_unlock(&ip6_frags.lock); | 178 | write_unlock(&ip6_frags.lock); |
| 179 | 179 | ||
| 180 | mod_timer(&ip6_frags.secret_timer, now + sysctl_ip6frag_secret_interval); | 180 | mod_timer(&ip6_frags.secret_timer, now + ip6_frags_ctl.secret_interval); |
| 181 | } | 181 | } |
| 182 | 182 | ||
| 183 | /* Memory Tracking Functions. */ | 183 | /* Memory Tracking Functions. */ |
| @@ -256,7 +256,7 @@ static void ip6_evictor(struct inet6_dev *idev) | |||
| 256 | struct list_head *tmp; | 256 | struct list_head *tmp; |
| 257 | int work; | 257 | int work; |
| 258 | 258 | ||
| 259 | work = atomic_read(&ip6_frags.mem) - sysctl_ip6frag_low_thresh; | 259 | work = atomic_read(&ip6_frags.mem) - ip6_frags_ctl.low_thresh; |
| 260 | if (work <= 0) | 260 | if (work <= 0) |
| 261 | return; | 261 | return; |
| 262 | 262 | ||
| @@ -348,7 +348,7 @@ static struct frag_queue *ip6_frag_intern(struct frag_queue *fq_in) | |||
| 348 | #endif | 348 | #endif |
| 349 | fq = fq_in; | 349 | fq = fq_in; |
| 350 | 350 | ||
| 351 | if (!mod_timer(&fq->q.timer, jiffies + sysctl_ip6frag_time)) | 351 | if (!mod_timer(&fq->q.timer, jiffies + ip6_frags_ctl.timeout)) |
| 352 | atomic_inc(&fq->q.refcnt); | 352 | atomic_inc(&fq->q.refcnt); |
| 353 | 353 | ||
| 354 | atomic_inc(&fq->q.refcnt); | 354 | atomic_inc(&fq->q.refcnt); |
| @@ -754,7 +754,7 @@ static int ipv6_frag_rcv(struct sk_buff **skbp) | |||
| 754 | return 1; | 754 | return 1; |
| 755 | } | 755 | } |
| 756 | 756 | ||
| 757 | if (atomic_read(&ip6_frags.mem) > sysctl_ip6frag_high_thresh) | 757 | if (atomic_read(&ip6_frags.mem) > ip6_frags_ctl.high_thresh) |
| 758 | ip6_evictor(ip6_dst_idev(skb->dst)); | 758 | ip6_evictor(ip6_dst_idev(skb->dst)); |
| 759 | 759 | ||
| 760 | if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr, | 760 | if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr, |
| @@ -788,8 +788,9 @@ void __init ipv6_frag_init(void) | |||
| 788 | 788 | ||
| 789 | init_timer(&ip6_frags.secret_timer); | 789 | init_timer(&ip6_frags.secret_timer); |
| 790 | ip6_frags.secret_timer.function = ip6_frag_secret_rebuild; | 790 | ip6_frags.secret_timer.function = ip6_frag_secret_rebuild; |
| 791 | ip6_frags.secret_timer.expires = jiffies + sysctl_ip6frag_secret_interval; | 791 | ip6_frags.secret_timer.expires = jiffies + ip6_frags_ctl.secret_interval; |
| 792 | add_timer(&ip6_frags.secret_timer); | 792 | add_timer(&ip6_frags.secret_timer); |
| 793 | 793 | ||
| 794 | ip6_frags.ctl = &ip6_frags_ctl; | ||
| 794 | inet_frags_init(&ip6_frags); | 795 | inet_frags_init(&ip6_frags); |
| 795 | } | 796 | } |
diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c index 3fb44277207b..68bb2548e469 100644 --- a/net/ipv6/sysctl_net_ipv6.c +++ b/net/ipv6/sysctl_net_ipv6.c | |||
| @@ -12,6 +12,7 @@ | |||
| 12 | #include <net/ndisc.h> | 12 | #include <net/ndisc.h> |
| 13 | #include <net/ipv6.h> | 13 | #include <net/ipv6.h> |
| 14 | #include <net/addrconf.h> | 14 | #include <net/addrconf.h> |
| 15 | #include <net/inet_frag.h> | ||
| 15 | 16 | ||
| 16 | #ifdef CONFIG_SYSCTL | 17 | #ifdef CONFIG_SYSCTL |
| 17 | 18 | ||
| @@ -41,7 +42,7 @@ static ctl_table ipv6_table[] = { | |||
| 41 | { | 42 | { |
| 42 | .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH, | 43 | .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH, |
| 43 | .procname = "ip6frag_high_thresh", | 44 | .procname = "ip6frag_high_thresh", |
| 44 | .data = &sysctl_ip6frag_high_thresh, | 45 | .data = &ip6_frags_ctl.high_thresh, |
| 45 | .maxlen = sizeof(int), | 46 | .maxlen = sizeof(int), |
| 46 | .mode = 0644, | 47 | .mode = 0644, |
| 47 | .proc_handler = &proc_dointvec | 48 | .proc_handler = &proc_dointvec |
| @@ -49,7 +50,7 @@ static ctl_table ipv6_table[] = { | |||
| 49 | { | 50 | { |
| 50 | .ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH, | 51 | .ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH, |
| 51 | .procname = "ip6frag_low_thresh", | 52 | .procname = "ip6frag_low_thresh", |
| 52 | .data = &sysctl_ip6frag_low_thresh, | 53 | .data = &ip6_frags_ctl.low_thresh, |
| 53 | .maxlen = sizeof(int), | 54 | .maxlen = sizeof(int), |
| 54 | .mode = 0644, | 55 | .mode = 0644, |
| 55 | .proc_handler = &proc_dointvec | 56 | .proc_handler = &proc_dointvec |
| @@ -57,7 +58,7 @@ static ctl_table ipv6_table[] = { | |||
| 57 | { | 58 | { |
| 58 | .ctl_name = NET_IPV6_IP6FRAG_TIME, | 59 | .ctl_name = NET_IPV6_IP6FRAG_TIME, |
| 59 | .procname = "ip6frag_time", | 60 | .procname = "ip6frag_time", |
| 60 | .data = &sysctl_ip6frag_time, | 61 | .data = &ip6_frags_ctl.timeout, |
| 61 | .maxlen = sizeof(int), | 62 | .maxlen = sizeof(int), |
| 62 | .mode = 0644, | 63 | .mode = 0644, |
| 63 | .proc_handler = &proc_dointvec_jiffies, | 64 | .proc_handler = &proc_dointvec_jiffies, |
| @@ -66,7 +67,7 @@ static ctl_table ipv6_table[] = { | |||
| 66 | { | 67 | { |
| 67 | .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL, | 68 | .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL, |
| 68 | .procname = "ip6frag_secret_interval", | 69 | .procname = "ip6frag_secret_interval", |
| 69 | .data = &sysctl_ip6frag_secret_interval, | 70 | .data = &ip6_frags_ctl.secret_interval, |
| 70 | .maxlen = sizeof(int), | 71 | .maxlen = sizeof(int), |
| 71 | .mode = 0644, | 72 | .mode = 0644, |
| 72 | .proc_handler = &proc_dointvec_jiffies, | 73 | .proc_handler = &proc_dointvec_jiffies, |