diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_conntrack_proto_sctp.c | 57 |
1 files changed, 24 insertions, 33 deletions
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c index 14b1c02c4775..21d29e782baf 100644 --- a/net/netfilter/nf_conntrack_proto_sctp.c +++ b/net/netfilter/nf_conntrack_proto_sctp.c | |||
@@ -49,24 +49,15 @@ static const char *sctp_conntrack_names[] = { | |||
49 | #define HOURS * 60 MINS | 49 | #define HOURS * 60 MINS |
50 | #define DAYS * 24 HOURS | 50 | #define DAYS * 24 HOURS |
51 | 51 | ||
52 | static unsigned int nf_ct_sctp_timeout_closed __read_mostly = 10 SECS; | 52 | static unsigned int sctp_timeouts[SCTP_CONNTRACK_MAX] __read_mostly = { |
53 | static unsigned int nf_ct_sctp_timeout_cookie_wait __read_mostly = 3 SECS; | 53 | [SCTP_CONNTRACK_CLOSED] = 10 SECS, |
54 | static unsigned int nf_ct_sctp_timeout_cookie_echoed __read_mostly = 3 SECS; | 54 | [SCTP_CONNTRACK_COOKIE_WAIT] = 3 SECS, |
55 | static unsigned int nf_ct_sctp_timeout_established __read_mostly = 5 DAYS; | 55 | [SCTP_CONNTRACK_COOKIE_ECHOED] = 3 SECS, |
56 | static unsigned int nf_ct_sctp_timeout_shutdown_sent __read_mostly = 300 SECS / 1000; | 56 | [SCTP_CONNTRACK_ESTABLISHED] = 5 DAYS, |
57 | static unsigned int nf_ct_sctp_timeout_shutdown_recd __read_mostly = 300 SECS / 1000; | 57 | [SCTP_CONNTRACK_SHUTDOWN_SENT] = 300 SECS / 1000, |
58 | static unsigned int nf_ct_sctp_timeout_shutdown_ack_sent __read_mostly = 3 SECS; | 58 | [SCTP_CONNTRACK_SHUTDOWN_RECD] = 300 SECS / 1000, |
59 | 59 | [SCTP_CONNTRACK_SHUTDOWN_ACK_SENT] = 3 SECS, | |
60 | static unsigned int * sctp_timeouts[] | 60 | }; |
61 | = { NULL, /* SCTP_CONNTRACK_NONE */ | ||
62 | &nf_ct_sctp_timeout_closed, /* SCTP_CONNTRACK_CLOSED */ | ||
63 | &nf_ct_sctp_timeout_cookie_wait, /* SCTP_CONNTRACK_COOKIE_WAIT */ | ||
64 | &nf_ct_sctp_timeout_cookie_echoed, /* SCTP_CONNTRACK_COOKIE_ECHOED */ | ||
65 | &nf_ct_sctp_timeout_established, /* SCTP_CONNTRACK_ESTABLISHED */ | ||
66 | &nf_ct_sctp_timeout_shutdown_sent, /* SCTP_CONNTRACK_SHUTDOWN_SENT */ | ||
67 | &nf_ct_sctp_timeout_shutdown_recd, /* SCTP_CONNTRACK_SHUTDOWN_RECD */ | ||
68 | &nf_ct_sctp_timeout_shutdown_ack_sent /* SCTP_CONNTRACK_SHUTDOWN_ACK_SENT */ | ||
69 | }; | ||
70 | 61 | ||
71 | #define sNO SCTP_CONNTRACK_NONE | 62 | #define sNO SCTP_CONNTRACK_NONE |
72 | #define sCL SCTP_CONNTRACK_CLOSED | 63 | #define sCL SCTP_CONNTRACK_CLOSED |
@@ -380,7 +371,7 @@ static int sctp_packet(struct nf_conn *ct, | |||
380 | } | 371 | } |
381 | write_unlock_bh(&sctp_lock); | 372 | write_unlock_bh(&sctp_lock); |
382 | 373 | ||
383 | nf_ct_refresh_acct(ct, ctinfo, skb, *sctp_timeouts[new_state]); | 374 | nf_ct_refresh_acct(ct, ctinfo, skb, sctp_timeouts[new_state]); |
384 | 375 | ||
385 | if (old_state == SCTP_CONNTRACK_COOKIE_ECHOED && | 376 | if (old_state == SCTP_CONNTRACK_COOKIE_ECHOED && |
386 | dir == IP_CT_DIR_REPLY && | 377 | dir == IP_CT_DIR_REPLY && |
@@ -474,49 +465,49 @@ static struct ctl_table_header *sctp_sysctl_header; | |||
474 | static struct ctl_table sctp_sysctl_table[] = { | 465 | static struct ctl_table sctp_sysctl_table[] = { |
475 | { | 466 | { |
476 | .procname = "nf_conntrack_sctp_timeout_closed", | 467 | .procname = "nf_conntrack_sctp_timeout_closed", |
477 | .data = &nf_ct_sctp_timeout_closed, | 468 | .data = &sctp_timeouts[SCTP_CONNTRACK_CLOSED], |
478 | .maxlen = sizeof(unsigned int), | 469 | .maxlen = sizeof(unsigned int), |
479 | .mode = 0644, | 470 | .mode = 0644, |
480 | .proc_handler = &proc_dointvec_jiffies, | 471 | .proc_handler = &proc_dointvec_jiffies, |
481 | }, | 472 | }, |
482 | { | 473 | { |
483 | .procname = "nf_conntrack_sctp_timeout_cookie_wait", | 474 | .procname = "nf_conntrack_sctp_timeout_cookie_wait", |
484 | .data = &nf_ct_sctp_timeout_cookie_wait, | 475 | .data = &sctp_timeouts[SCTP_CONNTRACK_COOKIE_WAIT], |
485 | .maxlen = sizeof(unsigned int), | 476 | .maxlen = sizeof(unsigned int), |
486 | .mode = 0644, | 477 | .mode = 0644, |
487 | .proc_handler = &proc_dointvec_jiffies, | 478 | .proc_handler = &proc_dointvec_jiffies, |
488 | }, | 479 | }, |
489 | { | 480 | { |
490 | .procname = "nf_conntrack_sctp_timeout_cookie_echoed", | 481 | .procname = "nf_conntrack_sctp_timeout_cookie_echoed", |
491 | .data = &nf_ct_sctp_timeout_cookie_echoed, | 482 | .data = &sctp_timeouts[SCTP_CONNTRACK_COOKIE_ECHOED], |
492 | .maxlen = sizeof(unsigned int), | 483 | .maxlen = sizeof(unsigned int), |
493 | .mode = 0644, | 484 | .mode = 0644, |
494 | .proc_handler = &proc_dointvec_jiffies, | 485 | .proc_handler = &proc_dointvec_jiffies, |
495 | }, | 486 | }, |
496 | { | 487 | { |
497 | .procname = "nf_conntrack_sctp_timeout_established", | 488 | .procname = "nf_conntrack_sctp_timeout_established", |
498 | .data = &nf_ct_sctp_timeout_established, | 489 | .data = &sctp_timeouts[SCTP_CONNTRACK_ESTABLISHED], |
499 | .maxlen = sizeof(unsigned int), | 490 | .maxlen = sizeof(unsigned int), |
500 | .mode = 0644, | 491 | .mode = 0644, |
501 | .proc_handler = &proc_dointvec_jiffies, | 492 | .proc_handler = &proc_dointvec_jiffies, |
502 | }, | 493 | }, |
503 | { | 494 | { |
504 | .procname = "nf_conntrack_sctp_timeout_shutdown_sent", | 495 | .procname = "nf_conntrack_sctp_timeout_shutdown_sent", |
505 | .data = &nf_ct_sctp_timeout_shutdown_sent, | 496 | .data = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_SENT], |
506 | .maxlen = sizeof(unsigned int), | 497 | .maxlen = sizeof(unsigned int), |
507 | .mode = 0644, | 498 | .mode = 0644, |
508 | .proc_handler = &proc_dointvec_jiffies, | 499 | .proc_handler = &proc_dointvec_jiffies, |
509 | }, | 500 | }, |
510 | { | 501 | { |
511 | .procname = "nf_conntrack_sctp_timeout_shutdown_recd", | 502 | .procname = "nf_conntrack_sctp_timeout_shutdown_recd", |
512 | .data = &nf_ct_sctp_timeout_shutdown_recd, | 503 | .data = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_RECD], |
513 | .maxlen = sizeof(unsigned int), | 504 | .maxlen = sizeof(unsigned int), |
514 | .mode = 0644, | 505 | .mode = 0644, |
515 | .proc_handler = &proc_dointvec_jiffies, | 506 | .proc_handler = &proc_dointvec_jiffies, |
516 | }, | 507 | }, |
517 | { | 508 | { |
518 | .procname = "nf_conntrack_sctp_timeout_shutdown_ack_sent", | 509 | .procname = "nf_conntrack_sctp_timeout_shutdown_ack_sent", |
519 | .data = &nf_ct_sctp_timeout_shutdown_ack_sent, | 510 | .data = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_ACK_SENT], |
520 | .maxlen = sizeof(unsigned int), | 511 | .maxlen = sizeof(unsigned int), |
521 | .mode = 0644, | 512 | .mode = 0644, |
522 | .proc_handler = &proc_dointvec_jiffies, | 513 | .proc_handler = &proc_dointvec_jiffies, |
@@ -530,49 +521,49 @@ static struct ctl_table sctp_sysctl_table[] = { | |||
530 | static struct ctl_table sctp_compat_sysctl_table[] = { | 521 | static struct ctl_table sctp_compat_sysctl_table[] = { |
531 | { | 522 | { |
532 | .procname = "ip_conntrack_sctp_timeout_closed", | 523 | .procname = "ip_conntrack_sctp_timeout_closed", |
533 | .data = &nf_ct_sctp_timeout_closed, | 524 | .data = &sctp_timeouts[SCTP_CONNTRACK_CLOSED], |
534 | .maxlen = sizeof(unsigned int), | 525 | .maxlen = sizeof(unsigned int), |
535 | .mode = 0644, | 526 | .mode = 0644, |
536 | .proc_handler = &proc_dointvec_jiffies, | 527 | .proc_handler = &proc_dointvec_jiffies, |
537 | }, | 528 | }, |
538 | { | 529 | { |
539 | .procname = "ip_conntrack_sctp_timeout_cookie_wait", | 530 | .procname = "ip_conntrack_sctp_timeout_cookie_wait", |
540 | .data = &nf_ct_sctp_timeout_cookie_wait, | 531 | .data = &sctp_timeouts[SCTP_CONNTRACK_COOKIE_WAIT], |
541 | .maxlen = sizeof(unsigned int), | 532 | .maxlen = sizeof(unsigned int), |
542 | .mode = 0644, | 533 | .mode = 0644, |
543 | .proc_handler = &proc_dointvec_jiffies, | 534 | .proc_handler = &proc_dointvec_jiffies, |
544 | }, | 535 | }, |
545 | { | 536 | { |
546 | .procname = "ip_conntrack_sctp_timeout_cookie_echoed", | 537 | .procname = "ip_conntrack_sctp_timeout_cookie_echoed", |
547 | .data = &nf_ct_sctp_timeout_cookie_echoed, | 538 | .data = &sctp_timeouts[SCTP_CONNTRACK_COOKIE_ECHOED], |
548 | .maxlen = sizeof(unsigned int), | 539 | .maxlen = sizeof(unsigned int), |
549 | .mode = 0644, | 540 | .mode = 0644, |
550 | .proc_handler = &proc_dointvec_jiffies, | 541 | .proc_handler = &proc_dointvec_jiffies, |
551 | }, | 542 | }, |
552 | { | 543 | { |
553 | .procname = "ip_conntrack_sctp_timeout_established", | 544 | .procname = "ip_conntrack_sctp_timeout_established", |
554 | .data = &nf_ct_sctp_timeout_established, | 545 | .data = &sctp_timeouts[SCTP_CONNTRACK_ESTABLISHED], |
555 | .maxlen = sizeof(unsigned int), | 546 | .maxlen = sizeof(unsigned int), |
556 | .mode = 0644, | 547 | .mode = 0644, |
557 | .proc_handler = &proc_dointvec_jiffies, | 548 | .proc_handler = &proc_dointvec_jiffies, |
558 | }, | 549 | }, |
559 | { | 550 | { |
560 | .procname = "ip_conntrack_sctp_timeout_shutdown_sent", | 551 | .procname = "ip_conntrack_sctp_timeout_shutdown_sent", |
561 | .data = &nf_ct_sctp_timeout_shutdown_sent, | 552 | .data = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_SENT], |
562 | .maxlen = sizeof(unsigned int), | 553 | .maxlen = sizeof(unsigned int), |
563 | .mode = 0644, | 554 | .mode = 0644, |
564 | .proc_handler = &proc_dointvec_jiffies, | 555 | .proc_handler = &proc_dointvec_jiffies, |
565 | }, | 556 | }, |
566 | { | 557 | { |
567 | .procname = "ip_conntrack_sctp_timeout_shutdown_recd", | 558 | .procname = "ip_conntrack_sctp_timeout_shutdown_recd", |
568 | .data = &nf_ct_sctp_timeout_shutdown_recd, | 559 | .data = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_RECD], |
569 | .maxlen = sizeof(unsigned int), | 560 | .maxlen = sizeof(unsigned int), |
570 | .mode = 0644, | 561 | .mode = 0644, |
571 | .proc_handler = &proc_dointvec_jiffies, | 562 | .proc_handler = &proc_dointvec_jiffies, |
572 | }, | 563 | }, |
573 | { | 564 | { |
574 | .procname = "ip_conntrack_sctp_timeout_shutdown_ack_sent", | 565 | .procname = "ip_conntrack_sctp_timeout_shutdown_ack_sent", |
575 | .data = &nf_ct_sctp_timeout_shutdown_ack_sent, | 566 | .data = &sctp_timeouts[SCTP_CONNTRACK_SHUTDOWN_ACK_SENT], |
576 | .maxlen = sizeof(unsigned int), | 567 | .maxlen = sizeof(unsigned int), |
577 | .mode = 0644, | 568 | .mode = 0644, |
578 | .proc_handler = &proc_dointvec_jiffies, | 569 | .proc_handler = &proc_dointvec_jiffies, |