aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter/ip_conntrack_core.c6
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_generic.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_icmp.c2
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_sctp.c14
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_tcp.c24
-rw-r--r--net/ipv4/netfilter/ip_conntrack_proto_udp.c4
-rw-r--r--net/ipv4/netfilter/ip_conntrack_standalone.c4
-rw-r--r--net/ipv4/netfilter/ip_queue.c2
-rw-r--r--net/ipv4/netfilter/nf_conntrack_proto_icmp.c2
-rw-r--r--net/ipv6/netfilter/ip6_queue.c2
-rw-r--r--net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c2
-rw-r--r--net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c2
-rw-r--r--net/ipv6/netfilter/nf_conntrack_reasm.c6
-rw-r--r--net/netfilter/nf_conntrack_core.c6
-rw-r--r--net/netfilter/nf_conntrack_proto_generic.c2
-rw-r--r--net/netfilter/nf_conntrack_proto_sctp.c14
-rw-r--r--net/netfilter/nf_conntrack_proto_tcp.c24
-rw-r--r--net/netfilter/nf_conntrack_proto_udp.c4
-rw-r--r--net/netfilter/nf_conntrack_standalone.c2
19 files changed, 62 insertions, 62 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index aa459177c3f8..5da25ad50309 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -66,13 +66,13 @@ void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack) = NULL;
66LIST_HEAD(ip_conntrack_expect_list); 66LIST_HEAD(ip_conntrack_expect_list);
67struct ip_conntrack_protocol *ip_ct_protos[MAX_IP_CT_PROTO]; 67struct ip_conntrack_protocol *ip_ct_protos[MAX_IP_CT_PROTO];
68static LIST_HEAD(helpers); 68static LIST_HEAD(helpers);
69unsigned int ip_conntrack_htable_size = 0; 69unsigned int ip_conntrack_htable_size __read_mostly = 0;
70int ip_conntrack_max; 70int ip_conntrack_max __read_mostly;
71struct list_head *ip_conntrack_hash; 71struct list_head *ip_conntrack_hash;
72static kmem_cache_t *ip_conntrack_cachep __read_mostly; 72static kmem_cache_t *ip_conntrack_cachep __read_mostly;
73static kmem_cache_t *ip_conntrack_expect_cachep __read_mostly; 73static kmem_cache_t *ip_conntrack_expect_cachep __read_mostly;
74struct ip_conntrack ip_conntrack_untracked; 74struct ip_conntrack ip_conntrack_untracked;
75unsigned int ip_ct_log_invalid; 75unsigned int ip_ct_log_invalid __read_mostly;
76static LIST_HEAD(unconfirmed); 76static LIST_HEAD(unconfirmed);
77static int ip_conntrack_vmalloc; 77static int ip_conntrack_vmalloc;
78 78
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_generic.c b/net/ipv4/netfilter/ip_conntrack_proto_generic.c
index f891308b5e4c..36f2b5e5d80a 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_generic.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_generic.c
@@ -12,7 +12,7 @@
12#include <linux/netfilter.h> 12#include <linux/netfilter.h>
13#include <linux/netfilter_ipv4/ip_conntrack_protocol.h> 13#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
14 14
15unsigned int ip_ct_generic_timeout = 600*HZ; 15unsigned int ip_ct_generic_timeout __read_mostly = 600*HZ;
16 16
17static int generic_pkt_to_tuple(const struct sk_buff *skb, 17static int generic_pkt_to_tuple(const struct sk_buff *skb,
18 unsigned int dataoff, 18 unsigned int dataoff,
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
index 23f1c504586d..09c40ebe3345 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
@@ -21,7 +21,7 @@
21#include <linux/netfilter_ipv4/ip_conntrack_core.h> 21#include <linux/netfilter_ipv4/ip_conntrack_core.h>
22#include <linux/netfilter_ipv4/ip_conntrack_protocol.h> 22#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
23 23
24unsigned int ip_ct_icmp_timeout = 30*HZ; 24unsigned int ip_ct_icmp_timeout __read_mostly = 30*HZ;
25 25
26#if 0 26#if 0
27#define DEBUGP printk 27#define DEBUGP printk
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
index 2d3612cd5f18..b908a4842e18 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
@@ -58,13 +58,13 @@ static const char *sctp_conntrack_names[] = {
58#define HOURS * 60 MINS 58#define HOURS * 60 MINS
59#define DAYS * 24 HOURS 59#define DAYS * 24 HOURS
60 60
61static unsigned int ip_ct_sctp_timeout_closed = 10 SECS; 61static unsigned int ip_ct_sctp_timeout_closed __read_mostly = 10 SECS;
62static unsigned int ip_ct_sctp_timeout_cookie_wait = 3 SECS; 62static unsigned int ip_ct_sctp_timeout_cookie_wait __read_mostly = 3 SECS;
63static unsigned int ip_ct_sctp_timeout_cookie_echoed = 3 SECS; 63static unsigned int ip_ct_sctp_timeout_cookie_echoed __read_mostly = 3 SECS;
64static unsigned int ip_ct_sctp_timeout_established = 5 DAYS; 64static unsigned int ip_ct_sctp_timeout_established __read_mostly = 5 DAYS;
65static unsigned int ip_ct_sctp_timeout_shutdown_sent = 300 SECS / 1000; 65static unsigned int ip_ct_sctp_timeout_shutdown_sent __read_mostly = 300 SECS / 1000;
66static unsigned int ip_ct_sctp_timeout_shutdown_recd = 300 SECS / 1000; 66static unsigned int ip_ct_sctp_timeout_shutdown_recd __read_mostly = 300 SECS / 1000;
67static unsigned int ip_ct_sctp_timeout_shutdown_ack_sent = 3 SECS; 67static unsigned int ip_ct_sctp_timeout_shutdown_ack_sent __read_mostly = 3 SECS;
68 68
69static const unsigned int * sctp_timeouts[] 69static const unsigned int * sctp_timeouts[]
70= { NULL, /* SCTP_CONNTRACK_NONE */ 70= { NULL, /* SCTP_CONNTRACK_NONE */
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
index 9de81ff645d5..75a7237eb8c1 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -48,19 +48,19 @@ static DEFINE_RWLOCK(tcp_lock);
48/* "Be conservative in what you do, 48/* "Be conservative in what you do,
49 be liberal in what you accept from others." 49 be liberal in what you accept from others."
50 If it's non-zero, we mark only out of window RST segments as INVALID. */ 50 If it's non-zero, we mark only out of window RST segments as INVALID. */
51int ip_ct_tcp_be_liberal = 0; 51int ip_ct_tcp_be_liberal __read_mostly = 0;
52 52
53/* When connection is picked up from the middle, how many packets are required 53/* When connection is picked up from the middle, how many packets are required
54 to pass in each direction when we assume we are in sync - if any side uses 54 to pass in each direction when we assume we are in sync - if any side uses
55 window scaling, we lost the game. 55 window scaling, we lost the game.
56 If it is set to zero, we disable picking up already established 56 If it is set to zero, we disable picking up already established
57 connections. */ 57 connections. */
58int ip_ct_tcp_loose = 3; 58int ip_ct_tcp_loose __read_mostly = 3;
59 59
60/* Max number of the retransmitted packets without receiving an (acceptable) 60/* Max number of the retransmitted packets without receiving an (acceptable)
61 ACK from the destination. If this number is reached, a shorter timer 61 ACK from the destination. If this number is reached, a shorter timer
62 will be started. */ 62 will be started. */
63int ip_ct_tcp_max_retrans = 3; 63int ip_ct_tcp_max_retrans __read_mostly = 3;
64 64
65 /* FIXME: Examine ipfilter's timeouts and conntrack transitions more 65 /* FIXME: Examine ipfilter's timeouts and conntrack transitions more
66 closely. They're more complex. --RR */ 66 closely. They're more complex. --RR */
@@ -83,19 +83,19 @@ static const char *tcp_conntrack_names[] = {
83#define HOURS * 60 MINS 83#define HOURS * 60 MINS
84#define DAYS * 24 HOURS 84#define DAYS * 24 HOURS
85 85
86unsigned int ip_ct_tcp_timeout_syn_sent = 2 MINS; 86unsigned int ip_ct_tcp_timeout_syn_sent __read_mostly = 2 MINS;
87unsigned int ip_ct_tcp_timeout_syn_recv = 60 SECS; 87unsigned int ip_ct_tcp_timeout_syn_recv __read_mostly = 60 SECS;
88unsigned int ip_ct_tcp_timeout_established = 5 DAYS; 88unsigned int ip_ct_tcp_timeout_established __read_mostly = 5 DAYS;
89unsigned int ip_ct_tcp_timeout_fin_wait = 2 MINS; 89unsigned int ip_ct_tcp_timeout_fin_wait __read_mostly = 2 MINS;
90unsigned int ip_ct_tcp_timeout_close_wait = 60 SECS; 90unsigned int ip_ct_tcp_timeout_close_wait __read_mostly = 60 SECS;
91unsigned int ip_ct_tcp_timeout_last_ack = 30 SECS; 91unsigned int ip_ct_tcp_timeout_last_ack __read_mostly = 30 SECS;
92unsigned int ip_ct_tcp_timeout_time_wait = 2 MINS; 92unsigned int ip_ct_tcp_timeout_time_wait __read_mostly = 2 MINS;
93unsigned int ip_ct_tcp_timeout_close = 10 SECS; 93unsigned int ip_ct_tcp_timeout_close __read_mostly = 10 SECS;
94 94
95/* RFC1122 says the R2 limit should be at least 100 seconds. 95/* RFC1122 says the R2 limit should be at least 100 seconds.
96 Linux uses 15 packets as limit, which corresponds 96 Linux uses 15 packets as limit, which corresponds
97 to ~13-30min depending on RTO. */ 97 to ~13-30min depending on RTO. */
98unsigned int ip_ct_tcp_timeout_max_retrans = 5 MINS; 98unsigned int ip_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS;
99 99
100static const unsigned int * tcp_timeouts[] 100static const unsigned int * tcp_timeouts[]
101= { NULL, /* TCP_CONNTRACK_NONE */ 101= { NULL, /* TCP_CONNTRACK_NONE */
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_udp.c b/net/ipv4/netfilter/ip_conntrack_proto_udp.c
index e58e52f14553..d0e8a16970ec 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_udp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_udp.c
@@ -18,8 +18,8 @@
18#include <linux/netfilter_ipv4.h> 18#include <linux/netfilter_ipv4.h>
19#include <linux/netfilter_ipv4/ip_conntrack_protocol.h> 19#include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
20 20
21unsigned int ip_ct_udp_timeout = 30*HZ; 21unsigned int ip_ct_udp_timeout __read_mostly = 30*HZ;
22unsigned int ip_ct_udp_timeout_stream = 180*HZ; 22unsigned int ip_ct_udp_timeout_stream __read_mostly = 180*HZ;
23 23
24static int udp_pkt_to_tuple(const struct sk_buff *skb, 24static int udp_pkt_to_tuple(const struct sk_buff *skb,
25 unsigned int dataoff, 25 unsigned int dataoff,
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
index 7a9fa04a467a..3f5d495b853b 100644
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -534,7 +534,7 @@ static struct nf_hook_ops ip_conntrack_ops[] = {
534 534
535/* Sysctl support */ 535/* Sysctl support */
536 536
537int ip_conntrack_checksum = 1; 537int ip_conntrack_checksum __read_mostly = 1;
538 538
539#ifdef CONFIG_SYSCTL 539#ifdef CONFIG_SYSCTL
540 540
@@ -563,7 +563,7 @@ extern unsigned int ip_ct_udp_timeout_stream;
563/* From ip_conntrack_proto_icmp.c */ 563/* From ip_conntrack_proto_icmp.c */
564extern unsigned int ip_ct_icmp_timeout; 564extern unsigned int ip_ct_icmp_timeout;
565 565
566/* From ip_conntrack_proto_icmp.c */ 566/* From ip_conntrack_proto_generic.c */
567extern unsigned int ip_ct_generic_timeout; 567extern unsigned int ip_ct_generic_timeout;
568 568
569/* Log invalid packets of a given protocol */ 569/* Log invalid packets of a given protocol */
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index 276a964ee6cf..80060cbe4a07 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -53,7 +53,7 @@ struct ipq_queue_entry {
53typedef int (*ipq_cmpfn)(struct ipq_queue_entry *, unsigned long); 53typedef int (*ipq_cmpfn)(struct ipq_queue_entry *, unsigned long);
54 54
55static unsigned char copy_mode = IPQ_COPY_NONE; 55static unsigned char copy_mode = IPQ_COPY_NONE;
56static unsigned int queue_maxlen = IPQ_QMAX_DEFAULT; 56static unsigned int queue_maxlen __read_mostly = IPQ_QMAX_DEFAULT;
57static DEFINE_RWLOCK(queue_lock); 57static DEFINE_RWLOCK(queue_lock);
58static int peer_pid; 58static int peer_pid;
59static unsigned int copy_range; 59static unsigned int copy_range;
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index 663a73ee3f2f..790f00d500c3 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -25,7 +25,7 @@
25#include <net/netfilter/nf_conntrack_protocol.h> 25#include <net/netfilter/nf_conntrack_protocol.h>
26#include <net/netfilter/nf_conntrack_core.h> 26#include <net/netfilter/nf_conntrack_core.h>
27 27
28unsigned long nf_ct_icmp_timeout = 30*HZ; 28unsigned long nf_ct_icmp_timeout __read_mostly = 30*HZ;
29 29
30#if 0 30#if 0
31#define DEBUGP printk 31#define DEBUGP printk
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index c01c126224e2..d322e8395794 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -57,7 +57,7 @@ struct ipq_queue_entry {
57typedef int (*ipq_cmpfn)(struct ipq_queue_entry *, unsigned long); 57typedef int (*ipq_cmpfn)(struct ipq_queue_entry *, unsigned long);
58 58
59static unsigned char copy_mode = IPQ_COPY_NONE; 59static unsigned char copy_mode = IPQ_COPY_NONE;
60static unsigned int queue_maxlen = IPQ_QMAX_DEFAULT; 60static unsigned int queue_maxlen __read_mostly = IPQ_QMAX_DEFAULT;
61static DEFINE_RWLOCK(queue_lock); 61static DEFINE_RWLOCK(queue_lock);
62static int peer_pid; 62static int peer_pid;
63static unsigned int copy_range; 63static unsigned int copy_range;
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index c2ab38ff46af..e5e53fff9e38 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -335,7 +335,7 @@ static struct nf_hook_ops ipv6_conntrack_ops[] = {
335/* From nf_conntrack_proto_icmpv6.c */ 335/* From nf_conntrack_proto_icmpv6.c */
336extern unsigned int nf_ct_icmpv6_timeout; 336extern unsigned int nf_ct_icmpv6_timeout;
337 337
338/* From nf_conntrack_frag6.c */ 338/* From nf_conntrack_reasm.c */
339extern unsigned int nf_ct_frag6_timeout; 339extern unsigned int nf_ct_frag6_timeout;
340extern unsigned int nf_ct_frag6_low_thresh; 340extern unsigned int nf_ct_frag6_low_thresh;
341extern unsigned int nf_ct_frag6_high_thresh; 341extern unsigned int nf_ct_frag6_high_thresh;
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index ef18a7b7014b..34d447208ffd 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -33,7 +33,7 @@
33#include <net/netfilter/nf_conntrack_core.h> 33#include <net/netfilter/nf_conntrack_core.h>
34#include <net/netfilter/ipv6/nf_conntrack_icmpv6.h> 34#include <net/netfilter/ipv6/nf_conntrack_icmpv6.h>
35 35
36unsigned long nf_ct_icmpv6_timeout = 30*HZ; 36unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ;
37 37
38#if 0 38#if 0
39#define DEBUGP printk 39#define DEBUGP printk
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 7a4e4c2e3197..bf93c1ea6be9 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -54,9 +54,9 @@
54#define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */ 54#define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */
55#define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT 55#define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT
56 56
57unsigned int nf_ct_frag6_high_thresh = 256*1024; 57unsigned int nf_ct_frag6_high_thresh __read_mostly = 256*1024;
58unsigned int nf_ct_frag6_low_thresh = 192*1024; 58unsigned int nf_ct_frag6_low_thresh __read_mostly = 192*1024;
59unsigned long nf_ct_frag6_timeout = IPV6_FRAG_TIMEOUT; 59unsigned long nf_ct_frag6_timeout __read_mostly = IPV6_FRAG_TIMEOUT;
60 60
61struct nf_ct_frag6_skb_cb 61struct nf_ct_frag6_skb_cb
62{ 62{
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 8f2261965a68..3b64dbee6620 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -77,12 +77,12 @@ LIST_HEAD(nf_conntrack_expect_list);
77struct nf_conntrack_protocol **nf_ct_protos[PF_MAX]; 77struct nf_conntrack_protocol **nf_ct_protos[PF_MAX];
78struct nf_conntrack_l3proto *nf_ct_l3protos[PF_MAX]; 78struct nf_conntrack_l3proto *nf_ct_l3protos[PF_MAX];
79static LIST_HEAD(helpers); 79static LIST_HEAD(helpers);
80unsigned int nf_conntrack_htable_size = 0; 80unsigned int nf_conntrack_htable_size __read_mostly = 0;
81int nf_conntrack_max; 81int nf_conntrack_max __read_mostly;
82struct list_head *nf_conntrack_hash; 82struct list_head *nf_conntrack_hash;
83static kmem_cache_t *nf_conntrack_expect_cachep; 83static kmem_cache_t *nf_conntrack_expect_cachep;
84struct nf_conn nf_conntrack_untracked; 84struct nf_conn nf_conntrack_untracked;
85unsigned int nf_ct_log_invalid; 85unsigned int nf_ct_log_invalid __read_mostly;
86static LIST_HEAD(unconfirmed); 86static LIST_HEAD(unconfirmed);
87static int nf_conntrack_vmalloc; 87static int nf_conntrack_vmalloc;
88 88
diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c
index 46bc27e2756d..26408bb0955b 100644
--- a/net/netfilter/nf_conntrack_proto_generic.c
+++ b/net/netfilter/nf_conntrack_proto_generic.c
@@ -17,7 +17,7 @@
17#include <linux/netfilter.h> 17#include <linux/netfilter.h>
18#include <net/netfilter/nf_conntrack_protocol.h> 18#include <net/netfilter/nf_conntrack_protocol.h>
19 19
20unsigned int nf_ct_generic_timeout = 600*HZ; 20unsigned int nf_ct_generic_timeout __read_mostly = 600*HZ;
21 21
22static int generic_pkt_to_tuple(const struct sk_buff *skb, 22static int generic_pkt_to_tuple(const struct sk_buff *skb,
23 unsigned int dataoff, 23 unsigned int dataoff,
diff --git a/net/netfilter/nf_conntrack_proto_sctp.c b/net/netfilter/nf_conntrack_proto_sctp.c
index 9bd8a7877fd5..af568777372b 100644
--- a/net/netfilter/nf_conntrack_proto_sctp.c
+++ b/net/netfilter/nf_conntrack_proto_sctp.c
@@ -64,13 +64,13 @@ static const char *sctp_conntrack_names[] = {
64#define HOURS * 60 MINS 64#define HOURS * 60 MINS
65#define DAYS * 24 HOURS 65#define DAYS * 24 HOURS
66 66
67static unsigned int nf_ct_sctp_timeout_closed = 10 SECS; 67static unsigned int nf_ct_sctp_timeout_closed __read_mostly = 10 SECS;
68static unsigned int nf_ct_sctp_timeout_cookie_wait = 3 SECS; 68static unsigned int nf_ct_sctp_timeout_cookie_wait __read_mostly = 3 SECS;
69static unsigned int nf_ct_sctp_timeout_cookie_echoed = 3 SECS; 69static unsigned int nf_ct_sctp_timeout_cookie_echoed __read_mostly = 3 SECS;
70static unsigned int nf_ct_sctp_timeout_established = 5 DAYS; 70static unsigned int nf_ct_sctp_timeout_established __read_mostly = 5 DAYS;
71static unsigned int nf_ct_sctp_timeout_shutdown_sent = 300 SECS / 1000; 71static unsigned int nf_ct_sctp_timeout_shutdown_sent __read_mostly = 300 SECS / 1000;
72static unsigned int nf_ct_sctp_timeout_shutdown_recd = 300 SECS / 1000; 72static unsigned int nf_ct_sctp_timeout_shutdown_recd __read_mostly = 300 SECS / 1000;
73static unsigned int nf_ct_sctp_timeout_shutdown_ack_sent = 3 SECS; 73static unsigned int nf_ct_sctp_timeout_shutdown_ack_sent __read_mostly = 3 SECS;
74 74
75static unsigned int * sctp_timeouts[] 75static unsigned int * sctp_timeouts[]
76= { NULL, /* SCTP_CONNTRACK_NONE */ 76= { NULL, /* SCTP_CONNTRACK_NONE */
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 308d2abd7ee5..9fc0ee61f92a 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -57,19 +57,19 @@ static DEFINE_RWLOCK(tcp_lock);
57/* "Be conservative in what you do, 57/* "Be conservative in what you do,
58 be liberal in what you accept from others." 58 be liberal in what you accept from others."
59 If it's non-zero, we mark only out of window RST segments as INVALID. */ 59 If it's non-zero, we mark only out of window RST segments as INVALID. */
60int nf_ct_tcp_be_liberal = 0; 60int nf_ct_tcp_be_liberal __read_mostly = 0;
61 61
62/* When connection is picked up from the middle, how many packets are required 62/* When connection is picked up from the middle, how many packets are required
63 to pass in each direction when we assume we are in sync - if any side uses 63 to pass in each direction when we assume we are in sync - if any side uses
64 window scaling, we lost the game. 64 window scaling, we lost the game.
65 If it is set to zero, we disable picking up already established 65 If it is set to zero, we disable picking up already established
66 connections. */ 66 connections. */
67int nf_ct_tcp_loose = 3; 67int nf_ct_tcp_loose __read_mostly = 3;
68 68
69/* Max number of the retransmitted packets without receiving an (acceptable) 69/* Max number of the retransmitted packets without receiving an (acceptable)
70 ACK from the destination. If this number is reached, a shorter timer 70 ACK from the destination. If this number is reached, a shorter timer
71 will be started. */ 71 will be started. */
72int nf_ct_tcp_max_retrans = 3; 72int nf_ct_tcp_max_retrans __read_mostly = 3;
73 73
74 /* FIXME: Examine ipfilter's timeouts and conntrack transitions more 74 /* FIXME: Examine ipfilter's timeouts and conntrack transitions more
75 closely. They're more complex. --RR */ 75 closely. They're more complex. --RR */
@@ -92,19 +92,19 @@ static const char *tcp_conntrack_names[] = {
92#define HOURS * 60 MINS 92#define HOURS * 60 MINS
93#define DAYS * 24 HOURS 93#define DAYS * 24 HOURS
94 94
95unsigned int nf_ct_tcp_timeout_syn_sent = 2 MINS; 95unsigned int nf_ct_tcp_timeout_syn_sent __read_mostly = 2 MINS;
96unsigned int nf_ct_tcp_timeout_syn_recv = 60 SECS; 96unsigned int nf_ct_tcp_timeout_syn_recv __read_mostly = 60 SECS;
97unsigned int nf_ct_tcp_timeout_established = 5 DAYS; 97unsigned int nf_ct_tcp_timeout_established __read_mostly = 5 DAYS;
98unsigned int nf_ct_tcp_timeout_fin_wait = 2 MINS; 98unsigned int nf_ct_tcp_timeout_fin_wait __read_mostly = 2 MINS;
99unsigned int nf_ct_tcp_timeout_close_wait = 60 SECS; 99unsigned int nf_ct_tcp_timeout_close_wait __read_mostly = 60 SECS;
100unsigned int nf_ct_tcp_timeout_last_ack = 30 SECS; 100unsigned int nf_ct_tcp_timeout_last_ack __read_mostly = 30 SECS;
101unsigned int nf_ct_tcp_timeout_time_wait = 2 MINS; 101unsigned int nf_ct_tcp_timeout_time_wait __read_mostly = 2 MINS;
102unsigned int nf_ct_tcp_timeout_close = 10 SECS; 102unsigned int nf_ct_tcp_timeout_close __read_mostly = 10 SECS;
103 103
104/* RFC1122 says the R2 limit should be at least 100 seconds. 104/* RFC1122 says the R2 limit should be at least 100 seconds.
105 Linux uses 15 packets as limit, which corresponds 105 Linux uses 15 packets as limit, which corresponds
106 to ~13-30min depending on RTO. */ 106 to ~13-30min depending on RTO. */
107unsigned int nf_ct_tcp_timeout_max_retrans = 5 MINS; 107unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS;
108 108
109static unsigned int * tcp_timeouts[] 109static unsigned int * tcp_timeouts[]
110= { NULL, /* TCP_CONNTRACK_NONE */ 110= { NULL, /* TCP_CONNTRACK_NONE */
diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
index d36e03139e8b..d28981cf9af5 100644
--- a/net/netfilter/nf_conntrack_proto_udp.c
+++ b/net/netfilter/nf_conntrack_proto_udp.c
@@ -27,8 +27,8 @@
27#include <linux/netfilter_ipv6.h> 27#include <linux/netfilter_ipv6.h>
28#include <net/netfilter/nf_conntrack_protocol.h> 28#include <net/netfilter/nf_conntrack_protocol.h>
29 29
30unsigned int nf_ct_udp_timeout = 30*HZ; 30unsigned int nf_ct_udp_timeout __read_mostly = 30*HZ;
31unsigned int nf_ct_udp_timeout_stream = 180*HZ; 31unsigned int nf_ct_udp_timeout_stream __read_mostly = 180*HZ;
32 32
33static int udp_pkt_to_tuple(const struct sk_buff *skb, 33static int udp_pkt_to_tuple(const struct sk_buff *skb,
34 unsigned int dataoff, 34 unsigned int dataoff,
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 4ef836699962..9a1de0ca475b 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -428,7 +428,7 @@ static struct file_operations ct_cpu_seq_fops = {
428 428
429/* Sysctl support */ 429/* Sysctl support */
430 430
431int nf_conntrack_checksum = 1; 431int nf_conntrack_checksum __read_mostly = 1;
432 432
433#ifdef CONFIG_SYSCTL 433#ifdef CONFIG_SYSCTL
434 434
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-16 07:52:05 -0500