mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-09 14:50:19 +00:00
[NETNS][FRAGS]: Make the net.ipv4.ipfrag_timeout work in namespaces.
Move it to the netns_frags, adjust the usage and make the appropriate ctl table writable. Now fragment, that live in different namespaces can live for different times. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Pavel Emelyanov
David S. Miller
parent
e4a2d5c2bc
commit
b2fd5321dd
@ -4,6 +4,9 @@
|
|||||||
struct netns_frags {
|
struct netns_frags {
|
||||||
int nqueues;
|
int nqueues;
|
||||||
atomic_t mem;
|
atomic_t mem;
|
||||||
|
|
||||||
|
/* sysctls */
|
||||||
|
int timeout;
|
||||||
};
|
};
|
||||||
|
|
||||||
struct inet_frag_queue {
|
struct inet_frag_queue {
|
||||||
@ -29,7 +32,6 @@ struct inet_frag_queue {
|
|||||||
struct inet_frags_ctl {
|
struct inet_frags_ctl {
|
||||||
int high_thresh;
|
int high_thresh;
|
||||||
int low_thresh;
|
int low_thresh;
|
||||||
int timeout;
|
|
||||||
int secret_interval;
|
int secret_interval;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@ -206,7 +206,7 @@ static struct inet_frag_queue *inet_frag_intern(struct netns_frags *nf,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
qp = qp_in;
|
qp = qp_in;
|
||||||
if (!mod_timer(&qp->timer, jiffies + f->ctl->timeout))
|
if (!mod_timer(&qp->timer, jiffies + nf->timeout))
|
||||||
atomic_inc(&qp->refcnt);
|
atomic_inc(&qp->refcnt);
|
||||||
|
|
||||||
atomic_inc(&qp->refcnt);
|
atomic_inc(&qp->refcnt);
|
||||||
|
|||||||
@ -83,13 +83,6 @@ static struct inet_frags_ctl ip4_frags_ctl __read_mostly = {
|
|||||||
*/
|
*/
|
||||||
.high_thresh = 256 * 1024,
|
.high_thresh = 256 * 1024,
|
||||||
.low_thresh = 192 * 1024,
|
.low_thresh = 192 * 1024,
|
||||||
|
|
||||||
/*
|
|
||||||
* Important NOTE! Fragment queue must be destroyed before MSL expires.
|
|
||||||
* RFC791 is wrong proposing to prolongate timer each fragment arrival
|
|
||||||
* by TTL.
|
|
||||||
*/
|
|
||||||
.timeout = IP_FRAG_TIME,
|
|
||||||
.secret_interval = 10 * 60 * HZ,
|
.secret_interval = 10 * 60 * HZ,
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -287,7 +280,7 @@ static int ip_frag_reinit(struct ipq *qp)
|
|||||||
{
|
{
|
||||||
struct sk_buff *fp;
|
struct sk_buff *fp;
|
||||||
|
|
||||||
if (!mod_timer(&qp->q.timer, jiffies + ip4_frags_ctl.timeout)) {
|
if (!mod_timer(&qp->q.timer, jiffies + qp->q.net->timeout)) {
|
||||||
atomic_inc(&qp->q.refcnt);
|
atomic_inc(&qp->q.refcnt);
|
||||||
return -ETIMEDOUT;
|
return -ETIMEDOUT;
|
||||||
}
|
}
|
||||||
@ -633,7 +626,7 @@ static struct ctl_table ip4_frags_ctl_table[] = {
|
|||||||
{
|
{
|
||||||
.ctl_name = NET_IPV4_IPFRAG_TIME,
|
.ctl_name = NET_IPV4_IPFRAG_TIME,
|
||||||
.procname = "ipfrag_time",
|
.procname = "ipfrag_time",
|
||||||
.data = &ip4_frags_ctl.timeout,
|
.data = &init_net.ipv4.frags.timeout,
|
||||||
.maxlen = sizeof(int),
|
.maxlen = sizeof(int),
|
||||||
.mode = 0644,
|
.mode = 0644,
|
||||||
.proc_handler = &proc_dointvec_jiffies,
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
@ -672,7 +665,7 @@ static int ip4_frags_ctl_register(struct net *net)
|
|||||||
|
|
||||||
table[0].mode &= ~0222;
|
table[0].mode &= ~0222;
|
||||||
table[1].mode &= ~0222;
|
table[1].mode &= ~0222;
|
||||||
table[2].mode &= ~0222;
|
table[2].data = &net->ipv4.frags.timeout;
|
||||||
table[3].mode &= ~0222;
|
table[3].mode &= ~0222;
|
||||||
table[4].mode &= ~0222;
|
table[4].mode &= ~0222;
|
||||||
}
|
}
|
||||||
@ -712,6 +705,13 @@ static inline void ip4_frags_ctl_unregister(struct net *net)
|
|||||||
|
|
||||||
static int ipv4_frags_init_net(struct net *net)
|
static int ipv4_frags_init_net(struct net *net)
|
||||||
{
|
{
|
||||||
|
/*
|
||||||
|
* Important NOTE! Fragment queue must be destroyed before MSL expires.
|
||||||
|
* RFC791 is wrong proposing to prolongate timer each fragment arrival
|
||||||
|
* by TTL.
|
||||||
|
*/
|
||||||
|
net->ipv4.frags.timeout = IP_FRAG_TIME;
|
||||||
|
|
||||||
inet_frags_init_net(&net->ipv4.frags);
|
inet_frags_init_net(&net->ipv4.frags);
|
||||||
|
|
||||||
return ip4_frags_ctl_register(net);
|
return ip4_frags_ctl_register(net);
|
||||||
|
|||||||
@ -73,7 +73,6 @@ struct nf_ct_frag6_queue
|
|||||||
static struct inet_frags_ctl nf_frags_ctl __read_mostly = {
|
static struct inet_frags_ctl nf_frags_ctl __read_mostly = {
|
||||||
.high_thresh = 256 * 1024,
|
.high_thresh = 256 * 1024,
|
||||||
.low_thresh = 192 * 1024,
|
.low_thresh = 192 * 1024,
|
||||||
.timeout = IPV6_FRAG_TIMEOUT,
|
|
||||||
.secret_interval = 10 * 60 * HZ,
|
.secret_interval = 10 * 60 * HZ,
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -84,7 +83,7 @@ static struct netns_frags nf_init_frags;
|
|||||||
struct ctl_table nf_ct_ipv6_sysctl_table[] = {
|
struct ctl_table nf_ct_ipv6_sysctl_table[] = {
|
||||||
{
|
{
|
||||||
.procname = "nf_conntrack_frag6_timeout",
|
.procname = "nf_conntrack_frag6_timeout",
|
||||||
.data = &nf_frags_ctl.timeout,
|
.data = &nf_init_frags.timeout,
|
||||||
.maxlen = sizeof(unsigned int),
|
.maxlen = sizeof(unsigned int),
|
||||||
.mode = 0644,
|
.mode = 0644,
|
||||||
.proc_handler = &proc_dointvec_jiffies,
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
@ -712,6 +711,7 @@ int nf_ct_frag6_init(void)
|
|||||||
nf_frags.qsize = sizeof(struct nf_ct_frag6_queue);
|
nf_frags.qsize = sizeof(struct nf_ct_frag6_queue);
|
||||||
nf_frags.match = ip6_frag_match;
|
nf_frags.match = ip6_frag_match;
|
||||||
nf_frags.frag_expire = nf_ct_frag6_expire;
|
nf_frags.frag_expire = nf_ct_frag6_expire;
|
||||||
|
nf_init_frags.timeout = IPV6_FRAG_TIMEOUT;
|
||||||
inet_frags_init_net(&nf_init_frags);
|
inet_frags_init_net(&nf_init_frags);
|
||||||
inet_frags_init(&nf_frags);
|
inet_frags_init(&nf_frags);
|
||||||
|
|
||||||
|
|||||||
@ -650,7 +650,7 @@ static struct ctl_table ip6_frags_ctl_table[] = {
|
|||||||
{
|
{
|
||||||
.ctl_name = NET_IPV6_IP6FRAG_TIME,
|
.ctl_name = NET_IPV6_IP6FRAG_TIME,
|
||||||
.procname = "ip6frag_time",
|
.procname = "ip6frag_time",
|
||||||
.data = &init_net.ipv6.sysctl.frags.timeout,
|
.data = &init_net.ipv6.frags.timeout,
|
||||||
.maxlen = sizeof(int),
|
.maxlen = sizeof(int),
|
||||||
.mode = 0644,
|
.mode = 0644,
|
||||||
.proc_handler = &proc_dointvec_jiffies,
|
.proc_handler = &proc_dointvec_jiffies,
|
||||||
@ -681,7 +681,7 @@ static int ip6_frags_sysctl_register(struct net *net)
|
|||||||
|
|
||||||
table[0].mode &= ~0222;
|
table[0].mode &= ~0222;
|
||||||
table[1].mode &= ~0222;
|
table[1].mode &= ~0222;
|
||||||
table[2].mode &= ~0222;
|
table[2].data = &net->ipv6.frags.timeout;
|
||||||
table[3].mode &= ~0222;
|
table[3].mode &= ~0222;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -724,7 +724,7 @@ static int ipv6_frags_init_net(struct net *net)
|
|||||||
|
|
||||||
net->ipv6.sysctl.frags.high_thresh = 256 * 1024;
|
net->ipv6.sysctl.frags.high_thresh = 256 * 1024;
|
||||||
net->ipv6.sysctl.frags.low_thresh = 192 * 1024;
|
net->ipv6.sysctl.frags.low_thresh = 192 * 1024;
|
||||||
net->ipv6.sysctl.frags.timeout = IPV6_FRAG_TIMEOUT;
|
net->ipv6.frags.timeout = IPV6_FRAG_TIMEOUT;
|
||||||
net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ;
|
net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ;
|
||||||
|
|
||||||
inet_frags_init_net(&net->ipv6.frags);
|
inet_frags_init_net(&net->ipv6.frags);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user