Commit e71e0349 authored by Daniel Lezcano's avatar Daniel Lezcano Committed by David S. Miller

[NETNS][IPV6]: Make ip6_frags per namespace.

The ip6_frags is moved to the network namespace structure.  Because
there can be multiple instances of the network namespaces, and the
ip6_frags is no longer a global static variable, a helper function has
been added to facilitate the initialization of the variables.

Until the ipv6 protocol is not per namespace, the variables are
accessed relatively from the initial network namespace.
Signed-off-by: default avatarDaniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 99bc9c4e
...@@ -572,9 +572,6 @@ extern int inet6_hash_connect(struct inet_timewait_death_row *death_row, ...@@ -572,9 +572,6 @@ extern int inet6_hash_connect(struct inet_timewait_death_row *death_row,
/* /*
* reassembly.c * reassembly.c
*/ */
struct inet_frags_ctl;
extern struct inet_frags_ctl ip6_frags_ctl;
extern const struct proto_ops inet6_stream_ops; extern const struct proto_ops inet6_stream_ops;
extern const struct proto_ops inet6_dgram_ops; extern const struct proto_ops inet6_dgram_ops;
......
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
* ipv6 in net namespaces * ipv6 in net namespaces
*/ */
#include <net/inet_frag.h>
#ifndef __NETNS_IPV6_H__ #ifndef __NETNS_IPV6_H__
#define __NETNS_IPV6_H__ #define __NETNS_IPV6_H__
...@@ -11,6 +13,7 @@ struct netns_sysctl_ipv6 { ...@@ -11,6 +13,7 @@ struct netns_sysctl_ipv6 {
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
struct ctl_table_header *table; struct ctl_table_header *table;
#endif #endif
struct inet_frags_ctl frags;
int bindv6only; int bindv6only;
}; };
......
...@@ -72,6 +72,8 @@ MODULE_LICENSE("GPL"); ...@@ -72,6 +72,8 @@ MODULE_LICENSE("GPL");
static struct list_head inetsw6[SOCK_MAX]; static struct list_head inetsw6[SOCK_MAX];
static DEFINE_SPINLOCK(inetsw6_lock); static DEFINE_SPINLOCK(inetsw6_lock);
void ipv6_frag_sysctl_init(struct net *net);
static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk) static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk)
{ {
const int offset = sk->sk_prot->obj_size - sizeof(struct ipv6_pinfo); const int offset = sk->sk_prot->obj_size - sizeof(struct ipv6_pinfo);
...@@ -720,6 +722,12 @@ static void cleanup_ipv6_mibs(void) ...@@ -720,6 +722,12 @@ static void cleanup_ipv6_mibs(void)
static int inet6_net_init(struct net *net) static int inet6_net_init(struct net *net)
{ {
net->ipv6.sysctl.bindv6only = 0; net->ipv6.sysctl.bindv6only = 0;
net->ipv6.sysctl.frags.high_thresh = 256 * 1024;
net->ipv6.sysctl.frags.low_thresh = 192 * 1024;
net->ipv6.sysctl.frags.timeout = IPV6_FRAG_TIMEOUT;
net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ;
ipv6_frag_sysctl_init(net);
return 0; return 0;
} }
......
...@@ -82,13 +82,6 @@ struct frag_queue ...@@ -82,13 +82,6 @@ struct frag_queue
__u16 nhoffset; __u16 nhoffset;
}; };
struct inet_frags_ctl ip6_frags_ctl __read_mostly = {
.high_thresh = 256 * 1024,
.low_thresh = 192 * 1024,
.timeout = IPV6_FRAG_TIMEOUT,
.secret_interval = 10 * 60 * HZ,
};
static struct inet_frags ip6_frags; static struct inet_frags ip6_frags;
int ip6_frag_nqueues(void) int ip6_frag_nqueues(void)
...@@ -605,7 +598,7 @@ static int ipv6_frag_rcv(struct sk_buff *skb) ...@@ -605,7 +598,7 @@ static int ipv6_frag_rcv(struct sk_buff *skb)
return 1; return 1;
} }
if (atomic_read(&ip6_frags.mem) > ip6_frags_ctl.high_thresh) if (atomic_read(&ip6_frags.mem) > init_net.ipv6.sysctl.frags.high_thresh)
ip6_evictor(ip6_dst_idev(skb->dst)); ip6_evictor(ip6_dst_idev(skb->dst));
if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr, if ((fq = fq_find(fhdr->identification, &hdr->saddr, &hdr->daddr,
...@@ -632,6 +625,11 @@ static struct inet6_protocol frag_protocol = ...@@ -632,6 +625,11 @@ static struct inet6_protocol frag_protocol =
.flags = INET6_PROTO_NOPOLICY, .flags = INET6_PROTO_NOPOLICY,
}; };
void ipv6_frag_sysctl_init(struct net *net)
{
ip6_frags.ctl = &net->ipv6.sysctl.frags;
}
int __init ipv6_frag_init(void) int __init ipv6_frag_init(void)
{ {
int ret; int ret;
...@@ -639,7 +637,7 @@ int __init ipv6_frag_init(void) ...@@ -639,7 +637,7 @@ int __init ipv6_frag_init(void)
ret = inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT); ret = inet6_add_protocol(&frag_protocol, IPPROTO_FRAGMENT);
if (ret) if (ret)
goto out; goto out;
ip6_frags.ctl = &ip6_frags_ctl;
ip6_frags.hashfn = ip6_hashfn; ip6_frags.hashfn = ip6_hashfn;
ip6_frags.constructor = ip6_frag_init; ip6_frags.constructor = ip6_frag_init;
ip6_frags.destructor = NULL; ip6_frags.destructor = NULL;
......
...@@ -43,7 +43,7 @@ static ctl_table ipv6_table_template[] = { ...@@ -43,7 +43,7 @@ static ctl_table ipv6_table_template[] = {
{ {
.ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH, .ctl_name = NET_IPV6_IP6FRAG_HIGH_THRESH,
.procname = "ip6frag_high_thresh", .procname = "ip6frag_high_thresh",
.data = &ip6_frags_ctl.high_thresh, .data = &init_net.ipv6.sysctl.frags.high_thresh,
.maxlen = sizeof(int), .maxlen = sizeof(int),
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec .proc_handler = &proc_dointvec
...@@ -51,7 +51,7 @@ static ctl_table ipv6_table_template[] = { ...@@ -51,7 +51,7 @@ static ctl_table ipv6_table_template[] = {
{ {
.ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH, .ctl_name = NET_IPV6_IP6FRAG_LOW_THRESH,
.procname = "ip6frag_low_thresh", .procname = "ip6frag_low_thresh",
.data = &ip6_frags_ctl.low_thresh, .data = &init_net.ipv6.sysctl.frags.low_thresh,
.maxlen = sizeof(int), .maxlen = sizeof(int),
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec .proc_handler = &proc_dointvec
...@@ -59,7 +59,7 @@ static ctl_table ipv6_table_template[] = { ...@@ -59,7 +59,7 @@ static ctl_table ipv6_table_template[] = {
{ {
.ctl_name = NET_IPV6_IP6FRAG_TIME, .ctl_name = NET_IPV6_IP6FRAG_TIME,
.procname = "ip6frag_time", .procname = "ip6frag_time",
.data = &ip6_frags_ctl.timeout, .data = &init_net.ipv6.sysctl.frags.timeout,
.maxlen = sizeof(int), .maxlen = sizeof(int),
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec_jiffies, .proc_handler = &proc_dointvec_jiffies,
...@@ -68,7 +68,7 @@ static ctl_table ipv6_table_template[] = { ...@@ -68,7 +68,7 @@ static ctl_table ipv6_table_template[] = {
{ {
.ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL, .ctl_name = NET_IPV6_IP6FRAG_SECRET_INTERVAL,
.procname = "ip6frag_secret_interval", .procname = "ip6frag_secret_interval",
.data = &ip6_frags_ctl.secret_interval, .data = &init_net.ipv6.sysctl.frags.secret_interval,
.maxlen = sizeof(int), .maxlen = sizeof(int),
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec_jiffies, .proc_handler = &proc_dointvec_jiffies,
...@@ -117,6 +117,10 @@ static int ipv6_sysctl_net_init(struct net *net) ...@@ -117,6 +117,10 @@ static int ipv6_sysctl_net_init(struct net *net)
ipv6_table[1].child = ipv6_icmp_table; ipv6_table[1].child = ipv6_icmp_table;
ipv6_table[2].data = &net->ipv6.sysctl.bindv6only; ipv6_table[2].data = &net->ipv6.sysctl.bindv6only;
ipv6_table[3].data = &net->ipv6.sysctl.frags.high_thresh;
ipv6_table[4].data = &net->ipv6.sysctl.frags.low_thresh;
ipv6_table[5].data = &net->ipv6.sysctl.frags.timeout;
ipv6_table[6].data = &net->ipv6.sysctl.frags.secret_interval;
net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path, net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path,
ipv6_table); ipv6_table);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment