Commit 94aec08e authored by Brian Haley's avatar Brian Haley Committed by David S. Miller

[NETFILTER]: Change tunables to __read_mostly

Change some netfilter tunables to __read_mostly.  Also fixed some
incorrect file reference comments while I was in there.

(this will be my last __read_mostly patch unless someone points out
something else that needs it)
Signed-off-by: default avatarBrian Haley <brian.haley@hp.com>
Acked-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 4cbf1cae
...@@ -66,13 +66,13 @@ void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack) = NULL; ...@@ -66,13 +66,13 @@ void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack) = NULL;
LIST_HEAD(ip_conntrack_expect_list); LIST_HEAD(ip_conntrack_expect_list);
struct ip_conntrack_protocol *ip_ct_protos[MAX_IP_CT_PROTO]; struct ip_conntrack_protocol *ip_ct_protos[MAX_IP_CT_PROTO];
static LIST_HEAD(helpers); static LIST_HEAD(helpers);
unsigned int ip_conntrack_htable_size = 0; unsigned int ip_conntrack_htable_size __read_mostly = 0;
int ip_conntrack_max; int ip_conntrack_max __read_mostly;
struct list_head *ip_conntrack_hash; struct list_head *ip_conntrack_hash;
static kmem_cache_t *ip_conntrack_cachep __read_mostly; static kmem_cache_t *ip_conntrack_cachep __read_mostly;
static kmem_cache_t *ip_conntrack_expect_cachep __read_mostly; static kmem_cache_t *ip_conntrack_expect_cachep __read_mostly;
struct ip_conntrack ip_conntrack_untracked; struct ip_conntrack ip_conntrack_untracked;
unsigned int ip_ct_log_invalid; unsigned int ip_ct_log_invalid __read_mostly;
static LIST_HEAD(unconfirmed); static LIST_HEAD(unconfirmed);
static int ip_conntrack_vmalloc; static int ip_conntrack_vmalloc;
......
...@@ -12,7 +12,7 @@ ...@@ -12,7 +12,7 @@
#include <linux/netfilter.h> #include <linux/netfilter.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h> #include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
unsigned int ip_ct_generic_timeout = 600*HZ; unsigned int ip_ct_generic_timeout __read_mostly = 600*HZ;
static int generic_pkt_to_tuple(const struct sk_buff *skb, static int generic_pkt_to_tuple(const struct sk_buff *skb,
unsigned int dataoff, unsigned int dataoff,
......
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
#include <linux/netfilter_ipv4/ip_conntrack_core.h> #include <linux/netfilter_ipv4/ip_conntrack_core.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h> #include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
unsigned int ip_ct_icmp_timeout = 30*HZ; unsigned int ip_ct_icmp_timeout __read_mostly = 30*HZ;
#if 0 #if 0
#define DEBUGP printk #define DEBUGP printk
......
...@@ -58,13 +58,13 @@ static const char *sctp_conntrack_names[] = { ...@@ -58,13 +58,13 @@ static const char *sctp_conntrack_names[] = {
#define HOURS * 60 MINS #define HOURS * 60 MINS
#define DAYS * 24 HOURS #define DAYS * 24 HOURS
static unsigned int ip_ct_sctp_timeout_closed = 10 SECS; static unsigned int ip_ct_sctp_timeout_closed __read_mostly = 10 SECS;
static unsigned int ip_ct_sctp_timeout_cookie_wait = 3 SECS; static unsigned int ip_ct_sctp_timeout_cookie_wait __read_mostly = 3 SECS;
static unsigned int ip_ct_sctp_timeout_cookie_echoed = 3 SECS; static unsigned int ip_ct_sctp_timeout_cookie_echoed __read_mostly = 3 SECS;
static unsigned int ip_ct_sctp_timeout_established = 5 DAYS; static unsigned int ip_ct_sctp_timeout_established __read_mostly = 5 DAYS;
static unsigned int ip_ct_sctp_timeout_shutdown_sent = 300 SECS / 1000; static unsigned int ip_ct_sctp_timeout_shutdown_sent __read_mostly = 300 SECS / 1000;
static unsigned int ip_ct_sctp_timeout_shutdown_recd = 300 SECS / 1000; static unsigned int ip_ct_sctp_timeout_shutdown_recd __read_mostly = 300 SECS / 1000;
static unsigned int ip_ct_sctp_timeout_shutdown_ack_sent = 3 SECS; static unsigned int ip_ct_sctp_timeout_shutdown_ack_sent __read_mostly = 3 SECS;
static const unsigned int * sctp_timeouts[] static const unsigned int * sctp_timeouts[]
= { NULL, /* SCTP_CONNTRACK_NONE */ = { NULL, /* SCTP_CONNTRACK_NONE */
......
...@@ -48,19 +48,19 @@ static DEFINE_RWLOCK(tcp_lock); ...@@ -48,19 +48,19 @@ static DEFINE_RWLOCK(tcp_lock);
/* "Be conservative in what you do, /* "Be conservative in what you do,
be liberal in what you accept from others." be liberal in what you accept from others."
If it's non-zero, we mark only out of window RST segments as INVALID. */ If it's non-zero, we mark only out of window RST segments as INVALID. */
int ip_ct_tcp_be_liberal = 0; int ip_ct_tcp_be_liberal __read_mostly = 0;
/* When connection is picked up from the middle, how many packets are required /* When connection is picked up from the middle, how many packets are required
to pass in each direction when we assume we are in sync - if any side uses to pass in each direction when we assume we are in sync - if any side uses
window scaling, we lost the game. window scaling, we lost the game.
If it is set to zero, we disable picking up already established If it is set to zero, we disable picking up already established
connections. */ connections. */
int ip_ct_tcp_loose = 3; int ip_ct_tcp_loose __read_mostly = 3;
/* Max number of the retransmitted packets without receiving an (acceptable) /* Max number of the retransmitted packets without receiving an (acceptable)
ACK from the destination. If this number is reached, a shorter timer ACK from the destination. If this number is reached, a shorter timer
will be started. */ will be started. */
int ip_ct_tcp_max_retrans = 3; int ip_ct_tcp_max_retrans __read_mostly = 3;
/* FIXME: Examine ipfilter's timeouts and conntrack transitions more /* FIXME: Examine ipfilter's timeouts and conntrack transitions more
closely. They're more complex. --RR */ closely. They're more complex. --RR */
...@@ -83,19 +83,19 @@ static const char *tcp_conntrack_names[] = { ...@@ -83,19 +83,19 @@ static const char *tcp_conntrack_names[] = {
#define HOURS * 60 MINS #define HOURS * 60 MINS
#define DAYS * 24 HOURS #define DAYS * 24 HOURS
unsigned int ip_ct_tcp_timeout_syn_sent = 2 MINS; unsigned int ip_ct_tcp_timeout_syn_sent __read_mostly = 2 MINS;
unsigned int ip_ct_tcp_timeout_syn_recv = 60 SECS; unsigned int ip_ct_tcp_timeout_syn_recv __read_mostly = 60 SECS;
unsigned int ip_ct_tcp_timeout_established = 5 DAYS; unsigned int ip_ct_tcp_timeout_established __read_mostly = 5 DAYS;
unsigned int ip_ct_tcp_timeout_fin_wait = 2 MINS; unsigned int ip_ct_tcp_timeout_fin_wait __read_mostly = 2 MINS;
unsigned int ip_ct_tcp_timeout_close_wait = 60 SECS; unsigned int ip_ct_tcp_timeout_close_wait __read_mostly = 60 SECS;
unsigned int ip_ct_tcp_timeout_last_ack = 30 SECS; unsigned int ip_ct_tcp_timeout_last_ack __read_mostly = 30 SECS;
unsigned int ip_ct_tcp_timeout_time_wait = 2 MINS; unsigned int ip_ct_tcp_timeout_time_wait __read_mostly = 2 MINS;
unsigned int ip_ct_tcp_timeout_close = 10 SECS; unsigned int ip_ct_tcp_timeout_close __read_mostly = 10 SECS;
/* RFC1122 says the R2 limit should be at least 100 seconds. /* RFC1122 says the R2 limit should be at least 100 seconds.
Linux uses 15 packets as limit, which corresponds Linux uses 15 packets as limit, which corresponds
to ~13-30min depending on RTO. */ to ~13-30min depending on RTO. */
unsigned int ip_ct_tcp_timeout_max_retrans = 5 MINS; unsigned int ip_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS;
static const unsigned int * tcp_timeouts[] static const unsigned int * tcp_timeouts[]
= { NULL, /* TCP_CONNTRACK_NONE */ = { NULL, /* TCP_CONNTRACK_NONE */
......
...@@ -18,8 +18,8 @@ ...@@ -18,8 +18,8 @@
#include <linux/netfilter_ipv4.h> #include <linux/netfilter_ipv4.h>
#include <linux/netfilter_ipv4/ip_conntrack_protocol.h> #include <linux/netfilter_ipv4/ip_conntrack_protocol.h>
unsigned int ip_ct_udp_timeout = 30*HZ; unsigned int ip_ct_udp_timeout __read_mostly = 30*HZ;
unsigned int ip_ct_udp_timeout_stream = 180*HZ; unsigned int ip_ct_udp_timeout_stream __read_mostly = 180*HZ;
static int udp_pkt_to_tuple(const struct sk_buff *skb, static int udp_pkt_to_tuple(const struct sk_buff *skb,
unsigned int dataoff, unsigned int dataoff,
......
...@@ -534,7 +534,7 @@ static struct nf_hook_ops ip_conntrack_ops[] = { ...@@ -534,7 +534,7 @@ static struct nf_hook_ops ip_conntrack_ops[] = {
/* Sysctl support */ /* Sysctl support */
int ip_conntrack_checksum = 1; int ip_conntrack_checksum __read_mostly = 1;
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
...@@ -563,7 +563,7 @@ extern unsigned int ip_ct_udp_timeout_stream; ...@@ -563,7 +563,7 @@ extern unsigned int ip_ct_udp_timeout_stream;
/* From ip_conntrack_proto_icmp.c */ /* From ip_conntrack_proto_icmp.c */
extern unsigned int ip_ct_icmp_timeout; extern unsigned int ip_ct_icmp_timeout;
/* From ip_conntrack_proto_icmp.c */ /* From ip_conntrack_proto_generic.c */
extern unsigned int ip_ct_generic_timeout; extern unsigned int ip_ct_generic_timeout;
/* Log invalid packets of a given protocol */ /* Log invalid packets of a given protocol */
......
...@@ -53,7 +53,7 @@ struct ipq_queue_entry { ...@@ -53,7 +53,7 @@ struct ipq_queue_entry {
typedef int (*ipq_cmpfn)(struct ipq_queue_entry *, unsigned long); typedef int (*ipq_cmpfn)(struct ipq_queue_entry *, unsigned long);
static unsigned char copy_mode = IPQ_COPY_NONE; static unsigned char copy_mode = IPQ_COPY_NONE;
static unsigned int queue_maxlen = IPQ_QMAX_DEFAULT; static unsigned int queue_maxlen __read_mostly = IPQ_QMAX_DEFAULT;
static DEFINE_RWLOCK(queue_lock); static DEFINE_RWLOCK(queue_lock);
static int peer_pid; static int peer_pid;
static unsigned int copy_range; static unsigned int copy_range;
......
...@@ -25,7 +25,7 @@ ...@@ -25,7 +25,7 @@
#include <net/netfilter/nf_conntrack_protocol.h> #include <net/netfilter/nf_conntrack_protocol.h>
#include <net/netfilter/nf_conntrack_core.h> #include <net/netfilter/nf_conntrack_core.h>
unsigned long nf_ct_icmp_timeout = 30*HZ; unsigned long nf_ct_icmp_timeout __read_mostly = 30*HZ;
#if 0 #if 0
#define DEBUGP printk #define DEBUGP printk
......
...@@ -57,7 +57,7 @@ struct ipq_queue_entry { ...@@ -57,7 +57,7 @@ struct ipq_queue_entry {
typedef int (*ipq_cmpfn)(struct ipq_queue_entry *, unsigned long); typedef int (*ipq_cmpfn)(struct ipq_queue_entry *, unsigned long);
static unsigned char copy_mode = IPQ_COPY_NONE; static unsigned char copy_mode = IPQ_COPY_NONE;
static unsigned int queue_maxlen = IPQ_QMAX_DEFAULT; static unsigned int queue_maxlen __read_mostly = IPQ_QMAX_DEFAULT;
static DEFINE_RWLOCK(queue_lock); static DEFINE_RWLOCK(queue_lock);
static int peer_pid; static int peer_pid;
static unsigned int copy_range; static unsigned int copy_range;
......
...@@ -335,7 +335,7 @@ static struct nf_hook_ops ipv6_conntrack_ops[] = { ...@@ -335,7 +335,7 @@ static struct nf_hook_ops ipv6_conntrack_ops[] = {
/* From nf_conntrack_proto_icmpv6.c */ /* From nf_conntrack_proto_icmpv6.c */
extern unsigned int nf_ct_icmpv6_timeout; extern unsigned int nf_ct_icmpv6_timeout;
/* From nf_conntrack_frag6.c */ /* From nf_conntrack_reasm.c */
extern unsigned int nf_ct_frag6_timeout; extern unsigned int nf_ct_frag6_timeout;
extern unsigned int nf_ct_frag6_low_thresh; extern unsigned int nf_ct_frag6_low_thresh;
extern unsigned int nf_ct_frag6_high_thresh; extern unsigned int nf_ct_frag6_high_thresh;
......
...@@ -33,7 +33,7 @@ ...@@ -33,7 +33,7 @@
#include <net/netfilter/nf_conntrack_core.h> #include <net/netfilter/nf_conntrack_core.h>
#include <net/netfilter/ipv6/nf_conntrack_icmpv6.h> #include <net/netfilter/ipv6/nf_conntrack_icmpv6.h>
unsigned long nf_ct_icmpv6_timeout = 30*HZ; unsigned long nf_ct_icmpv6_timeout __read_mostly = 30*HZ;
#if 0 #if 0
#define DEBUGP printk #define DEBUGP printk
......
...@@ -54,9 +54,9 @@ ...@@ -54,9 +54,9 @@
#define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */ #define NF_CT_FRAG6_LOW_THRESH 196608 /* == 192*1024 */
#define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT #define NF_CT_FRAG6_TIMEOUT IPV6_FRAG_TIMEOUT
unsigned int nf_ct_frag6_high_thresh = 256*1024; unsigned int nf_ct_frag6_high_thresh __read_mostly = 256*1024;
unsigned int nf_ct_frag6_low_thresh = 192*1024; unsigned int nf_ct_frag6_low_thresh __read_mostly = 192*1024;
unsigned long nf_ct_frag6_timeout = IPV6_FRAG_TIMEOUT; unsigned long nf_ct_frag6_timeout __read_mostly = IPV6_FRAG_TIMEOUT;
struct nf_ct_frag6_skb_cb struct nf_ct_frag6_skb_cb
{ {
......
...@@ -77,12 +77,12 @@ LIST_HEAD(nf_conntrack_expect_list); ...@@ -77,12 +77,12 @@ LIST_HEAD(nf_conntrack_expect_list);
struct nf_conntrack_protocol **nf_ct_protos[PF_MAX]; struct nf_conntrack_protocol **nf_ct_protos[PF_MAX];
struct nf_conntrack_l3proto *nf_ct_l3protos[PF_MAX]; struct nf_conntrack_l3proto *nf_ct_l3protos[PF_MAX];
static LIST_HEAD(helpers); static LIST_HEAD(helpers);
unsigned int nf_conntrack_htable_size = 0; unsigned int nf_conntrack_htable_size __read_mostly = 0;
int nf_conntrack_max; int nf_conntrack_max __read_mostly;
struct list_head *nf_conntrack_hash; struct list_head *nf_conntrack_hash;
static kmem_cache_t *nf_conntrack_expect_cachep; static kmem_cache_t *nf_conntrack_expect_cachep;
struct nf_conn nf_conntrack_untracked; struct nf_conn nf_conntrack_untracked;
unsigned int nf_ct_log_invalid; unsigned int nf_ct_log_invalid __read_mostly;
static LIST_HEAD(unconfirmed); static LIST_HEAD(unconfirmed);
static int nf_conntrack_vmalloc; static int nf_conntrack_vmalloc;
......
...@@ -17,7 +17,7 @@ ...@@ -17,7 +17,7 @@
#include <linux/netfilter.h> #include <linux/netfilter.h>
#include <net/netfilter/nf_conntrack_protocol.h> #include <net/netfilter/nf_conntrack_protocol.h>
unsigned int nf_ct_generic_timeout = 600*HZ; unsigned int nf_ct_generic_timeout __read_mostly = 600*HZ;
static int generic_pkt_to_tuple(const struct sk_buff *skb, static int generic_pkt_to_tuple(const struct sk_buff *skb,
unsigned int dataoff, unsigned int dataoff,
......
...@@ -64,13 +64,13 @@ static const char *sctp_conntrack_names[] = { ...@@ -64,13 +64,13 @@ static const char *sctp_conntrack_names[] = {
#define HOURS * 60 MINS #define HOURS * 60 MINS
#define DAYS * 24 HOURS #define DAYS * 24 HOURS
static unsigned int nf_ct_sctp_timeout_closed = 10 SECS; static unsigned int nf_ct_sctp_timeout_closed __read_mostly = 10 SECS;
static unsigned int nf_ct_sctp_timeout_cookie_wait = 3 SECS; static unsigned int nf_ct_sctp_timeout_cookie_wait __read_mostly = 3 SECS;
static unsigned int nf_ct_sctp_timeout_cookie_echoed = 3 SECS; static unsigned int nf_ct_sctp_timeout_cookie_echoed __read_mostly = 3 SECS;
static unsigned int nf_ct_sctp_timeout_established = 5 DAYS; static unsigned int nf_ct_sctp_timeout_established __read_mostly = 5 DAYS;
static unsigned int nf_ct_sctp_timeout_shutdown_sent = 300 SECS / 1000; static unsigned int nf_ct_sctp_timeout_shutdown_sent __read_mostly = 300 SECS / 1000;
static unsigned int nf_ct_sctp_timeout_shutdown_recd = 300 SECS / 1000; static unsigned int nf_ct_sctp_timeout_shutdown_recd __read_mostly = 300 SECS / 1000;
static unsigned int nf_ct_sctp_timeout_shutdown_ack_sent = 3 SECS; static unsigned int nf_ct_sctp_timeout_shutdown_ack_sent __read_mostly = 3 SECS;
static unsigned int * sctp_timeouts[] static unsigned int * sctp_timeouts[]
= { NULL, /* SCTP_CONNTRACK_NONE */ = { NULL, /* SCTP_CONNTRACK_NONE */
......
...@@ -57,19 +57,19 @@ static DEFINE_RWLOCK(tcp_lock); ...@@ -57,19 +57,19 @@ static DEFINE_RWLOCK(tcp_lock);
/* "Be conservative in what you do, /* "Be conservative in what you do,
be liberal in what you accept from others." be liberal in what you accept from others."
If it's non-zero, we mark only out of window RST segments as INVALID. */ If it's non-zero, we mark only out of window RST segments as INVALID. */
int nf_ct_tcp_be_liberal = 0; int nf_ct_tcp_be_liberal __read_mostly = 0;
/* When connection is picked up from the middle, how many packets are required /* When connection is picked up from the middle, how many packets are required
to pass in each direction when we assume we are in sync - if any side uses to pass in each direction when we assume we are in sync - if any side uses
window scaling, we lost the game. window scaling, we lost the game.
If it is set to zero, we disable picking up already established If it is set to zero, we disable picking up already established
connections. */ connections. */
int nf_ct_tcp_loose = 3; int nf_ct_tcp_loose __read_mostly = 3;
/* Max number of the retransmitted packets without receiving an (acceptable) /* Max number of the retransmitted packets without receiving an (acceptable)
ACK from the destination. If this number is reached, a shorter timer ACK from the destination. If this number is reached, a shorter timer
will be started. */ will be started. */
int nf_ct_tcp_max_retrans = 3; int nf_ct_tcp_max_retrans __read_mostly = 3;
/* FIXME: Examine ipfilter's timeouts and conntrack transitions more /* FIXME: Examine ipfilter's timeouts and conntrack transitions more
closely. They're more complex. --RR */ closely. They're more complex. --RR */
...@@ -92,19 +92,19 @@ static const char *tcp_conntrack_names[] = { ...@@ -92,19 +92,19 @@ static const char *tcp_conntrack_names[] = {
#define HOURS * 60 MINS #define HOURS * 60 MINS
#define DAYS * 24 HOURS #define DAYS * 24 HOURS
unsigned int nf_ct_tcp_timeout_syn_sent = 2 MINS; unsigned int nf_ct_tcp_timeout_syn_sent __read_mostly = 2 MINS;
unsigned int nf_ct_tcp_timeout_syn_recv = 60 SECS; unsigned int nf_ct_tcp_timeout_syn_recv __read_mostly = 60 SECS;
unsigned int nf_ct_tcp_timeout_established = 5 DAYS; unsigned int nf_ct_tcp_timeout_established __read_mostly = 5 DAYS;
unsigned int nf_ct_tcp_timeout_fin_wait = 2 MINS; unsigned int nf_ct_tcp_timeout_fin_wait __read_mostly = 2 MINS;
unsigned int nf_ct_tcp_timeout_close_wait = 60 SECS; unsigned int nf_ct_tcp_timeout_close_wait __read_mostly = 60 SECS;
unsigned int nf_ct_tcp_timeout_last_ack = 30 SECS; unsigned int nf_ct_tcp_timeout_last_ack __read_mostly = 30 SECS;
unsigned int nf_ct_tcp_timeout_time_wait = 2 MINS; unsigned int nf_ct_tcp_timeout_time_wait __read_mostly = 2 MINS;
unsigned int nf_ct_tcp_timeout_close = 10 SECS; unsigned int nf_ct_tcp_timeout_close __read_mostly = 10 SECS;
/* RFC1122 says the R2 limit should be at least 100 seconds. /* RFC1122 says the R2 limit should be at least 100 seconds.
Linux uses 15 packets as limit, which corresponds Linux uses 15 packets as limit, which corresponds
to ~13-30min depending on RTO. */ to ~13-30min depending on RTO. */
unsigned int nf_ct_tcp_timeout_max_retrans = 5 MINS; unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS;
static unsigned int * tcp_timeouts[] static unsigned int * tcp_timeouts[]
= { NULL, /* TCP_CONNTRACK_NONE */ = { NULL, /* TCP_CONNTRACK_NONE */
......
...@@ -27,8 +27,8 @@ ...@@ -27,8 +27,8 @@
#include <linux/netfilter_ipv6.h> #include <linux/netfilter_ipv6.h>
#include <net/netfilter/nf_conntrack_protocol.h> #include <net/netfilter/nf_conntrack_protocol.h>
unsigned int nf_ct_udp_timeout = 30*HZ; unsigned int nf_ct_udp_timeout __read_mostly = 30*HZ;
unsigned int nf_ct_udp_timeout_stream = 180*HZ; unsigned int nf_ct_udp_timeout_stream __read_mostly = 180*HZ;
static int udp_pkt_to_tuple(const struct sk_buff *skb, static int udp_pkt_to_tuple(const struct sk_buff *skb,
unsigned int dataoff, unsigned int dataoff,
......
...@@ -428,7 +428,7 @@ static struct file_operations ct_cpu_seq_fops = { ...@@ -428,7 +428,7 @@ static struct file_operations ct_cpu_seq_fops = {
/* Sysctl support */ /* Sysctl support */
int nf_conntrack_checksum = 1; int nf_conntrack_checksum __read_mostly = 1;
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment