Commit 5a41db94c60ac2a12b5a559de658a10d174b046d
1 parent
3b988ece9b
netfilter: nf_ct_udp[lite]: convert UDP[lite] timeouts to array
Use one array to store the UDP timeouts instead of two variables. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Showing 2 changed files with 37 additions and 18 deletions Side-by-side Diff
net/netfilter/nf_conntrack_proto_udp.c
| ... | ... | @@ -25,9 +25,17 @@ |
| 25 | 25 | #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> |
| 26 | 26 | #include <net/netfilter/ipv6/nf_conntrack_ipv6.h> |
| 27 | 27 | |
| 28 | -static unsigned int nf_ct_udp_timeout __read_mostly = 30*HZ; | |
| 29 | -static unsigned int nf_ct_udp_timeout_stream __read_mostly = 180*HZ; | |
| 28 | +enum udp_conntrack { | |
| 29 | + UDP_CT_UNREPLIED, | |
| 30 | + UDP_CT_REPLIED, | |
| 31 | + UDP_CT_MAX | |
| 32 | +}; | |
| 30 | 33 | |
| 34 | +static unsigned int udp_timeouts[UDP_CT_MAX] = { | |
| 35 | + [UDP_CT_UNREPLIED] = 30*HZ, | |
| 36 | + [UDP_CT_REPLIED] = 180*HZ, | |
| 37 | +}; | |
| 38 | + | |
| 31 | 39 | static bool udp_pkt_to_tuple(const struct sk_buff *skb, |
| 32 | 40 | unsigned int dataoff, |
| 33 | 41 | struct nf_conntrack_tuple *tuple) |
| 34 | 42 | |
| ... | ... | @@ -74,13 +82,15 @@ |
| 74 | 82 | /* If we've seen traffic both ways, this is some kind of UDP |
| 75 | 83 | stream. Extend timeout. */ |
| 76 | 84 | if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) { |
| 77 | - nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udp_timeout_stream); | |
| 85 | + nf_ct_refresh_acct(ct, ctinfo, skb, | |
| 86 | + udp_timeouts[UDP_CT_REPLIED]); | |
| 78 | 87 | /* Also, more likely to be important, and not a probe */ |
| 79 | 88 | if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status)) |
| 80 | 89 | nf_conntrack_event_cache(IPCT_ASSURED, ct); |
| 81 | - } else | |
| 82 | - nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udp_timeout); | |
| 83 | - | |
| 90 | + } else { | |
| 91 | + nf_ct_refresh_acct(ct, ctinfo, skb, | |
| 92 | + udp_timeouts[UDP_CT_UNREPLIED]); | |
| 93 | + } | |
| 84 | 94 | return NF_ACCEPT; |
| 85 | 95 | } |
| 86 | 96 | |
| 87 | 97 | |
| ... | ... | @@ -142,14 +152,14 @@ |
| 142 | 152 | static struct ctl_table udp_sysctl_table[] = { |
| 143 | 153 | { |
| 144 | 154 | .procname = "nf_conntrack_udp_timeout", |
| 145 | - .data = &nf_ct_udp_timeout, | |
| 155 | + .data = &udp_timeouts[UDP_CT_UNREPLIED], | |
| 146 | 156 | .maxlen = sizeof(unsigned int), |
| 147 | 157 | .mode = 0644, |
| 148 | 158 | .proc_handler = proc_dointvec_jiffies, |
| 149 | 159 | }, |
| 150 | 160 | { |
| 151 | 161 | .procname = "nf_conntrack_udp_timeout_stream", |
| 152 | - .data = &nf_ct_udp_timeout_stream, | |
| 162 | + .data = &udp_timeouts[UDP_CT_REPLIED], | |
| 153 | 163 | .maxlen = sizeof(unsigned int), |
| 154 | 164 | .mode = 0644, |
| 155 | 165 | .proc_handler = proc_dointvec_jiffies, |
| 156 | 166 | |
| ... | ... | @@ -160,14 +170,14 @@ |
| 160 | 170 | static struct ctl_table udp_compat_sysctl_table[] = { |
| 161 | 171 | { |
| 162 | 172 | .procname = "ip_conntrack_udp_timeout", |
| 163 | - .data = &nf_ct_udp_timeout, | |
| 173 | + .data = &udp_timeouts[UDP_CT_UNREPLIED], | |
| 164 | 174 | .maxlen = sizeof(unsigned int), |
| 165 | 175 | .mode = 0644, |
| 166 | 176 | .proc_handler = proc_dointvec_jiffies, |
| 167 | 177 | }, |
| 168 | 178 | { |
| 169 | 179 | .procname = "ip_conntrack_udp_timeout_stream", |
| 170 | - .data = &nf_ct_udp_timeout_stream, | |
| 180 | + .data = &udp_timeouts[UDP_CT_REPLIED], | |
| 171 | 181 | .maxlen = sizeof(unsigned int), |
| 172 | 182 | .mode = 0644, |
| 173 | 183 | .proc_handler = proc_dointvec_jiffies, |
net/netfilter/nf_conntrack_proto_udplite.c
| ... | ... | @@ -24,9 +24,17 @@ |
| 24 | 24 | #include <net/netfilter/nf_conntrack_ecache.h> |
| 25 | 25 | #include <net/netfilter/nf_log.h> |
| 26 | 26 | |
| 27 | -static unsigned int nf_ct_udplite_timeout __read_mostly = 30*HZ; | |
| 28 | -static unsigned int nf_ct_udplite_timeout_stream __read_mostly = 180*HZ; | |
| 27 | +enum udplite_conntrack { | |
| 28 | + UDPLITE_CT_UNREPLIED, | |
| 29 | + UDPLITE_CT_REPLIED, | |
| 30 | + UDPLITE_CT_MAX | |
| 31 | +}; | |
| 29 | 32 | |
| 33 | +static unsigned int udplite_timeouts[UDPLITE_CT_MAX] = { | |
| 34 | + [UDPLITE_CT_UNREPLIED] = 30*HZ, | |
| 35 | + [UDPLITE_CT_REPLIED] = 180*HZ, | |
| 36 | +}; | |
| 37 | + | |
| 30 | 38 | static bool udplite_pkt_to_tuple(const struct sk_buff *skb, |
| 31 | 39 | unsigned int dataoff, |
| 32 | 40 | struct nf_conntrack_tuple *tuple) |
| 33 | 41 | |
| ... | ... | @@ -72,13 +80,14 @@ |
| 72 | 80 | stream. Extend timeout. */ |
| 73 | 81 | if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) { |
| 74 | 82 | nf_ct_refresh_acct(ct, ctinfo, skb, |
| 75 | - nf_ct_udplite_timeout_stream); | |
| 83 | + udplite_timeouts[UDPLITE_CT_REPLIED]); | |
| 76 | 84 | /* Also, more likely to be important, and not a probe */ |
| 77 | 85 | if (!test_and_set_bit(IPS_ASSURED_BIT, &ct->status)) |
| 78 | 86 | nf_conntrack_event_cache(IPCT_ASSURED, ct); |
| 79 | - } else | |
| 80 | - nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_udplite_timeout); | |
| 81 | - | |
| 87 | + } else { | |
| 88 | + nf_ct_refresh_acct(ct, ctinfo, skb, | |
| 89 | + udplite_timeouts[UDPLITE_CT_UNREPLIED]); | |
| 90 | + } | |
| 82 | 91 | return NF_ACCEPT; |
| 83 | 92 | } |
| 84 | 93 | |
| 85 | 94 | |
| ... | ... | @@ -147,14 +156,14 @@ |
| 147 | 156 | static struct ctl_table udplite_sysctl_table[] = { |
| 148 | 157 | { |
| 149 | 158 | .procname = "nf_conntrack_udplite_timeout", |
| 150 | - .data = &nf_ct_udplite_timeout, | |
| 159 | + .data = &udplite_timeouts[UDPLITE_CT_UNREPLIED], | |
| 151 | 160 | .maxlen = sizeof(unsigned int), |
| 152 | 161 | .mode = 0644, |
| 153 | 162 | .proc_handler = proc_dointvec_jiffies, |
| 154 | 163 | }, |
| 155 | 164 | { |
| 156 | 165 | .procname = "nf_conntrack_udplite_timeout_stream", |
| 157 | - .data = &nf_ct_udplite_timeout_stream, | |
| 166 | + .data = &udplite_timeouts[UDPLITE_CT_REPLIED], | |
| 158 | 167 | .maxlen = sizeof(unsigned int), |
| 159 | 168 | .mode = 0644, |
| 160 | 169 | .proc_handler = proc_dointvec_jiffies, |