Re: sctp conntrack

[Kiran Kumar Immidi <immidi@spymac.com>]

[-- Attachment #1: Type: text/plain, Size: 795 bytes --]

On Friday 23 July 2004 12:46 am, Harald Welte wrote:

> I was about to include the SCTP conntrack patch into my set of pending
> patches for 2.6.9 but then discovered that you don't export the timeouts
> via /proc (similar to what recent versions of ip_conntrack_tcp do).
>
> Would you please include suport for /proc tuning of the timeouts and
> submit a patch against current CVS?

  The attached patch adds this support. It is a diff against current cvs pom 
sctp-conntrack-nat module, the following doubt remains:

- The type of these timeouts in case of TCP is unsigned long, though the code 
in ip_conntrack_standalone.c treats them as unsigned int. I am not sure of 
the working, but I suspect something wrong here. I have followed the same 
pattern however.

Regards,
Kiran Kumar Immidi

[-- Attachment #2: sctp_timeout.diff --]
[-- Type: text/x-diff, Size: 6444 bytes --]

Index: linux.patch
===================================================================
RCS file: /cvspublic/patch-o-matic-ng/sctp-conntrack-nat/linux.patch,v
retrieving revision 1.1
diff -u -r1.1 linux.patch
--- linux.patch	10 Apr 2004 15:52:01 -0000	1.1
+++ linux.patch	27 Jul 2004 05:48:13 -0000
@@ -1,6 +1,6 @@
-diff -ru --exclude .depend --exclude '*.o' --exclude '*.ko' --exclude '*.ver' --exclude '.*.flags' --exclude '*.orig' --exclude '*.rej' --exclude '*.cmd' --exclude '*.mod.c' --exclude '*~' linux-2.6.4/include/linux/netfilter_ipv4/ip_conntrack_tuple.h tp/linux-2.6.4/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
---- linux-2.6.4/include/linux/netfilter_ipv4/ip_conntrack_tuple.h	2004-01-09 12:29:48.000000000 +0530
-+++ tp/linux-2.6.4/include/linux/netfilter_ipv4/ip_conntrack_tuple.h	2004-04-14 15:33:18.000000000 +0530
+diff -ru --exclude .depend --exclude '*.o' --exclude '*.ko' --exclude '*.ver' --exclude '.*.flags' --exclude '*.orig' --exclude '*.rej' --exclude '*.cmd' --exclude '*.mod.c' --exclude '*~' linux-2.6.6.orig/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
+--- linux-2.6.6.orig/include/linux/netfilter_ipv4/ip_conntrack_tuple.h	2004-01-09 12:29:48.000000000 +0530
++++ linux-2.6.6/include/linux/netfilter_ipv4/ip_conntrack_tuple.h	2004-04-14 15:33:18.000000000 +0530
 @@ -25,6 +25,9 @@
  	struct {
  		u_int16_t id;
@@ -21,3 +21,19 @@
  		} u;
  
  		/* The protocol. */
+--- linux-2.6.6.orig/include/linux/sysctl.h    2004-07-27 04:16:46.000000000 +0530
++++ linux-2.6.6/include/linux/sysctl.h      2004-07-27 06:20:48.333196352 +0530
+@@ -406,6 +406,13 @@
+	NET_IPV4_NF_CONNTRACK_ICMP_TIMEOUT=12,
+	NET_IPV4_NF_CONNTRACK_GENERIC_TIMEOUT=13,
+	NET_IPV4_NF_CONNTRACK_BUCKETS=14,
++	NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_CLOSED=15,
++	NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_WAIT=16,
++	NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_ECHOED=17,
++	NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_ESTABLISHED=18,
++	NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_SENT=19,
++	NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_RECD=20,
++	NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_ACK_SENT=21,
+ };
+
+ /* /proc/sys/net/ipv6 */
Index: linux/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
===================================================================
RCS file: /cvspublic/patch-o-matic-ng/sctp-conntrack-nat/linux/net/ipv4/netfilter/ip_conntrack_proto_sctp.c,v
retrieving revision 1.1
diff -u -r1.1 ip_conntrack_proto_sctp.c
--- linux/net/ipv4/netfilter/ip_conntrack_proto_sctp.c	10 Apr 2004 15:52:01 -0000	1.1
+++ linux/net/ipv4/netfilter/ip_conntrack_proto_sctp.c	27 Jul 2004 05:48:14 -0000
@@ -9,6 +9,10 @@
  * published by the Free Software Foundation.
  */
 
+/*
+ * Added support for proc manipulation of timeouts.
+ */
+
 #include <linux/types.h>
 #include <linux/sched.h>
 #include <linux/timer.h>
@@ -505,11 +509,125 @@
 	.me 		 = THIS_MODULE 
 };
 
+#ifdef CONFIG_SYSCTL
+static ctl_table ip_ct_sysctl_table[] = {
+	{
+		.ctl_name	= NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_CLOSED,
+		.procname	= "ip_conntrack_sctp_timeout_closed",
+		.data		= &ip_ct_sctp_timeout_closed,
+		.maxlen		= sizeof(unsigned int),
+		.mode		= 0644,
+		.proc_handler	= &proc_dointvec_jiffies,
+	},
+	{
+		.ctl_name	= NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_WAIT,
+		.procname	= "ip_conntrack_sctp_timeout_cookie_wait",
+		.data		= &ip_ct_sctp_timeout_cookie_wait,
+		.maxlen		= sizeof(unsigned int),
+		.mode		= 0644,
+		.proc_handler	= &proc_dointvec_jiffies,
+	},
+	{
+		.ctl_name	= NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_ECHOED,
+		.procname	= "ip_conntrack_sctp_timeout_cookie_echoed",
+		.data		= &ip_ct_sctp_timeout_cookie_echoed,
+		.maxlen		= sizeof(unsigned int),
+		.mode		= 0644,
+		.proc_handler	= &proc_dointvec_jiffies,
+	},
+	{
+		.ctl_name	= NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_ESTABLISHED,
+		.procname	= "ip_conntrack_sctp_timeout_established",
+		.data		= &ip_ct_sctp_timeout_established,
+		.maxlen		= sizeof(unsigned int),
+		.mode		= 0644,
+		.proc_handler	= &proc_dointvec_jiffies,
+	},
+	{
+		.ctl_name	= NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_SENT,
+		.procname	= "ip_conntrack_sctp_timeout_shutdown_sent",
+		.data		= &ip_ct_sctp_timeout_shutdown_sent,
+		.maxlen		= sizeof(unsigned int),
+		.mode		= 0644,
+		.proc_handler	= &proc_dointvec_jiffies,
+	},
+	{
+		.ctl_name	= NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_RECD,
+		.procname	= "ip_conntrack_sctp_timeout_shutdown_recd",
+		.data		= &ip_ct_sctp_timeout_shutdown_recd,
+		.maxlen		= sizeof(unsigned int),
+		.mode		= 0644,
+		.proc_handler	= &proc_dointvec_jiffies,
+	},
+	{
+		.ctl_name	= NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_ACK_SENT,
+		.procname	= "ip_conntrack_sctp_timeout_shutdown_ack_sent",
+		.data		= &ip_ct_sctp_timeout_shutdown_ack_sent,
+		.maxlen		= sizeof(unsigned int),
+		.mode		= 0644,
+		.proc_handler	= &proc_dointvec_jiffies,
+	},
+	{ .ctl_name = 0 }
+};
+
+static ctl_table ip_ct_netfilter_table[] = {
+	{
+		.ctl_name	= NET_IPV4_NETFILTER,
+		.procname	= "netfilter",
+		.mode		= 0555,
+		.child		= ip_ct_sysctl_table,
+	},
+	{ .ctl_name = 0 }
+};
+
+static ctl_table ip_ct_ipv4_table[] = {
+	{
+		.ctl_name	= NET_IPV4,
+		.procname	= "ipv4",
+		.mode		= 0555,
+		.child		= ip_ct_netfilter_table,
+	},
+	{ .ctl_name = 0 }
+};
+
+static ctl_table ip_ct_net_table[] = {
+	{
+		.ctl_name	= CTL_NET,
+		.procname	= "net",
+		.mode		= 0555, 
+		.child		= ip_ct_ipv4_table,
+	},
+	{ .ctl_name = 0 }
+};
+
+static struct ctl_table_header *ip_ct_sysctl_header;
+#endif
+
 int __init init(void)
 {
 	int ret;
 
 	ret = ip_conntrack_protocol_register(&ip_conntrack_protocol_sctp);
+	if (ret) {
+		printk("ip_conntrack_proto_sctp: protocol register failed\n");
+		goto out;
+	}
+
+#ifdef CONFIG_SYSCTL
+	ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0);
+	if (ip_ct_sysctl_header == NULL) {
+		printk("ip_conntrack_proto_sctp: can't register to sysctl.\n");
+		goto cleanup;
+	}
+#endif
+
+	return ret;
+
+ cleanup:
+#ifdef CONFIG_SYSCTL
+	ip_conntrack_protocol_unregister(&ip_conntrack_protocol_sctp);
+#endif
+ out:
 	DEBUGP("SCTP conntrack module loading %s\n", 
 					ret ? "failed": "succeeded");
 	return ret;
@@ -518,6 +636,9 @@
 void __exit fini(void)
 {
 	ip_conntrack_protocol_unregister(&ip_conntrack_protocol_sctp);
+#ifdef CONFIG_SYSCTL
+ 	unregister_sysctl_table(ip_ct_sysctl_header);
+#endif
 	DEBUGP("SCTP conntrack module unloaded\n");
 }