* [PATCH 11/38] netns ct: per-netns unconfirmed hash [not found] <20080821220059.GK31136@x200.localdomain> @ 2008-08-21 22:40 ` adobriyan 2008-09-04 16:46 ` Patrick McHardy [not found] ` <20080821224030.GB31601-2ev+ksY9ol182hYKe6nXyg@public.gmane.org> [not found] ` <20080821220059.GK31136-2ev+ksY9ol182hYKe6nXyg@public.gmane.org> 1 sibling, 2 replies; 4+ messages in thread From: adobriyan @ 2008-08-21 22:40 UTC (permalink / raw) To: kaber, containers, netdev, netfilter-devel What is unconfirmed connection in one netns can very well be confirmed in another. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> --- include/net/netfilter/nf_conntrack_core.h | 1 - include/net/netns/conntrack.h | 2 ++ net/netfilter/nf_conntrack_core.c | 6 +++--- net/netfilter/nf_conntrack_helper.c | 3 +-- 4 files changed, 6 insertions(+), 6 deletions(-) --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h @@ -72,6 +72,5 @@ print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple, const struct nf_conntrack_l4proto *proto); extern spinlock_t nf_conntrack_lock ; -extern struct hlist_head unconfirmed; #endif /* _NF_CONNTRACK_CORE_H */ --- a/include/net/netns/conntrack.h +++ b/include/net/netns/conntrack.h @@ -1,6 +1,7 @@ #ifndef __NETNS_CONNTRACK_H #define __NETNS_CONNTRACK_H +#include <linux/list.h> #include <asm/atomic.h> struct netns_ct { @@ -10,5 +11,6 @@ struct netns_ct { unsigned int expect_count; struct hlist_head *expect_hash; int expect_vmalloc; + struct hlist_head unconfirmed; }; #endif --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -54,7 +54,6 @@ struct nf_conn nf_conntrack_untracked __read_mostly; EXPORT_SYMBOL_GPL(nf_conntrack_untracked); unsigned int nf_ct_log_invalid __read_mostly; -HLIST_HEAD(unconfirmed); static struct kmem_cache *nf_conntrack_cachep __read_mostly; DEFINE_PER_CPU(struct ip_conntrack_stat, nf_conntrack_stat); @@ -596,7 +595,7 @@ init_conntrack(struct net *net, } /* Overload tuple linked list to put us in unconfirmed list. */ - hlist_add_head(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnode, &unconfirmed); + hlist_add_head(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnode, &net->ct.unconfirmed); spin_unlock_bh(&nf_conntrack_lock); @@ -956,7 +955,7 @@ get_next_corpse(struct net *net, int (*iter)(struct nf_conn *i, void *data), goto found; } } - hlist_for_each_entry(h, n, &unconfirmed, hnode) { + hlist_for_each_entry(h, n, &net->ct.unconfirmed, hnode) { ct = nf_ct_tuplehash_to_ctrack(h); if (iter(ct, data)) set_bit(IPS_DYING_BIT, &ct->status); @@ -1152,6 +1151,7 @@ int nf_conntrack_init(struct net *net) printk(KERN_ERR "Unable to create nf_conntrack_hash\n"); goto err_out; } + INIT_HLIST_HEAD(&net->ct.unconfirmed); nf_conntrack_max = max_factor * nf_conntrack_htable_size; --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c @@ -156,7 +156,7 @@ void nf_conntrack_helper_unregister(struct nf_conntrack_helper *me) } /* Get rid of expecteds, set helpers to NULL. */ - hlist_for_each_entry(h, n, &unconfirmed, hnode) + hlist_for_each_entry(h, n, &init_net.ct.unconfirmed, hnode) unhelp(h, me); for (i = 0; i < nf_conntrack_htable_size; i++) { hlist_for_each_entry(h, n, &init_net.ct.hash[i], hnode) -- 1.5.6.3 ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH 11/38] netns ct: per-netns unconfirmed hash 2008-08-21 22:40 ` [PATCH 11/38] netns ct: per-netns unconfirmed hash adobriyan @ 2008-09-04 16:46 ` Patrick McHardy [not found] ` <20080821224030.GB31601-2ev+ksY9ol182hYKe6nXyg@public.gmane.org> 1 sibling, 0 replies; 4+ messages in thread From: Patrick McHardy @ 2008-09-04 16:46 UTC (permalink / raw) To: adobriyan; +Cc: containers, netdev, netfilter-devel adobriyan@gmail.com wrote: > What is unconfirmed connection in one netns can very well be confirmed > in another. > > @@ -10,5 +11,6 @@ struct netns_ct { > unsigned int expect_count; > struct hlist_head *expect_hash; > int expect_vmalloc; > + struct hlist_head unconfirmed; > }; You could lay this out a bit better to avoid holes and move the members only used rarely (like *_vmalloc) to the end. ^ permalink raw reply [flat|nested] 4+ messages in thread
[parent not found: <20080821224030.GB31601-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>]
* Re: [PATCH 11/38] netns ct: per-netns unconfirmed hash [not found] ` <20080821224030.GB31601-2ev+ksY9ol182hYKe6nXyg@public.gmane.org> @ 2008-09-04 16:46 ` Patrick McHardy 0 siblings, 0 replies; 4+ messages in thread From: Patrick McHardy @ 2008-09-04 16:46 UTC (permalink / raw) To: adobriyan-Re5JQEeQqe8AvxtiuMwx3w Cc: netdev-u79uwXL29TY76Z2rM5mHXA, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA, netfilter-devel-u79uwXL29TY76Z2rM5mHXA adobriyan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org wrote: > What is unconfirmed connection in one netns can very well be confirmed > in another. > > @@ -10,5 +11,6 @@ struct netns_ct { > unsigned int expect_count; > struct hlist_head *expect_hash; > int expect_vmalloc; > + struct hlist_head unconfirmed; > }; You could lay this out a bit better to avoid holes and move the members only used rarely (like *_vmalloc) to the end. ^ permalink raw reply [flat|nested] 4+ messages in thread
[parent not found: <20080821220059.GK31136-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>]
* [PATCH 11/38] netns ct: per-netns unconfirmed hash [not found] ` <20080821220059.GK31136-2ev+ksY9ol182hYKe6nXyg@public.gmane.org> @ 2008-08-21 22:40 ` adobriyan-Re5JQEeQqe8AvxtiuMwx3w 0 siblings, 0 replies; 4+ messages in thread From: adobriyan-Re5JQEeQqe8AvxtiuMwx3w @ 2008-08-21 22:40 UTC (permalink / raw) To: kaber-dcUjhNyLwpNeoWH0uzbU5w, containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA, netdev-u79uwXL29TY76Z2rM5mHXA, netfilter-devel-u79uwXL29TY76Z2rM5mHXA What is unconfirmed connection in one netns can very well be confirmed in another. Signed-off-by: Alexey Dobriyan <adobriyan-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> --- include/net/netfilter/nf_conntrack_core.h | 1 - include/net/netns/conntrack.h | 2 ++ net/netfilter/nf_conntrack_core.c | 6 +++--- net/netfilter/nf_conntrack_helper.c | 3 +-- 4 files changed, 6 insertions(+), 6 deletions(-) --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h @@ -72,6 +72,5 @@ print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple, const struct nf_conntrack_l4proto *proto); extern spinlock_t nf_conntrack_lock ; -extern struct hlist_head unconfirmed; #endif /* _NF_CONNTRACK_CORE_H */ --- a/include/net/netns/conntrack.h +++ b/include/net/netns/conntrack.h @@ -1,6 +1,7 @@ #ifndef __NETNS_CONNTRACK_H #define __NETNS_CONNTRACK_H +#include <linux/list.h> #include <asm/atomic.h> struct netns_ct { @@ -10,5 +11,6 @@ struct netns_ct { unsigned int expect_count; struct hlist_head *expect_hash; int expect_vmalloc; + struct hlist_head unconfirmed; }; #endif --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -54,7 +54,6 @@ struct nf_conn nf_conntrack_untracked __read_mostly; EXPORT_SYMBOL_GPL(nf_conntrack_untracked); unsigned int nf_ct_log_invalid __read_mostly; -HLIST_HEAD(unconfirmed); static struct kmem_cache *nf_conntrack_cachep __read_mostly; DEFINE_PER_CPU(struct ip_conntrack_stat, nf_conntrack_stat); @@ -596,7 +595,7 @@ init_conntrack(struct net *net, } /* Overload tuple linked list to put us in unconfirmed list. */ - hlist_add_head(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnode, &unconfirmed); + hlist_add_head(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnode, &net->ct.unconfirmed); spin_unlock_bh(&nf_conntrack_lock); @@ -956,7 +955,7 @@ get_next_corpse(struct net *net, int (*iter)(struct nf_conn *i, void *data), goto found; } } - hlist_for_each_entry(h, n, &unconfirmed, hnode) { + hlist_for_each_entry(h, n, &net->ct.unconfirmed, hnode) { ct = nf_ct_tuplehash_to_ctrack(h); if (iter(ct, data)) set_bit(IPS_DYING_BIT, &ct->status); @@ -1152,6 +1151,7 @@ int nf_conntrack_init(struct net *net) printk(KERN_ERR "Unable to create nf_conntrack_hash\n"); goto err_out; } + INIT_HLIST_HEAD(&net->ct.unconfirmed); nf_conntrack_max = max_factor * nf_conntrack_htable_size; --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c @@ -156,7 +156,7 @@ void nf_conntrack_helper_unregister(struct nf_conntrack_helper *me) } /* Get rid of expecteds, set helpers to NULL. */ - hlist_for_each_entry(h, n, &unconfirmed, hnode) + hlist_for_each_entry(h, n, &init_net.ct.unconfirmed, hnode) unhelp(h, me); for (i = 0; i < nf_conntrack_htable_size; i++) { hlist_for_each_entry(h, n, &init_net.ct.hash[i], hnode) -- 1.5.6.3 ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-09-04 16:46 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20080821220059.GK31136@x200.localdomain>
2008-08-21 22:40 ` [PATCH 11/38] netns ct: per-netns unconfirmed hash adobriyan
2008-09-04 16:46 ` Patrick McHardy
[not found] ` <20080821224030.GB31601-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2008-09-04 16:46 ` Patrick McHardy
[not found] ` <20080821220059.GK31136-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2008-08-21 22:40 ` adobriyan-Re5JQEeQqe8AvxtiuMwx3w
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.