From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: Patrick McHardy <kaber@trash.net>, netfilter-devel@vger.kernel.org
Subject: [NETFILTER 24/38]: nf_conntrack_tcp: remove timeout indirection
Date: Tue, 15 Jan 2008 07:19:44 +0100 (MET) [thread overview]
Message-ID: <20080115061939.3184.31189.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20080115061907.3184.39432.sendpatchset@localhost.localdomain>
[NETFILTER]: nf_conntrack_tcp: remove timeout indirection
Instead of keeping pointers to the timeout values in a table, simply
put the timeout values in the table directly.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit e11744f0b9408e74f920463e52d59460e9c2b2b2
tree 7a75dea3fedc59c8ae32106fb1aae3a95bf3dfe9
parent 310e65023fa9efc6b18c32f3146cc6c24e6b2c33
author Patrick McHardy <kaber@trash.net> Tue, 15 Jan 2008 06:53:25 +0100
committer Patrick McHardy <kaber@trash.net> Tue, 15 Jan 2008 06:53:25 +0100
net/netfilter/nf_conntrack_proto_tcp.c | 67 +++++++++++++-------------------
1 files changed, 28 insertions(+), 39 deletions(-)
diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index dbd8f84..64c9b91 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -64,32 +64,21 @@ static const char *tcp_conntrack_names[] = {
#define HOURS * 60 MINS
#define DAYS * 24 HOURS
-static unsigned int nf_ct_tcp_timeout_syn_sent __read_mostly = 2 MINS;
-static unsigned int nf_ct_tcp_timeout_syn_recv __read_mostly = 60 SECS;
-static unsigned int nf_ct_tcp_timeout_established __read_mostly = 5 DAYS;
-static unsigned int nf_ct_tcp_timeout_fin_wait __read_mostly = 2 MINS;
-static unsigned int nf_ct_tcp_timeout_close_wait __read_mostly = 60 SECS;
-static unsigned int nf_ct_tcp_timeout_last_ack __read_mostly = 30 SECS;
-static unsigned int nf_ct_tcp_timeout_time_wait __read_mostly = 2 MINS;
-static unsigned int nf_ct_tcp_timeout_close __read_mostly = 10 SECS;
-
/* RFC1122 says the R2 limit should be at least 100 seconds.
Linux uses 15 packets as limit, which corresponds
to ~13-30min depending on RTO. */
static unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS;
-static unsigned int * tcp_timeouts[] = {
- NULL, /* TCP_CONNTRACK_NONE */
- &nf_ct_tcp_timeout_syn_sent, /* TCP_CONNTRACK_SYN_SENT, */
- &nf_ct_tcp_timeout_syn_recv, /* TCP_CONNTRACK_SYN_RECV, */
- &nf_ct_tcp_timeout_established, /* TCP_CONNTRACK_ESTABLISHED, */
- &nf_ct_tcp_timeout_fin_wait, /* TCP_CONNTRACK_FIN_WAIT, */
- &nf_ct_tcp_timeout_close_wait, /* TCP_CONNTRACK_CLOSE_WAIT, */
- &nf_ct_tcp_timeout_last_ack, /* TCP_CONNTRACK_LAST_ACK, */
- &nf_ct_tcp_timeout_time_wait, /* TCP_CONNTRACK_TIME_WAIT, */
- &nf_ct_tcp_timeout_close, /* TCP_CONNTRACK_CLOSE, */
- NULL, /* TCP_CONNTRACK_LISTEN */
- };
+static unsigned int tcp_timeouts[TCP_CONNTRACK_MAX] __read_mostly = {
+ [TCP_CONNTRACK_SYN_SENT] = 2 MINS,
+ [TCP_CONNTRACK_SYN_RECV] = 60 SECS,
+ [TCP_CONNTRACK_ESTABLISHED] = 5 DAYS,
+ [TCP_CONNTRACK_FIN_WAIT] = 2 MINS,
+ [TCP_CONNTRACK_CLOSE_WAIT] = 60 SECS,
+ [TCP_CONNTRACK_LAST_ACK] = 30 SECS,
+ [TCP_CONNTRACK_TIME_WAIT] = 2 MINS,
+ [TCP_CONNTRACK_CLOSE] = 10 SECS,
+};
#define sNO TCP_CONNTRACK_NONE
#define sSS TCP_CONNTRACK_SYN_SENT
@@ -941,8 +930,8 @@ static int tcp_packet(struct nf_conn *conntrack,
|| new_state == TCP_CONNTRACK_CLOSE))
conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
timeout = conntrack->proto.tcp.retrans >= nf_ct_tcp_max_retrans
- && *tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans
- ? nf_ct_tcp_timeout_max_retrans : *tcp_timeouts[new_state];
+ && tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans
+ ? nf_ct_tcp_timeout_max_retrans : tcp_timeouts[new_state];
write_unlock_bh(&tcp_lock);
nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
@@ -1163,56 +1152,56 @@ static struct ctl_table_header *tcp_sysctl_header;
static struct ctl_table tcp_sysctl_table[] = {
{
.procname = "nf_conntrack_tcp_timeout_syn_sent",
- .data = &nf_ct_tcp_timeout_syn_sent,
+ .data = &tcp_timeouts[TCP_CONNTRACK_SYN_SENT],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "nf_conntrack_tcp_timeout_syn_recv",
- .data = &nf_ct_tcp_timeout_syn_recv,
+ .data = &tcp_timeouts[TCP_CONNTRACK_SYN_RECV],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "nf_conntrack_tcp_timeout_established",
- .data = &nf_ct_tcp_timeout_established,
+ .data = &tcp_timeouts[TCP_CONNTRACK_ESTABLISHED],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "nf_conntrack_tcp_timeout_fin_wait",
- .data = &nf_ct_tcp_timeout_fin_wait,
+ .data = &tcp_timeouts[TCP_CONNTRACK_FIN_WAIT],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "nf_conntrack_tcp_timeout_close_wait",
- .data = &nf_ct_tcp_timeout_close_wait,
+ .data = &tcp_timeouts[TCP_CONNTRACK_CLOSE_WAIT],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "nf_conntrack_tcp_timeout_last_ack",
- .data = &nf_ct_tcp_timeout_last_ack,
+ .data = &tcp_timeouts[TCP_CONNTRACK_LAST_ACK],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "nf_conntrack_tcp_timeout_time_wait",
- .data = &nf_ct_tcp_timeout_time_wait,
+ .data = &tcp_timeouts[TCP_CONNTRACK_TIME_WAIT],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "nf_conntrack_tcp_timeout_close",
- .data = &nf_ct_tcp_timeout_close,
+ .data = &tcp_timeouts[TCP_CONNTRACK_CLOSE],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
@@ -1257,56 +1246,56 @@ static struct ctl_table tcp_sysctl_table[] = {
static struct ctl_table tcp_compat_sysctl_table[] = {
{
.procname = "ip_conntrack_tcp_timeout_syn_sent",
- .data = &nf_ct_tcp_timeout_syn_sent,
+ .data = &tcp_timeouts[TCP_CONNTRACK_SYN_SENT],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "ip_conntrack_tcp_timeout_syn_recv",
- .data = &nf_ct_tcp_timeout_syn_recv,
+ .data = &tcp_timeouts[TCP_CONNTRACK_SYN_RECV],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "ip_conntrack_tcp_timeout_established",
- .data = &nf_ct_tcp_timeout_established,
+ .data = &tcp_timeouts[TCP_CONNTRACK_ESTABLISHED],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "ip_conntrack_tcp_timeout_fin_wait",
- .data = &nf_ct_tcp_timeout_fin_wait,
+ .data = &tcp_timeouts[TCP_CONNTRACK_FIN_WAIT],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "ip_conntrack_tcp_timeout_close_wait",
- .data = &nf_ct_tcp_timeout_close_wait,
+ .data = &tcp_timeouts[TCP_CONNTRACK_CLOSE_WAIT],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "ip_conntrack_tcp_timeout_last_ack",
- .data = &nf_ct_tcp_timeout_last_ack,
+ .data = &tcp_timeouts[TCP_CONNTRACK_LAST_ACK],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "ip_conntrack_tcp_timeout_time_wait",
- .data = &nf_ct_tcp_timeout_time_wait,
+ .data = &tcp_timeouts[TCP_CONNTRACK_TIME_WAIT],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
},
{
.procname = "ip_conntrack_tcp_timeout_close",
- .data = &nf_ct_tcp_timeout_close,
+ .data = &tcp_timeouts[TCP_CONNTRACK_CLOSE],
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = &proc_dointvec_jiffies,
next prev parent reply other threads:[~2008-01-15 6:19 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-15 6:19 [NETFILTER 00/38]: Netfilter update Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 01/38]: Hide a few more options under NETFILTER_ADVANCED Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 02/38]: Remove some EXPERIMENTAL dependencies Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 03/38]: remove ipt_TOS.c Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 04/38]: xt_TOS: Change semantic of mask value Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 05/38]: xt_TOS: Properly set the TOS field Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 06/38]: Annotate start of kernel fields in NF headers Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 07/38]: xt_CONNMARK target, revision 1 Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 08/38]: xt_MARK target, revision 2 Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 09/38]: xt_connmark match, revision 1 Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 10/38]: Extend nf_inet_addr with in{,6}_addr Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 11/38]: xt_conntrack match, revision 1 Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 12/38]: xt_mark " Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 13/38]: xt_pkttype: Add explicit check for IPv4 Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 14/38]: xt_pkttype: IPv6 multicast address recognition Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 15/38]: xt_policy: use the new union nf_inet_addr Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 16/38]: Update modules' descriptions Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 17/38]: Rename ipt_iprange to xt_iprange Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 18/38]: xt_iprange match, revision 1 Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 19/38]: Update feature-removal-schedule.txt Patrick McHardy
2008-01-15 16:15 ` Jones Desougi
2008-01-15 16:40 ` Patrick McHardy
2008-01-15 16:54 ` Jan Engelhardt
2008-01-15 16:59 ` Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 20/38]: {ip,ip6}_tables: remove some inlines Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 21/38]: ipt_REJECT: properly handle IP options Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 22/38]: nf_conntrack_{tcp,sctp}: mark state table const Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 23/38]: nf_conntrack_{tcp,sctp}: shrink state table Patrick McHardy
2008-01-15 6:19 ` Patrick McHardy [this message]
2008-01-15 6:19 ` [NETFILTER 25/38]: nf_conntrack_sctp: basic cleanups Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 26/38]: nf_conntrack_sctp: use proper types for bitops Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 27/38]: nf_conntrack_sctp: reduce line length Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 28/38]: nf_conntrack_sctp: reduce line length further Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 29/38]: nf_conntrack_sctp: consolidate sctp_packet() error paths Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 30/38]: nf_conntrack_sctp: rename "newconntrack" variable Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 31/38]: nf_conntrack_sctp: don't take sctp_lock once per chunk Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 32/38]: nf_conntrack_sctp: remove unused ttag field from conntrack data Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 33/38]: nf_conntrack_sctp: replace magic value by symbolic constant Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 34/38]: nf_conntrack_sctp: remove timeout indirection Patrick McHardy
2008-01-15 6:19 ` [NETFILTER 35/38]: kill nf_sysctl.c Patrick McHardy
2008-01-15 6:20 ` [NETFILTER 36/38]: nf_conntrack: clean up a few header files Patrick McHardy
2008-01-15 6:20 ` [NETFILTER 37/38]: nf_conntrack: remove print_conntrack function from l3protos Patrick McHardy
2008-01-15 6:20 ` [NETFILTER 38/38]: nf_conntrack: make print_conntrack function optional for l4protos Patrick McHardy
2008-01-15 7:50 ` [NETFILTER 00/38]: Netfilter update David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080115061939.3184.31189.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).