Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2d646286 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: nf_conntrack_tcp: remove timeout indirection 



Instead of keeping pointers to the timeout values in a table, simply
put the timeout values in the table directly.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent a5e73c29

net/netfilter/nf_conntrack_proto_tcp.c

+28 −39
Original line number Diff line number Diff line
@@ -64,31 +64,20 @@ static const char *tcp_conntrack_names[] = { 
#define HOURS * 60 MINS

#define DAYS * 24 HOURS



static unsigned int nf_ct_tcp_timeout_syn_sent __read_mostly =      2 MINS;

static unsigned int nf_ct_tcp_timeout_syn_recv __read_mostly =     60 SECS;

static unsigned int nf_ct_tcp_timeout_established __read_mostly =   5 DAYS;

static unsigned int nf_ct_tcp_timeout_fin_wait __read_mostly =      2 MINS;

static unsigned int nf_ct_tcp_timeout_close_wait __read_mostly =   60 SECS;

static unsigned int nf_ct_tcp_timeout_last_ack __read_mostly =     30 SECS;

static unsigned int nf_ct_tcp_timeout_time_wait __read_mostly =     2 MINS;

static unsigned int nf_ct_tcp_timeout_close __read_mostly =        10 SECS;



/* RFC1122 says the R2 limit should be at least 100 seconds.

   Linux uses 15 packets as limit, which corresponds

   to ~13-30min depending on RTO. */

static unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly =   5 MINS;



static unsigned int * tcp_timeouts[] = {

    NULL,                              /* TCP_CONNTRACK_NONE */

    &nf_ct_tcp_timeout_syn_sent,       /* TCP_CONNTRACK_SYN_SENT, */

    &nf_ct_tcp_timeout_syn_recv,       /* TCP_CONNTRACK_SYN_RECV, */

    &nf_ct_tcp_timeout_established,    /* TCP_CONNTRACK_ESTABLISHED, */

    &nf_ct_tcp_timeout_fin_wait,       /* TCP_CONNTRACK_FIN_WAIT, */

    &nf_ct_tcp_timeout_close_wait,     /* TCP_CONNTRACK_CLOSE_WAIT, */

    &nf_ct_tcp_timeout_last_ack,       /* TCP_CONNTRACK_LAST_ACK, */

    &nf_ct_tcp_timeout_time_wait,      /* TCP_CONNTRACK_TIME_WAIT, */

    &nf_ct_tcp_timeout_close,          /* TCP_CONNTRACK_CLOSE, */

    NULL,                              /* TCP_CONNTRACK_LISTEN */

static unsigned int tcp_timeouts[TCP_CONNTRACK_MAX] __read_mostly = {

	[TCP_CONNTRACK_SYN_SENT]	= 2 MINS,

	[TCP_CONNTRACK_SYN_RECV]	= 60 SECS,

	[TCP_CONNTRACK_ESTABLISHED]	= 5 DAYS,

	[TCP_CONNTRACK_FIN_WAIT]	= 2 MINS,

	[TCP_CONNTRACK_CLOSE_WAIT]	= 60 SECS,

	[TCP_CONNTRACK_LAST_ACK]	= 30 SECS,

	[TCP_CONNTRACK_TIME_WAIT]	= 2 MINS,

	[TCP_CONNTRACK_CLOSE]		= 10 SECS,

};



#define sNO TCP_CONNTRACK_NONE
@@ -941,8 +930,8 @@ static int tcp_packet(struct nf_conn *conntrack, 
		|| new_state == TCP_CONNTRACK_CLOSE))

		conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT;

	timeout = conntrack->proto.tcp.retrans >= nf_ct_tcp_max_retrans

		  && *tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans

		  ? nf_ct_tcp_timeout_max_retrans : *tcp_timeouts[new_state];

		  && tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans

		  ? nf_ct_tcp_timeout_max_retrans : tcp_timeouts[new_state];

	write_unlock_bh(&tcp_lock);



	nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, skb);
@@ -1163,56 +1152,56 @@ static struct ctl_table_header *tcp_sysctl_header; 
static struct ctl_table tcp_sysctl_table[] = {

	{

		.procname	= "nf_conntrack_tcp_timeout_syn_sent",

		.data		= &nf_ct_tcp_timeout_syn_sent,

		.data		= &tcp_timeouts[TCP_CONNTRACK_SYN_SENT],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "nf_conntrack_tcp_timeout_syn_recv",

		.data		= &nf_ct_tcp_timeout_syn_recv,

		.data		= &tcp_timeouts[TCP_CONNTRACK_SYN_RECV],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "nf_conntrack_tcp_timeout_established",

		.data		= &nf_ct_tcp_timeout_established,

		.data		= &tcp_timeouts[TCP_CONNTRACK_ESTABLISHED],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "nf_conntrack_tcp_timeout_fin_wait",

		.data		= &nf_ct_tcp_timeout_fin_wait,

		.data		= &tcp_timeouts[TCP_CONNTRACK_FIN_WAIT],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "nf_conntrack_tcp_timeout_close_wait",

		.data		= &nf_ct_tcp_timeout_close_wait,

		.data		= &tcp_timeouts[TCP_CONNTRACK_CLOSE_WAIT],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "nf_conntrack_tcp_timeout_last_ack",

		.data		= &nf_ct_tcp_timeout_last_ack,

		.data		= &tcp_timeouts[TCP_CONNTRACK_LAST_ACK],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "nf_conntrack_tcp_timeout_time_wait",

		.data		= &nf_ct_tcp_timeout_time_wait,

		.data		= &tcp_timeouts[TCP_CONNTRACK_TIME_WAIT],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "nf_conntrack_tcp_timeout_close",

		.data		= &nf_ct_tcp_timeout_close,

		.data		= &tcp_timeouts[TCP_CONNTRACK_CLOSE],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,
@@ -1257,56 +1246,56 @@ static struct ctl_table tcp_sysctl_table[] = { 
static struct ctl_table tcp_compat_sysctl_table[] = {

	{

		.procname	= "ip_conntrack_tcp_timeout_syn_sent",

		.data		= &nf_ct_tcp_timeout_syn_sent,

		.data		= &tcp_timeouts[TCP_CONNTRACK_SYN_SENT],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "ip_conntrack_tcp_timeout_syn_recv",

		.data		= &nf_ct_tcp_timeout_syn_recv,

		.data		= &tcp_timeouts[TCP_CONNTRACK_SYN_RECV],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "ip_conntrack_tcp_timeout_established",

		.data		= &nf_ct_tcp_timeout_established,

		.data		= &tcp_timeouts[TCP_CONNTRACK_ESTABLISHED],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "ip_conntrack_tcp_timeout_fin_wait",

		.data		= &nf_ct_tcp_timeout_fin_wait,

		.data		= &tcp_timeouts[TCP_CONNTRACK_FIN_WAIT],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "ip_conntrack_tcp_timeout_close_wait",

		.data		= &nf_ct_tcp_timeout_close_wait,

		.data		= &tcp_timeouts[TCP_CONNTRACK_CLOSE_WAIT],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "ip_conntrack_tcp_timeout_last_ack",

		.data		= &nf_ct_tcp_timeout_last_ack,

		.data		= &tcp_timeouts[TCP_CONNTRACK_LAST_ACK],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "ip_conntrack_tcp_timeout_time_wait",

		.data		= &nf_ct_tcp_timeout_time_wait,

		.data		= &tcp_timeouts[TCP_CONNTRACK_TIME_WAIT],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,

	},

	{

		.procname	= "ip_conntrack_tcp_timeout_close",

		.data		= &nf_ct_tcp_timeout_close,

		.data		= &tcp_timeouts[TCP_CONNTRACK_CLOSE],

		.maxlen		= sizeof(unsigned int),

		.mode		= 0644,

		.proc_handler	= &proc_dointvec_jiffies,