Commit 2d5f5170 authored by Harald Welte's avatar Harald Welte Committed by David Woodhouse

[NETFILTER]: Resync with 2.4.x

- Update listhelp.h to benefit from prefetching
- More efficient selective_cleanup() impl. in conntrack
- Export number of conntrack buckets via r/o sysctl.
parent eb5ade96
...@@ -11,48 +11,42 @@ ...@@ -11,48 +11,42 @@
required to allow inlining of cmpfn. */ required to allow inlining of cmpfn. */
#define LIST_FIND(head, cmpfn, type, args...) \ #define LIST_FIND(head, cmpfn, type, args...) \
({ \ ({ \
const struct list_head *__i = (head); \ const struct list_head *__i, *__j = NULL; \
\ \
ASSERT_READ_LOCK(head); \ ASSERT_READ_LOCK(head); \
do { \ list_for_each(__i, (head)) \
__i = __i->next; \ if (cmpfn((const type)__i , ## args)) { \
if (__i == (head)) { \ __j = __i; \
__i = NULL; \
break; \ break; \
} \ } \
} while (!cmpfn((const type)__i , ## args)); \ (type)__j; \
(type)__i; \
}) })
#define LIST_FIND_W(head, cmpfn, type, args...) \ #define LIST_FIND_W(head, cmpfn, type, args...) \
({ \ ({ \
const struct list_head *__i = (head); \ const struct list_head *__i, *__j = NULL; \
\ \
ASSERT_WRITE_LOCK(head); \ ASSERT_WRITE_LOCK(head); \
do { \ list_for_each(__i, (head)) \
__i = __i->next; \ if (cmpfn((type)__i , ## args)) { \
if (__i == (head)) { \ __j = __i; \
__i = NULL; \
break; \ break; \
} \ } \
} while (!cmpfn((type)__i , ## args)); \ (type)__j; \
(type)__i; \
}) })
/* Just like LIST_FIND but we search backwards */ /* Just like LIST_FIND but we search backwards */
#define LIST_FIND_B(head, cmpfn, type, args...) \ #define LIST_FIND_B(head, cmpfn, type, args...) \
({ \ ({ \
const struct list_head *__i = (head); \ const struct list_head *__i, *__j = NULL; \
\ \
ASSERT_READ_LOCK(head); \ ASSERT_READ_LOCK(head); \
do { \ list_for_each_prev(__i, (head)) \
__i = __i->prev; \ if (cmpfn((const type)__i , ## args)) { \
if (__i == (head)) { \ __j = __i; \
__i = NULL; \
break; \ break; \
} \ } \
} while (!cmpfn((const type)__i , ## args)); \ (type)__j; \
(type)__i; \
}) })
static inline int static inline int
...@@ -100,9 +94,9 @@ list_prepend(struct list_head *head, void *new) ...@@ -100,9 +94,9 @@ list_prepend(struct list_head *head, void *new)
do { \ do { \
struct list_head *__i; \ struct list_head *__i; \
ASSERT_WRITE_LOCK(head); \ ASSERT_WRITE_LOCK(head); \
for (__i = (head)->next; \ list_for_each(__i, (head)) \
!cmpfn((new), (typeof (new))__i) && __i != (head); \ if ((new), (typeof (new))__i) \
__i = __i->next); \ break; \
list_add((struct list_head *)(new), __i->prev); \ list_add((struct list_head *)(new), __i->prev); \
} while(0) } while(0)
......
...@@ -382,6 +382,7 @@ enum ...@@ -382,6 +382,7 @@ enum
NET_IPV4_NF_CONNTRACK_UDP_TIMEOUT_STREAM=11, NET_IPV4_NF_CONNTRACK_UDP_TIMEOUT_STREAM=11,
NET_IPV4_NF_CONNTRACK_ICMP_TIMEOUT=12, NET_IPV4_NF_CONNTRACK_ICMP_TIMEOUT=12,
NET_IPV4_NF_CONNTRACK_GENERIC_TIMEOUT=13, NET_IPV4_NF_CONNTRACK_GENERIC_TIMEOUT=13,
NET_IPV4_NF_CONNTRACK_BUCKETS=14,
}; };
/* /proc/sys/net/ipv6 */ /* /proc/sys/net/ipv6 */
......
...@@ -1240,14 +1240,13 @@ do_kill(const struct ip_conntrack_tuple_hash *i, ...@@ -1240,14 +1240,13 @@ do_kill(const struct ip_conntrack_tuple_hash *i,
/* Bring out ya dead! */ /* Bring out ya dead! */
static struct ip_conntrack_tuple_hash * static struct ip_conntrack_tuple_hash *
get_next_corpse(int (*kill)(const struct ip_conntrack *i, void *data), get_next_corpse(int (*kill)(const struct ip_conntrack *i, void *data),
void *data) void *data, unsigned int *bucket)
{ {
struct ip_conntrack_tuple_hash *h = NULL; struct ip_conntrack_tuple_hash *h = NULL;
unsigned int i;
READ_LOCK(&ip_conntrack_lock); READ_LOCK(&ip_conntrack_lock);
for (i = 0; !h && i < ip_conntrack_htable_size; i++) { for (; !h && *bucket < ip_conntrack_htable_size; (*bucket)++) {
h = LIST_FIND(&ip_conntrack_hash[i], do_kill, h = LIST_FIND(&ip_conntrack_hash[*bucket], do_kill,
struct ip_conntrack_tuple_hash *, kill, data); struct ip_conntrack_tuple_hash *, kill, data);
} }
if (h) if (h)
...@@ -1262,9 +1261,9 @@ ip_ct_selective_cleanup(int (*kill)(const struct ip_conntrack *i, void *data), ...@@ -1262,9 +1261,9 @@ ip_ct_selective_cleanup(int (*kill)(const struct ip_conntrack *i, void *data),
void *data) void *data)
{ {
struct ip_conntrack_tuple_hash *h; struct ip_conntrack_tuple_hash *h;
unsigned int bucket = 0;
/* This is order n^2, by the way. */ while ((h = get_next_corpse(kill, data, &bucket)) != NULL) {
while ((h = get_next_corpse(kill, data)) != NULL) {
/* Time to push up daises... */ /* Time to push up daises... */
if (del_timer(&h->ctrack->timeout)) if (del_timer(&h->ctrack->timeout))
death_by_timeout((unsigned long)h->ctrack); death_by_timeout((unsigned long)h->ctrack);
......
...@@ -275,6 +275,7 @@ static struct nf_hook_ops ip_conntrack_local_in_ops = { ...@@ -275,6 +275,7 @@ static struct nf_hook_ops ip_conntrack_local_in_ops = {
/* From ip_conntrack_core.c */ /* From ip_conntrack_core.c */
extern int ip_conntrack_max; extern int ip_conntrack_max;
extern unsigned int ip_conntrack_htable_size;
/* From ip_conntrack_proto_tcp.c */ /* From ip_conntrack_proto_tcp.c */
extern unsigned long ip_ct_tcp_timeout_syn_sent; extern unsigned long ip_ct_tcp_timeout_syn_sent;
...@@ -307,6 +308,14 @@ static ctl_table ip_ct_sysctl_table[] = { ...@@ -307,6 +308,14 @@ static ctl_table ip_ct_sysctl_table[] = {
.mode = 0644, .mode = 0644,
.proc_handler = &proc_dointvec, .proc_handler = &proc_dointvec,
}, },
{
.ctl_name = NET_IPV4_NF_CONNTRACK_BUCKETS,
.procname = "ip_conntrack_buckets",
.data = &ip_conntrack_htable_size,
.maxlen = sizeof(unsigned int),
.mode = 0444,
.proc_handler = &proc_dointvec,
},
{ {
.ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_SYN_SENT, .ctl_name = NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_SYN_SENT,
.procname = "ip_conntrack_tcp_timeout_syn_sent", .procname = "ip_conntrack_tcp_timeout_syn_sent",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment