tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

ipv4: namespacify ip fragment max dist sysctl knob

Signed-off-by: Nikolay Borisov <kernel@kyup.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Nikolay Borisov and committed by
David S. Miller 0fbf4cb2 e21145a9

+14 -12
+1
include/net/inet_frag.h
··· 13 13 int timeout; 14 14 int high_thresh; 15 15 int low_thresh; 16 + int max_dist; 16 17 }; 17 18 18 19 /**
+13 -12
net/ipv4/ip_fragment.c
··· 54 54 * code now. If you change something here, _PLEASE_ update ipv6/reassembly.c 55 55 * as well. Or notify me, at least. --ANK 56 56 */ 57 - 58 - static int sysctl_ipfrag_max_dist __read_mostly = 64; 59 57 static const char ip_frag_cache_name[] = "ip4-frags"; 60 58 61 59 struct ipfrag_skb_cb ··· 148 150 qp->daddr = arg->iph->daddr; 149 151 qp->vif = arg->vif; 150 152 qp->user = arg->user; 151 - qp->peer = sysctl_ipfrag_max_dist ? 153 + qp->peer = q->net->max_dist ? 152 154 inet_getpeer_v4(net->ipv4.peers, arg->iph->saddr, arg->vif, 1) : 153 155 NULL; 154 156 } ··· 273 275 static int ip_frag_too_far(struct ipq *qp) 274 276 { 275 277 struct inet_peer *peer = qp->peer; 276 - unsigned int max = sysctl_ipfrag_max_dist; 278 + unsigned int max = qp->q.net->max_dist; 277 279 unsigned int start, end; 278 280 279 281 int rc; ··· 747 749 .mode = 0644, 748 750 .proc_handler = proc_dointvec_jiffies, 749 751 }, 752 + { 753 + .procname = "ipfrag_max_dist", 754 + .data = &init_net.ipv4.frags.max_dist, 755 + .maxlen = sizeof(int), 756 + .mode = 0644, 757 + .proc_handler = proc_dointvec_minmax, 758 + .extra1 = &zero 759 + }, 750 760 { } 751 761 }; 752 762 ··· 767 761 .maxlen = sizeof(int), 768 762 .mode = 0644, 769 763 .proc_handler = proc_dointvec_jiffies, 770 - }, 771 - { 772 - .procname = "ipfrag_max_dist", 773 - .data = &sysctl_ipfrag_max_dist, 774 - .maxlen = sizeof(int), 775 - .mode = 0644, 776 - .proc_handler = proc_dointvec_minmax, 777 - .extra1 = &zero 778 764 }, 779 765 { } 780 766 }; ··· 788 790 table[1].data = &net->ipv4.frags.low_thresh; 789 791 table[1].extra2 = &net->ipv4.frags.high_thresh; 790 792 table[2].data = &net->ipv4.frags.timeout; 793 + table[3].data = &net->ipv4.frags.max_dist; 791 794 792 795 /* Don't export sysctls to unprivileged users */ 793 796 if (net->user_ns != &init_user_ns) ··· 863 864 * by TTL. 864 865 */ 865 866 net->ipv4.frags.timeout = IP_FRAG_TIME; 867 + 868 + net->ipv4.frags.max_dist = 64; 866 869 867 870 res = inet_frags_init_net(&net->ipv4.frags); 868 871 if (res)