netfilter: nf_ct_tcp: move retransmission and unacknowledged timeout to array

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch moves the retransmission and unacknowledged timeouts
to the tcp_timeouts array. This change is required by follow-up
patches.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso 14 years ago 33ee4464 5a41db94

+17 -15

2 changed files

expand all

include

linux

netfilter

nf_conntrack_tcp.h

net

netfilter

nf_conntrack_proto_tcp.c

+4 -1

include/linux/netfilter/nf_conntrack_tcp.h

··· 18 18 TCP_CONNTRACK_LISTEN, /* obsolete */ 19 19 #define TCP_CONNTRACK_SYN_SENT2 TCP_CONNTRACK_LISTEN 20 20 TCP_CONNTRACK_MAX, 21 - TCP_CONNTRACK_IGNORE 21 + TCP_CONNTRACK_IGNORE, 22 + TCP_CONNTRACK_RETRANS, 23 + TCP_CONNTRACK_UNACK, 24 + TCP_CONNTRACK_TIMEOUT_MAX 22 25 }; 23 26 24 27 /* Window scaling is advertised by the sender */

+13 -14

net/netfilter/nf_conntrack_proto_tcp.c

··· 64 64 #define HOURS * 60 MINS 65 65 #define DAYS * 24 HOURS 66 66 67 - /* RFC1122 says the R2 limit should be at least 100 seconds. 68 - Linux uses 15 packets as limit, which corresponds 69 - to ~13-30min depending on RTO. */ 70 - static unsigned int nf_ct_tcp_timeout_max_retrans __read_mostly = 5 MINS; 71 - static unsigned int nf_ct_tcp_timeout_unacknowledged __read_mostly = 5 MINS; 72 - 73 - static unsigned int tcp_timeouts[TCP_CONNTRACK_MAX] __read_mostly = { 67 + static unsigned int tcp_timeouts[TCP_CONNTRACK_TIMEOUT_MAX] __read_mostly = { 74 68 [TCP_CONNTRACK_SYN_SENT] = 2 MINS, 75 69 [TCP_CONNTRACK_SYN_RECV] = 60 SECS, 76 70 [TCP_CONNTRACK_ESTABLISHED] = 5 DAYS, ··· 74 80 [TCP_CONNTRACK_TIME_WAIT] = 2 MINS, 75 81 [TCP_CONNTRACK_CLOSE] = 10 SECS, 76 82 [TCP_CONNTRACK_SYN_SENT2] = 2 MINS, 83 + /* RFC1122 says the R2 limit should be at least 100 seconds. 84 + Linux uses 15 packets as limit, which corresponds 85 + to ~13-30min depending on RTO. */ 86 + [TCP_CONNTRACK_RETRANS] = 5 MINS, 87 + [TCP_CONNTRACK_UNACK] = 5 MINS, 77 88 }; 78 89 79 90 #define sNO TCP_CONNTRACK_NONE ··· 1014 1015 ct->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT; 1015 1016 1016 1017 if (ct->proto.tcp.retrans >= nf_ct_tcp_max_retrans && 1017 - tcp_timeouts[new_state] > nf_ct_tcp_timeout_max_retrans) 1018 - timeout = nf_ct_tcp_timeout_max_retrans; 1018 + tcp_timeouts[new_state] > tcp_timeouts[TCP_CONNTRACK_RETRANS]) 1019 + timeout = tcp_timeouts[TCP_CONNTRACK_RETRANS]; 1019 1020 else if ((ct->proto.tcp.seen[0].flags | ct->proto.tcp.seen[1].flags) & 1020 1021 IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED && 1021 - tcp_timeouts[new_state] > nf_ct_tcp_timeout_unacknowledged) 1022 - timeout = nf_ct_tcp_timeout_unacknowledged; 1022 + tcp_timeouts[new_state] > tcp_timeouts[TCP_CONNTRACK_UNACK]) 1023 + timeout = tcp_timeouts[TCP_CONNTRACK_UNACK]; 1023 1024 else 1024 1025 timeout = tcp_timeouts[new_state]; 1025 1026 spin_unlock_bh(&ct->lock); ··· 1300 1301 }, 1301 1302 { 1302 1303 .procname = "nf_conntrack_tcp_timeout_max_retrans", 1303 - .data = &nf_ct_tcp_timeout_max_retrans, 1304 + .data = &tcp_timeouts[TCP_CONNTRACK_RETRANS], 1304 1305 .maxlen = sizeof(unsigned int), 1305 1306 .mode = 0644, 1306 1307 .proc_handler = proc_dointvec_jiffies, 1307 1308 }, 1308 1309 { 1309 1310 .procname = "nf_conntrack_tcp_timeout_unacknowledged", 1310 - .data = &nf_ct_tcp_timeout_unacknowledged, 1311 + .data = &tcp_timeouts[TCP_CONNTRACK_UNACK], 1311 1312 .maxlen = sizeof(unsigned int), 1312 1313 .mode = 0644, 1313 1314 .proc_handler = proc_dointvec_jiffies, ··· 1403 1404 }, 1404 1405 { 1405 1406 .procname = "ip_conntrack_tcp_timeout_max_retrans", 1406 - .data = &nf_ct_tcp_timeout_max_retrans, 1407 + .data = &tcp_timeouts[TCP_CONNTRACK_RETRANS], 1407 1408 .maxlen = sizeof(unsigned int), 1408 1409 .mode = 0644, 1409 1410 .proc_handler = proc_dointvec_jiffies,