[NETNS][FRAGS]: Move ctl tables around.
authorPavel Emelyanov <xemul@openvz.org>
Tue, 22 Jan 2008 13:58:31 +0000 (05:58 -0800)
committerDavid S. Miller <davem@davemloft.net>
Mon, 28 Jan 2008 23:10:34 +0000 (15:10 -0800)
This is a preparation for sysctl netns-ization.
Move the ctl tables to the files, where the tuning
variables reside. Plus make the helpers to register
the tables.

This will simplify the later patches and will keep
similar things closer to each other.

ipv4, ipv6 and conntrack_reasm are patched differently,
but the result is all the tables are in appropriate files.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/ip.h
include/net/ipv6.h
include/net/netfilter/ipv6/nf_conntrack_ipv6.h
net/ipv4/ip_fragment.c
net/ipv4/sysctl_net_ipv4.c
net/ipv6/af_inet6.c
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
net/ipv6/netfilter/nf_conntrack_reasm.c
net/ipv6/reassembly.c
net/ipv6/sysctl_net_ipv6.c

index 6850a80a6886570cde60237c26df6d10adf8886d..9d43ac222d1507195905c04ecbc76f4569c8c4c8 100644 (file)
@@ -179,11 +179,6 @@ extern int sysctl_ip_nonlocal_bind;
 
 extern struct ctl_path net_ipv4_ctl_path[];
 
-/* From ip_fragment.c */
-struct inet_frags_ctl;
-extern struct inet_frags_ctl ip4_frags_ctl;
-extern int sysctl_ipfrag_max_dist;
-
 /* From inetpeer.c */
 extern int inet_peer_threshold;
 extern int inet_peer_minttl;
index 3712caeae74eedd11ec2a363fd4374020b59e10f..87ca1bf17d711e54b1278ed488ac7662b705f569 100644 (file)
@@ -587,7 +587,6 @@ extern int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf,
 
 #ifdef CONFIG_PROC_FS
 extern struct ctl_table *ipv6_icmp_sysctl_init(struct net *net);
-extern void ipv6_frag_sysctl_init(struct net *net);
 extern struct ctl_table *ipv6_route_sysctl_init(struct net *net);
 
 extern int  ac6_proc_init(void);
index f703533fb4db2ddf923e3cb301f3d706d101c547..abc55ad75c2b849b1b22e036275133785588c151 100644 (file)
@@ -16,6 +16,8 @@ extern void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb,
                               int (*okfn)(struct sk_buff *));
 
 struct inet_frags_ctl;
-extern struct inet_frags_ctl nf_frags_ctl;
+
+#include <linux/sysctl.h>
+extern struct ctl_table nf_ct_ipv6_sysctl_table[];
 
 #endif /* _NF_CONNTRACK_IPV6_H*/
index 2143bf30597a84b528e0cced57bc657dbe577417..a53463e594b959fe26829dcfabad860e7fd7e7a5 100644 (file)
@@ -50,7 +50,7 @@
  * as well. Or notify me, at least. --ANK
  */
 
-int sysctl_ipfrag_max_dist __read_mostly = 64;
+static int sysctl_ipfrag_max_dist __read_mostly = 64;
 
 struct ipfrag_skb_cb
 {
@@ -74,7 +74,7 @@ struct ipq {
        struct inet_peer *peer;
 };
 
-struct inet_frags_ctl ip4_frags_ctl __read_mostly = {
+static struct inet_frags_ctl ip4_frags_ctl __read_mostly = {
        /*
         * Fragment cache limits. We will commit 256K at one time. Should we
         * cross that limit we will prune down to 192K. This should cope with
@@ -607,8 +607,78 @@ int ip_defrag(struct sk_buff *skb, u32 user)
        return -ENOMEM;
 }
 
+#ifdef CONFIG_SYSCTL
+static int zero;
+
+static struct ctl_table ip4_frags_ctl_table[] = {
+       {
+               .ctl_name       = NET_IPV4_IPFRAG_HIGH_THRESH,
+               .procname       = "ipfrag_high_thresh",
+               .data           = &ip4_frags_ctl.high_thresh,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = &proc_dointvec
+       },
+       {
+               .ctl_name       = NET_IPV4_IPFRAG_LOW_THRESH,
+               .procname       = "ipfrag_low_thresh",
+               .data           = &ip4_frags_ctl.low_thresh,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = &proc_dointvec
+       },
+       {
+               .ctl_name       = NET_IPV4_IPFRAG_TIME,
+               .procname       = "ipfrag_time",
+               .data           = &ip4_frags_ctl.timeout,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = &proc_dointvec_jiffies,
+               .strategy       = &sysctl_jiffies
+       },
+       {
+               .ctl_name       = NET_IPV4_IPFRAG_SECRET_INTERVAL,
+               .procname       = "ipfrag_secret_interval",
+               .data           = &ip4_frags_ctl.secret_interval,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = &proc_dointvec_jiffies,
+               .strategy       = &sysctl_jiffies
+       },
+       {
+               .procname       = "ipfrag_max_dist",
+               .data           = &sysctl_ipfrag_max_dist,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = &proc_dointvec_minmax,
+               .extra1         = &zero
+       },
+       { }
+};
+
+static int ip4_frags_ctl_register(struct net *net)
+{
+       struct ctl_table_header *hdr;
+
+       hdr = register_net_sysctl_table(net, net_ipv4_ctl_path,
+                       ip4_frags_ctl_table);
+       return hdr == NULL ? -ENOMEM : 0;
+}
+#else
+static inline int ip4_frags_ctl_register(struct net *net)
+{
+       return 0;
+}
+#endif
+
+static int ipv4_frags_init_net(struct net *net)
+{
+       return ip4_frags_ctl_register(net);
+}
+
 void __init ipfrag_init(void)
 {
+       ipv4_frags_init_net(&init_net);
        ip4_frags.ctl = &ip4_frags_ctl;
        ip4_frags.hashfn = ip4_hashfn;
        ip4_frags.constructor = ip4_frag_init;
index 45536a91266a06bb2a34d74a48664097e230f33c..82cdf23837e3e8b9766ba5f7dbb28634a20c2675 100644 (file)
@@ -283,22 +283,6 @@ static struct ctl_table ipv4_table[] = {
                .mode           = 0644,
                .proc_handler   = &proc_dointvec
        },
-       {
-               .ctl_name       = NET_IPV4_IPFRAG_HIGH_THRESH,
-               .procname       = "ipfrag_high_thresh",
-               .data           = &ip4_frags_ctl.high_thresh,
-               .maxlen         = sizeof(int),
-               .mode           = 0644,
-               .proc_handler   = &proc_dointvec
-       },
-       {
-               .ctl_name       = NET_IPV4_IPFRAG_LOW_THRESH,
-               .procname       = "ipfrag_low_thresh",
-               .data           = &ip4_frags_ctl.low_thresh,
-               .maxlen         = sizeof(int),
-               .mode           = 0644,
-               .proc_handler   = &proc_dointvec
-       },
        {
                .ctl_name       = NET_IPV4_DYNADDR,
                .procname       = "ip_dynaddr",
@@ -307,15 +291,6 @@ static struct ctl_table ipv4_table[] = {
                .mode           = 0644,
                .proc_handler   = &proc_dointvec
        },
-       {
-               .ctl_name       = NET_IPV4_IPFRAG_TIME,
-               .procname       = "ipfrag_time",
-               .data           = &ip4_frags_ctl.timeout,
-               .maxlen         = sizeof(int),
-               .mode           = 0644,
-               .proc_handler   = &proc_dointvec_jiffies,
-               .strategy       = &sysctl_jiffies
-       },
        {
                .ctl_name       = NET_IPV4_TCP_KEEPALIVE_TIME,
                .procname       = "tcp_keepalive_time",
@@ -658,23 +633,6 @@ static struct ctl_table ipv4_table[] = {
                .mode           = 0644,
                .proc_handler   = &proc_dointvec
        },
-       {
-               .ctl_name       = NET_IPV4_IPFRAG_SECRET_INTERVAL,
-               .procname       = "ipfrag_secret_interval",
-               .data           = &ip4_frags_ctl.secret_interval,
-               .maxlen         = sizeof(int),
-               .mode           = 0644,
-               .proc_handler   = &proc_dointvec_jiffies,
-               .strategy       = &sysctl_jiffies
-       },
-       {
-               .procname       = "ipfrag_max_dist",
-               .data           = &sysctl_ipfrag_max_dist,
-               .maxlen         = sizeof(int),
-               .mode           = 0644,
-               .proc_handler   = &proc_dointvec_minmax,
-               .extra1         = &zero
-       },
        {
                .ctl_name       = NET_TCP_NO_METRICS_SAVE,
                .procname       = "tcp_no_metrics_save",
index 6738a7b0e67f1e221f536c78e882e3ad6068cb37..bddac0e8780f948f75b8de3d4fdb25e280080a2b 100644 (file)
@@ -721,10 +721,6 @@ static void cleanup_ipv6_mibs(void)
 static int inet6_net_init(struct net *net)
 {
        net->ipv6.sysctl.bindv6only = 0;
-       net->ipv6.sysctl.frags.high_thresh = 256 * 1024;
-       net->ipv6.sysctl.frags.low_thresh = 192 * 1024;
-       net->ipv6.sysctl.frags.timeout = IPV6_FRAG_TIMEOUT;
-       net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ;
        net->ipv6.sysctl.flush_delay = 0;
        net->ipv6.sysctl.ip6_rt_max_size = 4096;
        net->ipv6.sysctl.ip6_rt_gc_min_interval = HZ / 2;
@@ -734,7 +730,6 @@ static int inet6_net_init(struct net *net)
        net->ipv6.sysctl.ip6_rt_mtu_expires = 10*60*HZ;
        net->ipv6.sysctl.ip6_rt_min_advmss = IPV6_MIN_MTU - 20 - 40;
        net->ipv6.sysctl.icmpv6_time = 1*HZ;
-       ipv6_frag_sysctl_init(net);
 
        return 0;
 }
index cf42f5cfc3386efa257898b93e928d839ee48006..2d7b0246475d898848290fc38120cd41d1d73aa9 100644 (file)
@@ -297,35 +297,6 @@ static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = {
        },
 };
 
-#ifdef CONFIG_SYSCTL
-static ctl_table nf_ct_ipv6_sysctl_table[] = {
-       {
-               .procname       = "nf_conntrack_frag6_timeout",
-               .data           = &nf_frags_ctl.timeout,
-               .maxlen         = sizeof(unsigned int),
-               .mode           = 0644,
-               .proc_handler   = &proc_dointvec_jiffies,
-       },
-       {
-               .ctl_name       = NET_NF_CONNTRACK_FRAG6_LOW_THRESH,
-               .procname       = "nf_conntrack_frag6_low_thresh",
-               .data           = &nf_frags_ctl.low_thresh,
-               .maxlen         = sizeof(unsigned int),
-               .mode           = 0644,
-               .proc_handler   = &proc_dointvec,
-       },
-       {
-               .ctl_name       = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH,
-               .procname       = "nf_conntrack_frag6_high_thresh",
-               .data           = &nf_frags_ctl.high_thresh,
-               .maxlen         = sizeof(unsigned int),
-               .mode           = 0644,
-               .proc_handler   = &proc_dointvec,
-       },
-       { .ctl_name = 0 }
-};
-#endif
-
 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
 
 #include <linux/netfilter/nfnetlink.h>
index e170c67c47a5b613c7681d05d0b0f73c784e9c46..d631631189b67edd8afdade2a7bc4fe83b8d69e9 100644 (file)
@@ -70,7 +70,7 @@ struct nf_ct_frag6_queue
        __u16                   nhoffset;
 };
 
-struct inet_frags_ctl nf_frags_ctl __read_mostly = {
+static struct inet_frags_ctl nf_frags_ctl __read_mostly = {
        .high_thresh     = 256 * 1024,
        .low_thresh      = 192 * 1024,
        .timeout         = IPV6_FRAG_TIMEOUT,
@@ -79,6 +79,35 @@ struct inet_frags_ctl nf_frags_ctl __read_mostly = {
 
 static struct inet_frags nf_frags;
 
+#ifdef CONFIG_SYSCTL
+struct ctl_table nf_ct_ipv6_sysctl_table[] = {
+       {
+               .procname       = "nf_conntrack_frag6_timeout",
+               .data           = &nf_frags_ctl.timeout,
+               .maxlen         = sizeof(unsigned int),
+               .mode           = 0644,
+               .proc_handler   = &proc_dointvec_jiffies,
+       },
+       {
+               .ctl_name       = NET_NF_CONNTRACK_FRAG6_LOW_THRESH,
+               .procname       = "nf_conntrack_frag6_low_thresh",
+               .data           = &nf_frags_ctl.low_thresh,
+               .maxlen         = sizeof(unsigned int),
+               .mode           = 0644,
+               .proc_handler   = &proc_dointvec,
+       },
+       {
+               .ctl_name       = NET_NF_CONNTRACK_FRAG6_HIGH_THRESH,
+               .procname       = "nf_conntrack_frag6_high_thresh",
+               .data           = &nf_frags_ctl.high_thresh,
+               .maxlen         = sizeof(unsigned int),
+               .mode           = 0644,
+               .proc_handler   = &proc_dointvec,
+       },
+       { .ctl_name = 0 }
+};
+#endif
+
 static unsigned int ip6qhashfn(__be32 id, struct in6_addr *saddr,
                               struct in6_addr *daddr)
 {
index 4dfcddc871ce8c65f1cd1f955cd64babf96101b9..1815ff0cf6289296c25ad5a224e7c6300ae436a4 100644 (file)
@@ -625,12 +625,70 @@ static struct inet6_protocol frag_protocol =
        .flags          =       INET6_PROTO_NOPOLICY,
 };
 
-void ipv6_frag_sysctl_init(struct net *net)
+#ifdef CONFIG_SYSCTL
+static struct ctl_table ip6_frags_ctl_table[] = {
+       {
+               .ctl_name       = NET_IPV6_IP6FRAG_HIGH_THRESH,
+               .procname       = "ip6frag_high_thresh",
+               .data           = &init_net.ipv6.sysctl.frags.high_thresh,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = &proc_dointvec
+       },
+       {
+               .ctl_name       = NET_IPV6_IP6FRAG_LOW_THRESH,
+               .procname       = "ip6frag_low_thresh",
+               .data           = &init_net.ipv6.sysctl.frags.low_thresh,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = &proc_dointvec
+       },
+       {
+               .ctl_name       = NET_IPV6_IP6FRAG_TIME,
+               .procname       = "ip6frag_time",
+               .data           = &init_net.ipv6.sysctl.frags.timeout,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = &proc_dointvec_jiffies,
+               .strategy       = &sysctl_jiffies,
+       },
+       {
+               .ctl_name       = NET_IPV6_IP6FRAG_SECRET_INTERVAL,
+               .procname       = "ip6frag_secret_interval",
+               .data           = &init_net.ipv6.sysctl.frags.secret_interval,
+               .maxlen         = sizeof(int),
+               .mode           = 0644,
+               .proc_handler   = &proc_dointvec_jiffies,
+               .strategy       = &sysctl_jiffies
+       },
+       { }
+};
+
+static int ip6_frags_sysctl_register(struct net *net)
+{
+       struct ctl_table_header *hdr;
+
+       hdr = register_net_sysctl_table(net, net_ipv6_ctl_path,
+                       ip6_frags_ctl_table);
+       return hdr == NULL ? -ENOMEM : 0;
+}
+#else
+static inline int ip6_frags_sysctl_register(struct net *net)
 {
-       if (net != &init_net)
-               return;
+       return 0;
+}
+#endif
 
+static int ipv6_frags_init_net(struct net *net)
+{
        ip6_frags.ctl = &net->ipv6.sysctl.frags;
+
+       net->ipv6.sysctl.frags.high_thresh = 256 * 1024;
+       net->ipv6.sysctl.frags.low_thresh = 192 * 1024;
+       net->ipv6.sysctl.frags.timeout = IPV6_FRAG_TIMEOUT;
+       net->ipv6.sysctl.frags.secret_interval = 10 * 60 * HZ;
+
+       return ip6_frags_sysctl_register(net);
 }
 
 int __init ipv6_frag_init(void)
@@ -641,6 +699,8 @@ int __init ipv6_frag_init(void)
        if (ret)
                goto out;
 
+       ipv6_frags_init_net(&init_net);
+
        ip6_frags.hashfn = ip6_hashfn;
        ip6_frags.constructor = ip6_frag_init;
        ip6_frags.destructor = NULL;
index 7197eb74a7554a7305c5a8b0f9e7620e81e8571e..408691b777c226c2d0468137d5839cd658f8523d 100644 (file)
@@ -37,40 +37,6 @@ static ctl_table ipv6_table_template[] = {
                .mode           = 0644,
                .proc_handler   = &proc_dointvec
        },
-       {
-               .ctl_name       = NET_IPV6_IP6FRAG_HIGH_THRESH,
-               .procname       = "ip6frag_high_thresh",
-               .data           = &init_net.ipv6.sysctl.frags.high_thresh,
-               .maxlen         = sizeof(int),
-               .mode           = 0644,
-               .proc_handler   = &proc_dointvec
-       },
-       {
-               .ctl_name       = NET_IPV6_IP6FRAG_LOW_THRESH,
-               .procname       = "ip6frag_low_thresh",
-               .data           = &init_net.ipv6.sysctl.frags.low_thresh,
-               .maxlen         = sizeof(int),
-               .mode           = 0644,
-               .proc_handler   = &proc_dointvec
-       },
-       {
-               .ctl_name       = NET_IPV6_IP6FRAG_TIME,
-               .procname       = "ip6frag_time",
-               .data           = &init_net.ipv6.sysctl.frags.timeout,
-               .maxlen         = sizeof(int),
-               .mode           = 0644,
-               .proc_handler   = &proc_dointvec_jiffies,
-               .strategy       = &sysctl_jiffies,
-       },
-       {
-               .ctl_name       = NET_IPV6_IP6FRAG_SECRET_INTERVAL,
-               .procname       = "ip6frag_secret_interval",
-               .data           = &init_net.ipv6.sysctl.frags.secret_interval,
-               .maxlen         = sizeof(int),
-               .mode           = 0644,
-               .proc_handler   = &proc_dointvec_jiffies,
-               .strategy       = &sysctl_jiffies
-       },
        {
                .ctl_name       = NET_IPV6_MLD_MAX_MSF,
                .procname       = "mld_max_msf",
@@ -126,16 +92,12 @@ static int ipv6_sysctl_net_init(struct net *net)
        ipv6_table[1].child = ipv6_icmp_table;
 
        ipv6_table[2].data = &net->ipv6.sysctl.bindv6only;
-       ipv6_table[3].data = &net->ipv6.sysctl.frags.high_thresh;
-       ipv6_table[4].data = &net->ipv6.sysctl.frags.low_thresh;
-       ipv6_table[5].data = &net->ipv6.sysctl.frags.timeout;
-       ipv6_table[6].data = &net->ipv6.sysctl.frags.secret_interval;
 
        /* We don't want this value to be per namespace, it should be global
           to all namespaces, so make it read-only when we are not in the
           init network namespace */
        if (net != &init_net)
-               ipv6_table[7].mode = 0444;
+               ipv6_table[3].mode = 0444;
 
        net->ipv6.sysctl.table = register_net_sysctl_table(net, net_ipv6_ctl_path,
                                                           ipv6_table);