public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-11-18 20:57:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

netfilter: conntrack: register sysctl table for gre

Browse source 
This patch adds two sysctl knobs for GRE:

	net.netfilter.nf_conntrack_gre_timeout = 30
	net.netfilter.nf_conntrack_gre_timeout_stream = 180

Update the Documentation as well.

Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Yafang Shao 2018-12-18 21:14:07 +08:00 committed by Pablo Neira Ayuso
parent 294304e4c5
commit a0badcc665
2 changed files with 50 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Documentation/networking/nf_conntrack-sysctl.txt
View file

@ -161,3 +161,12 @@ nf_conntrack_udp_timeout_stream - INTEGER (seconds)
This extended timeout will be used in case there is an UDP stream This extended timeout will be used in case there is an UDP stream
detected. detected.
nf_conntrack_gre_timeout - INTEGER (seconds)
default 30
nf_conntrack_gre_timeout_stream - INTEGER (seconds)
default 180
This extended timeout will be used in case there is an GRE stream
detected.

42
net/netfilter/nf_conntrack_proto_gre.c
View file

@ -332,9 +332,49 @@ gre_timeout_nla_policy[CTA_TIMEOUT_GRE_MAX+1] = {
}; };
#endif /* CONFIG_NF_CONNTRACK_TIMEOUT */ #endif /* CONFIG_NF_CONNTRACK_TIMEOUT */
#ifdef CONFIG_SYSCTL
static struct ctl_table gre_sysctl_table[] = {
{
.procname = "nf_conntrack_gre_timeout",
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
{
.procname = "nf_conntrack_gre_timeout_stream",
.maxlen = sizeof(unsigned int),
.mode = 0644,
.proc_handler = proc_dointvec_jiffies,
},
{}
};
#endif
static int gre_kmemdup_sysctl_table(struct net *net, struct nf_proto_net *nf,
struct netns_proto_gre *net_gre)
{
#ifdef CONFIG_SYSCTL
int i;
if (nf->ctl_table)
return 0;
nf->ctl_table = kmemdup(gre_sysctl_table,
sizeof(gre_sysctl_table),
GFP_KERNEL);
if (!nf->ctl_table)
return -ENOMEM;
for (i = 0; i < GRE_CT_MAX; i++)
nf->ctl_table[i].data = &net_gre->gre_timeouts[i];
#endif
return 0;
}
static int gre_init_net(struct net *net) static int gre_init_net(struct net *net)
{ {
struct netns_proto_gre *net_gre = gre_pernet(net); struct netns_proto_gre *net_gre = gre_pernet(net);
struct nf_proto_net *nf = &net_gre->nf;
int i; int i;
rwlock_init(&net_gre->keymap_lock); rwlock_init(&net_gre->keymap_lock);
@ -342,7 +382,7 @@ static int gre_init_net(struct net *net)
for (i = 0; i < GRE_CT_MAX; i++) for (i = 0; i < GRE_CT_MAX; i++)
net_gre->gre_timeouts[i] = gre_timeouts[i]; net_gre->gre_timeouts[i] = gre_timeouts[i];
return 0; return gre_kmemdup_sysctl_table(net, nf, net_gre);
} }
/* protocol helper struct */ /* protocol helper struct */