[NETNS][ICMP]: Move ICMP sysctls on struct net.
Initialization is moved to icmp_sk_init, all the places, that refer to them use init_net for now. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
1577519d6b
commit
a24022e188
4 changed files with 44 additions and 42 deletions
|
@ -65,11 +65,4 @@ static inline struct raw_sock *raw_sk(const struct sock *sk)
|
|||
return (struct raw_sock *)sk;
|
||||
}
|
||||
|
||||
extern int sysctl_icmp_echo_ignore_all;
|
||||
extern int sysctl_icmp_echo_ignore_broadcasts;
|
||||
extern int sysctl_icmp_ignore_bogus_error_responses;
|
||||
extern int sysctl_icmp_errors_use_inbound_ifaddr;
|
||||
extern int sysctl_icmp_ratelimit;
|
||||
extern int sysctl_icmp_ratemask;
|
||||
|
||||
#endif /* _ICMP_H */
|
||||
|
|
|
@ -35,5 +35,12 @@ struct netns_ipv4 {
|
|||
struct xt_table *iptable_raw;
|
||||
struct xt_table *arptable_filter;
|
||||
#endif
|
||||
|
||||
int sysctl_icmp_echo_ignore_all;
|
||||
int sysctl_icmp_echo_ignore_broadcasts;
|
||||
int sysctl_icmp_ignore_bogus_error_responses;
|
||||
int sysctl_icmp_ratelimit;
|
||||
int sysctl_icmp_ratemask;
|
||||
int sysctl_icmp_errors_use_inbound_ifaddr;
|
||||
};
|
||||
#endif
|
||||
|
|
|
@ -188,29 +188,6 @@ struct icmp_err icmp_err_convert[] = {
|
|||
},
|
||||
};
|
||||
|
||||
/* Control parameters for ECHO replies. */
|
||||
int sysctl_icmp_echo_ignore_all __read_mostly;
|
||||
int sysctl_icmp_echo_ignore_broadcasts __read_mostly = 1;
|
||||
|
||||
/* Control parameter - ignore bogus broadcast responses? */
|
||||
int sysctl_icmp_ignore_bogus_error_responses __read_mostly = 1;
|
||||
|
||||
/*
|
||||
* Configurable global rate limit.
|
||||
*
|
||||
* ratelimit defines tokens/packet consumed for dst->rate_token bucket
|
||||
* ratemask defines which icmp types are ratelimited by setting
|
||||
* it's bit position.
|
||||
*
|
||||
* default:
|
||||
* dest unreachable (3), source quench (4),
|
||||
* time exceeded (11), parameter problem (12)
|
||||
*/
|
||||
|
||||
int sysctl_icmp_ratelimit __read_mostly = 1 * HZ;
|
||||
int sysctl_icmp_ratemask __read_mostly = 0x1818;
|
||||
int sysctl_icmp_errors_use_inbound_ifaddr __read_mostly;
|
||||
|
||||
/*
|
||||
* ICMP control array. This specifies what to do with each ICMP.
|
||||
*/
|
||||
|
@ -310,8 +287,8 @@ static inline int icmpv4_xrlim_allow(struct rtable *rt, int type, int code)
|
|||
goto out;
|
||||
|
||||
/* Limit if icmp type is enabled in ratemask. */
|
||||
if ((1 << type) & sysctl_icmp_ratemask)
|
||||
rc = xrlim_allow(dst, sysctl_icmp_ratelimit);
|
||||
if ((1 << type) & init_net.ipv4.sysctl_icmp_ratemask)
|
||||
rc = xrlim_allow(dst, init_net.ipv4.sysctl_icmp_ratelimit);
|
||||
out:
|
||||
return rc;
|
||||
}
|
||||
|
@ -523,7 +500,8 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
|
|||
if (!(rt->rt_flags & RTCF_LOCAL)) {
|
||||
struct net_device *dev = NULL;
|
||||
|
||||
if (rt->fl.iif && sysctl_icmp_errors_use_inbound_ifaddr)
|
||||
if (rt->fl.iif &&
|
||||
init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr)
|
||||
dev = dev_get_by_index(net, rt->fl.iif);
|
||||
|
||||
if (dev) {
|
||||
|
@ -745,7 +723,7 @@ static void icmp_unreach(struct sk_buff *skb)
|
|||
* get the other vendor to fix their kit.
|
||||
*/
|
||||
|
||||
if (!sysctl_icmp_ignore_bogus_error_responses &&
|
||||
if (!init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses &&
|
||||
inet_addr_type(net, iph->daddr) == RTN_BROADCAST) {
|
||||
if (net_ratelimit())
|
||||
printk(KERN_WARNING "%u.%u.%u.%u sent an invalid ICMP "
|
||||
|
@ -840,7 +818,7 @@ static void icmp_redirect(struct sk_buff *skb)
|
|||
|
||||
static void icmp_echo(struct sk_buff *skb)
|
||||
{
|
||||
if (!sysctl_icmp_echo_ignore_all) {
|
||||
if (!init_net.ipv4.sysctl_icmp_echo_ignore_all) {
|
||||
struct icmp_bxm icmp_param;
|
||||
|
||||
icmp_param.data.icmph = *icmp_hdr(skb);
|
||||
|
@ -1051,7 +1029,7 @@ int icmp_rcv(struct sk_buff *skb)
|
|||
*/
|
||||
if ((icmph->type == ICMP_ECHO ||
|
||||
icmph->type == ICMP_TIMESTAMP) &&
|
||||
sysctl_icmp_echo_ignore_broadcasts) {
|
||||
init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts) {
|
||||
goto error;
|
||||
}
|
||||
if (icmph->type != ICMP_ECHO &&
|
||||
|
@ -1195,6 +1173,30 @@ int __net_init icmp_sk_init(struct net *net)
|
|||
*/
|
||||
sk->sk_prot->unhash(sk);
|
||||
}
|
||||
|
||||
/* Control parameters for ECHO replies. */
|
||||
net->ipv4.sysctl_icmp_echo_ignore_all = 0;
|
||||
net->ipv4.sysctl_icmp_echo_ignore_broadcasts = 1;
|
||||
|
||||
/* Control parameter - ignore bogus broadcast responses? */
|
||||
net->ipv4.sysctl_icmp_ignore_bogus_error_responses = 1;
|
||||
|
||||
/*
|
||||
* Configurable global rate limit.
|
||||
*
|
||||
* ratelimit defines tokens/packet consumed for dst->rate_token
|
||||
* bucket ratemask defines which icmp types are ratelimited by
|
||||
* setting it's bit position.
|
||||
*
|
||||
* default:
|
||||
* dest unreachable (3), source quench (4),
|
||||
* time exceeded (11), parameter problem (12)
|
||||
*/
|
||||
|
||||
net->ipv4.sysctl_icmp_ratelimit = 1 * HZ;
|
||||
net->ipv4.sysctl_icmp_ratemask = 0x1818;
|
||||
net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr = 0;
|
||||
|
||||
return 0;
|
||||
|
||||
fail:
|
||||
|
|
|
@ -406,7 +406,7 @@ static struct ctl_table ipv4_table[] = {
|
|||
{
|
||||
.ctl_name = NET_IPV4_ICMP_ECHO_IGNORE_ALL,
|
||||
.procname = "icmp_echo_ignore_all",
|
||||
.data = &sysctl_icmp_echo_ignore_all,
|
||||
.data = &init_net.ipv4.sysctl_icmp_echo_ignore_all,
|
||||
.maxlen = sizeof(int),
|
||||
.mode = 0644,
|
||||
.proc_handler = &proc_dointvec
|
||||
|
@ -414,7 +414,7 @@ static struct ctl_table ipv4_table[] = {
|
|||
{
|
||||
.ctl_name = NET_IPV4_ICMP_ECHO_IGNORE_BROADCASTS,
|
||||
.procname = "icmp_echo_ignore_broadcasts",
|
||||
.data = &sysctl_icmp_echo_ignore_broadcasts,
|
||||
.data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts,
|
||||
.maxlen = sizeof(int),
|
||||
.mode = 0644,
|
||||
.proc_handler = &proc_dointvec
|
||||
|
@ -422,7 +422,7 @@ static struct ctl_table ipv4_table[] = {
|
|||
{
|
||||
.ctl_name = NET_IPV4_ICMP_IGNORE_BOGUS_ERROR_RESPONSES,
|
||||
.procname = "icmp_ignore_bogus_error_responses",
|
||||
.data = &sysctl_icmp_ignore_bogus_error_responses,
|
||||
.data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses,
|
||||
.maxlen = sizeof(int),
|
||||
.mode = 0644,
|
||||
.proc_handler = &proc_dointvec
|
||||
|
@ -430,7 +430,7 @@ static struct ctl_table ipv4_table[] = {
|
|||
{
|
||||
.ctl_name = NET_IPV4_ICMP_ERRORS_USE_INBOUND_IFADDR,
|
||||
.procname = "icmp_errors_use_inbound_ifaddr",
|
||||
.data = &sysctl_icmp_errors_use_inbound_ifaddr,
|
||||
.data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr,
|
||||
.maxlen = sizeof(int),
|
||||
.mode = 0644,
|
||||
.proc_handler = &proc_dointvec
|
||||
|
@ -588,7 +588,7 @@ static struct ctl_table ipv4_table[] = {
|
|||
{
|
||||
.ctl_name = NET_IPV4_ICMP_RATELIMIT,
|
||||
.procname = "icmp_ratelimit",
|
||||
.data = &sysctl_icmp_ratelimit,
|
||||
.data = &init_net.ipv4.sysctl_icmp_ratelimit,
|
||||
.maxlen = sizeof(int),
|
||||
.mode = 0644,
|
||||
.proc_handler = &proc_dointvec
|
||||
|
@ -596,7 +596,7 @@ static struct ctl_table ipv4_table[] = {
|
|||
{
|
||||
.ctl_name = NET_IPV4_ICMP_RATEMASK,
|
||||
.procname = "icmp_ratemask",
|
||||
.data = &sysctl_icmp_ratemask,
|
||||
.data = &init_net.ipv4.sysctl_icmp_ratemask,
|
||||
.maxlen = sizeof(int),
|
||||
.mode = 0644,
|
||||
.proc_handler = &proc_dointvec
|
||||
|
|
Loading…
Reference in a new issue