bdbbb8527b
In commitbe9f4a44e7("ipv4: tcp: remove per net tcp_sock") I tried to address contention on a socket lock, but the solution I chose was horrible : commit3a7c384ffd("ipv4: tcp: unicast_sock should not land outside of TCP stack") addressed a selinux regression. commit0980e56e50("ipv4: tcp: set unicast_sock uc_ttl to -1") took care of another regression. commitb5ec8eeac4("ipv4: fix ip_send_skb()") fixed another regression. commit811230cd85("tcp: ipv4: initialize unicast_sock sk_pacing_rate") was another shot in the dark. Really, just use a proper socket per cpu, and remove the skb_orphan() call, to re-enable flow control. This solves a serious problem with FQ packet scheduler when used in hostile environments, as we do not want to allocate a flow structure for every RST packet sent in response to a spoofed packet. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
103 lines
2.2 KiB
C
103 lines
2.2 KiB
C
/*
|
|
* ipv4 in net namespaces
|
|
*/
|
|
|
|
#ifndef __NETNS_IPV4_H__
|
|
#define __NETNS_IPV4_H__
|
|
|
|
#include <linux/uidgid.h>
|
|
#include <net/inet_frag.h>
|
|
|
|
struct tcpm_hash_bucket;
|
|
struct ctl_table_header;
|
|
struct ipv4_devconf;
|
|
struct fib_rules_ops;
|
|
struct hlist_head;
|
|
struct fib_table;
|
|
struct sock;
|
|
struct local_ports {
|
|
seqlock_t lock;
|
|
int range[2];
|
|
};
|
|
|
|
struct ping_group_range {
|
|
seqlock_t lock;
|
|
kgid_t range[2];
|
|
};
|
|
|
|
struct netns_ipv4 {
|
|
#ifdef CONFIG_SYSCTL
|
|
struct ctl_table_header *forw_hdr;
|
|
struct ctl_table_header *frags_hdr;
|
|
struct ctl_table_header *ipv4_hdr;
|
|
struct ctl_table_header *route_hdr;
|
|
struct ctl_table_header *xfrm4_hdr;
|
|
#endif
|
|
struct ipv4_devconf *devconf_all;
|
|
struct ipv4_devconf *devconf_dflt;
|
|
#ifdef CONFIG_IP_MULTIPLE_TABLES
|
|
struct fib_rules_ops *rules_ops;
|
|
bool fib_has_custom_rules;
|
|
struct fib_table *fib_local;
|
|
struct fib_table *fib_main;
|
|
struct fib_table *fib_default;
|
|
#endif
|
|
#ifdef CONFIG_IP_ROUTE_CLASSID
|
|
int fib_num_tclassid_users;
|
|
#endif
|
|
struct hlist_head *fib_table_hash;
|
|
struct sock *fibnl;
|
|
|
|
struct sock **icmp_sk;
|
|
struct inet_peer_base *peers;
|
|
struct tcpm_hash_bucket *tcp_metrics_hash;
|
|
unsigned int tcp_metrics_hash_log;
|
|
struct sock * __percpu *tcp_sk;
|
|
struct netns_frags frags;
|
|
#ifdef CONFIG_NETFILTER
|
|
struct xt_table *iptable_filter;
|
|
struct xt_table *iptable_mangle;
|
|
struct xt_table *iptable_raw;
|
|
struct xt_table *arptable_filter;
|
|
#ifdef CONFIG_SECURITY
|
|
struct xt_table *iptable_security;
|
|
#endif
|
|
struct xt_table *nat_table;
|
|
#endif
|
|
|
|
int sysctl_icmp_echo_ignore_all;
|
|
int sysctl_icmp_echo_ignore_broadcasts;
|
|
int sysctl_icmp_ignore_bogus_error_responses;
|
|
int sysctl_icmp_ratelimit;
|
|
int sysctl_icmp_ratemask;
|
|
int sysctl_icmp_errors_use_inbound_ifaddr;
|
|
|
|
struct local_ports ip_local_ports;
|
|
|
|
int sysctl_tcp_ecn;
|
|
int sysctl_ip_no_pmtu_disc;
|
|
int sysctl_ip_fwd_use_pmtu;
|
|
int sysctl_ip_nonlocal_bind;
|
|
|
|
int sysctl_fwmark_reflect;
|
|
int sysctl_tcp_fwmark_accept;
|
|
|
|
struct ping_group_range ping_group_range;
|
|
|
|
atomic_t dev_addr_genid;
|
|
|
|
#ifdef CONFIG_SYSCTL
|
|
unsigned long *sysctl_local_reserved_ports;
|
|
#endif
|
|
|
|
#ifdef CONFIG_IP_MROUTE
|
|
#ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES
|
|
struct mr_table *mrt;
|
|
#else
|
|
struct list_head mr_tables;
|
|
struct fib_rules_ops *mr_rules_ops;
|
|
#endif
|
|
#endif
|
|
atomic_t rt_genid;
|
|
};
|
|
#endif
|