net: namespaceify sysctl_tcp_max_orphans

Signed-off-by: Hongbo Li <herberthbli@tencent.com>
Tencent · Jan 2, 2020 · 4bd3c7c · 4bd3c7c
1 parent 26fb4c4
commit 4bd3c7c
Show file tree

Hide file tree

Showing 6 changed files with 13 additions and 12 deletions.
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
@@ -161,6 +161,7 @@ struct netns_ipv4 {
 #endif
 
 	int sysctl_tcp_no_delay_ack;
+	int sysctl_tcp_max_orphans;
 
 	struct fib_notifier_ops	*notifier_ops;
 	unsigned int	fib_seq;	/* protected by rtnl_mutex */

diff --git a/include/net/tcp.h b/include/net/tcp.h
@@ -245,7 +245,6 @@ extern int sysctl_tcp_retrans_collapse;
 extern int sysctl_tcp_stdurg;
 extern int sysctl_tcp_rfc1337;
 extern int sysctl_tcp_abort_on_overflow;
-extern int sysctl_tcp_max_orphans;
 extern int sysctl_tcp_fack;
 extern int sysctl_tcp_reordering;
 extern int sysctl_tcp_max_reordering;
@@ -323,10 +322,11 @@ static inline bool tcp_too_many_orphans(struct sock *sk, int shift)
 {
 	struct percpu_counter *ocp = sk->sk_prot->orphan_count;
 	int orphans = percpu_counter_read_positive(ocp);
+	struct net *net = sock_net(sk);
 
-	if (orphans << shift > sysctl_tcp_max_orphans) {
+	if (orphans << shift > net->ipv4.sysctl_tcp_max_orphans) {
 		orphans = percpu_counter_sum_positive(ocp);
-		if (orphans << shift > sysctl_tcp_max_orphans)
+		if (orphans << shift > net->ipv4.sysctl_tcp_max_orphans)
 			return true;
 	}
 	return false;

diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
@@ -403,13 +403,6 @@ static struct ctl_table ipv4_table[] = {
 		.mode		= 0644,
 		.proc_handler	= proc_dointvec
 	},
-	{
-		.procname	= "tcp_max_orphans",
-		.data		= &sysctl_tcp_max_orphans,
-		.maxlen		= sizeof(int),
-		.mode		= 0644,
-		.proc_handler	= proc_dointvec
-	},
 	{
 		.procname	= "tcp_fastopen",
 		.data		= &sysctl_tcp_fastopen,
@@ -1183,6 +1176,13 @@ static struct ctl_table ipv4_net_table[] = {
 		.mode       = 0644,
 		.proc_handler   = proc_dointvec
 	},
+	{
+		.procname       = "tcp_max_orphans",
+		.data           = &init_net.ipv4.sysctl_tcp_max_orphans,
+		.maxlen         = sizeof(int),
+		.mode           = 0644,
+		.proc_handler   = proc_dointvec
+	},
 	{ }
 };
 

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
@@ -3531,7 +3531,7 @@ void __init tcp_init(void)
 
 
 	cnt = tcp_hashinfo.ehash_mask + 1;
-	sysctl_tcp_max_orphans = cnt / 2;
+	init_net.ipv4.sysctl_tcp_max_orphans = cnt / 2;
 
 	tcp_init_mem();
 	/* Set per-socket limits to no more than 1/128 the pressure threshold */

diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
@@ -89,7 +89,6 @@ int sysctl_tcp_challenge_ack_limit = 1000;
 
 int sysctl_tcp_stdurg __read_mostly;
 int sysctl_tcp_rfc1337 __read_mostly;
-int sysctl_tcp_max_orphans __read_mostly = NR_FILE;
 int sysctl_tcp_frto __read_mostly = 2;
 int sysctl_tcp_min_rtt_wlen __read_mostly = 300;
 int sysctl_tcp_moderate_rcvbuf __read_mostly = 1;

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
@@ -2510,6 +2510,7 @@ static int __net_init tcp_sk_init(struct net *net)
 	net->ipv4.sysctl_tcp_sack = 1;
 	net->ipv4.sysctl_tcp_window_scaling = 1;
 	net->ipv4.sysctl_tcp_timestamps = 1;
+	net->ipv4.sysctl_tcp_max_orphans = NR_FILE;
 
 	return 0;
 fail: