ipvs: drop SCTP connections depending on state

[firefly-linux-kernel-4.4.55.git] / net / netfilter / ipvs / ip_vs_conn.c
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c

index a083bda322b6058cf0ba6b65b604bb046c8a79fd..4c8e5c0aa1aba96b03fae69ce153056a10bb7b95 100644 (file)
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
@@ -975,8 +975,7 @@ static void *ip_vs_conn_array(struct seq_file *seq, loff_t pos)
                                 return cp;
                         }
                 }
-               rcu_read_unlock();
-               rcu_read_lock();
+               cond_resched_rcu();
         }
  
         return NULL;
@@ -1015,8 +1014,7 @@ static void *ip_vs_conn_seq_next(struct seq_file *seq, void *v, loff_t *pos)
                         iter->l = &ip_vs_conn_tab[idx];
                         return cp;
                 }
-               rcu_read_unlock();
-               rcu_read_lock();
+               cond_resched_rcu();
         }
         iter->l = NULL;
         return NULL;
@@ -1206,17 +1204,13 @@ void ip_vs_random_dropentry(struct net *net)
         int idx;
         struct ip_vs_conn *cp, *cp_c;
  
+       rcu_read_lock();
         /*
          * Randomly scan 1/32 of the whole table every second
          */
         for (idx = 0; idx < (ip_vs_conn_tab_size>>5); idx++) {
                 unsigned int hash = net_random() & ip_vs_conn_tab_mask;
  
-               /*
-                *  Lock is actually needed in this loop.
-                */
-               rcu_read_lock();
-
                 hlist_for_each_entry_rcu(cp, &ip_vs_conn_tab[hash], c_list) {
                         if (cp->flags & IP_VS_CONN_F_TEMPLATE)
                                 /* connection template */
@@ -1237,6 +1231,18 @@ void ip_vs_random_dropentry(struct net *net)
                                 default:
                                         continue;
                                 }
+                       } else if (cp->protocol == IPPROTO_SCTP) {
+                               switch (cp->state) {
+                               case IP_VS_SCTP_S_INIT1:
+                               case IP_VS_SCTP_S_INIT:
+                                       break;
+                               case IP_VS_SCTP_S_ESTABLISHED:
+                                       if (todrop_entry(cp))
+                                               break;
+                                       continue;
+                               default:
+                                       continue;
+                               }
                         } else {
                                 if (!todrop_entry(cp))
                                         continue;
@@ -1252,8 +1258,9 @@ void ip_vs_random_dropentry(struct net *net)
                                 __ip_vs_conn_put(cp);
                         }
                 }
-               rcu_read_unlock();
+               cond_resched_rcu();
         }
+       rcu_read_unlock();
  }
  
  
@@ -1267,11 +1274,8 @@ static void ip_vs_conn_flush(struct net *net)
         struct netns_ipvs *ipvs = net_ipvs(net);
  
  flush_again:
+       rcu_read_lock();
         for (idx = 0; idx < ip_vs_conn_tab_size; idx++) {
-               /*
-                *  Lock is actually needed in this loop.
-                */
-               rcu_read_lock();
  
                 hlist_for_each_entry_rcu(cp, &ip_vs_conn_tab[idx], c_list) {
                         if (!ip_vs_conn_net_eq(cp, net))
@@ -1286,8 +1290,9 @@ flush_again:
                                 __ip_vs_conn_put(cp);
                         }
                 }
-               rcu_read_unlock();
+               cond_resched_rcu();
         }
+       rcu_read_unlock();
  
         /* the counter may be not NULL, because maybe some conn entries
            are run by slow timer handler or unhashed but still referred */