iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Florian Westphal d7e7747ac5 netfilter: refuse insertion if chain has grown too large 
Also add a stat counter for this that gets exported both via old /proc
interface and ctnetlink.

Assuming the old default size of 16536 buckets and max hash occupancy of
64k, this results in 128k insertions (origin+reply), so ~8 entries per
chain on average.

The revised settings in this series will result in about two entries per
bucket on average.

This allows a hard-limit ceiling of 64.

This is not tunable at the moment, but its possible to either increase
nf_conntrack_buckets or decrease nf_conntrack_max to reduce average
lengths.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2021-08-30 11:52:21 +02:00
..
6lowpan
6lowpan: Fix some typos in nhc_udp.c
2021-03-24 17:52:11 -07:00
9p
9p/trans_virtio: Fix spelling mistakes
2021-06-02 14:01:55 -07:00
802
net/802/garp: fix memleak in garp_request_join()
2021-07-01 11:21:57 -07:00
8021q
net: vlan: pass thru all GSO_SOFTWARE in hw_enc_features
2021-06-18 11:58:03 -07:00
appletalk
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-06-18 19:47:02 -07:00
atm
atm: Use list_for_each_entry() to simplify code in resources.c
2021-06-10 14:08:09 -07:00
ax25
net/ax25: Delete obsolete TODO file
2021-03-30 16:54:50 -07:00
batman-adv
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-06-18 19:47:02 -07:00
bluetooth
Bluetooth: defer cleanup of resources in hci_unregister_dev()
2021-08-05 12:15:24 -07:00
bpf
bpf: Add missing bpf_read_[un]lock_trace() for syscall program
2021-08-10 10:10:49 +02:00
bpfilter
bpfilter: Specify the log level for the kmsg message
2021-06-25 13:13:50 +02:00
bridge
net: bridge: fix memleak in br_add_if()
2021-08-10 13:25:14 -07:00
caif
net: fix uninit-value in caif_seqpkt_sendmsg
2021-07-15 11:08:33 -07:00
can
can: j1939: j1939_xtp_rx_dat_one(): fix rxtimer value between consecutive TP.DT to 750ms
2021-07-24 19:02:24 +02:00
ceph
Networking changes for 5.14.
2021-06-30 15:51:09 -07:00
core
page_pool: mask the page->signature before the checking
2021-08-09 10:03:02 +01:00
dcb
net: dcb: Return the correct errno code
2021-06-01 17:01:33 -07:00
dccp
dccp: add do-while-0 stubs for dccp_pr_debug macros
2021-08-09 10:00:02 +01:00
decnet
net: decnet: Fix sleeping inside in af_decnet
2021-07-16 14:06:16 -07:00
dns_resolver
net: remove redundant 'depends on NET'
2021-01-27 17:04:12 -08:00
dsa
net: switchdev: zero-initialize struct switchdev_notifier_fdb_info emitted by drivers towards the bridge
2021-08-10 13:22:57 -07:00
ethernet
of: net: pass the dst buffer to of_get_mac_address()
2021-04-13 14:35:02 -07:00
ethtool
net: sock: extend SO_TIMESTAMPING for PHC binding
2021-07-01 13:08:18 -07:00
hsr
net: hsr: don't check sequence number if tag removal is offloaded
2021-06-16 12:13:01 -07:00
ieee802154
ieee802154: fix error return code in ieee802154_llsec_getparams()
2021-06-03 10:59:49 +02:00
ife
net: remove redundant 'depends on NET'
2021-01-27 17:04:12 -08:00
ipv4
net: igmp: fix data-race in igmp_ifc_timer_expire()
2021-08-10 11:56:52 +01:00
ipv6
ipv6: decrease hop limit counter in ip6_forward()
2021-07-23 16:40:41 +01:00
iucv
s390: iucv: Avoid field over-reading memcpy()
2021-07-01 15:54:01 -07:00
kcm
net: sock: introduce sk_error_report
2021-06-29 11:28:21 -07:00
key
net: Remove unnecessary variables
2021-05-26 07:03:39 +02:00
l2tp
l2tp: Fix spelling mistakes
2021-06-07 14:08:30 -07:00
l3mdev
l3mdev: Correct function names in the kerneldoc comments
2021-03-28 17:56:55 -07:00
lapb
net: lapb: Use list_for_each_entry() to simplify code in lapb_iface.c
2021-06-08 16:31:25 -07:00
llc
net: llc: fix skb_over_panic
2021-07-27 13:05:56 +01:00
mac80211
mac80211: fix enabling 4-address mode on a sta vif after assoc
2021-07-23 10:34:13 +02:00
mac802154
net: mac802154: Fix general protection fault
2021-04-06 22:42:16 +02:00
mpls
mpls: Remove redundant assignment to err
2021-04-27 14:17:00 -07:00
mptcp
mptcp: drop unused rcu member in mptcp_pm_addr_entry
2021-08-03 14:26:46 -07:00
ncsi
net/ncsi: add dummy response handler for Intel boards
2021-07-08 14:16:39 -07:00
netfilter
netfilter: refuse insertion if chain has grown too large
2021-08-30 11:52:21 +02:00
netlabel
netlabel: Fix memory leak in netlbl_mgmt_add_common
2021-06-15 11:19:04 -07:00
netlink
net: Use nlmsg_unicast() instead of netlink_unicast()
2021-07-13 09:28:29 -07:00
netrom
netrom: Decrease sock refcount when sock timers expire
2021-07-18 09:48:59 -07:00
nfc
TTY / Serial patches for 5.14-rc1
2021-07-05 14:08:24 -07:00
nsh
openvswitch
net: openvswitch: fix kernel-doc warnings in flow.c
2021-08-09 15:37:35 -07:00
packet
Networking changes for 5.14.
2021-06-30 15:51:09 -07:00
phonet
psample
psample: Add additional metadata attributes
2021-03-14 15:00:43 -07:00
qrtr
net: really fix the build...
2021-08-03 11:14:03 +01:00
rds
Networking changes for 5.14.
2021-06-30 15:51:09 -07:00
rfkill
Another set of updates, all over the map:
2021-04-20 16:44:04 -07:00
rose
net: rose: Fix fall-through warnings for Clang
2021-03-10 12:45:15 -08:00
rxrpc
Networking changes for 5.14.
2021-06-30 15:51:09 -07:00
sched
net: sched: act_mirred: Reset ct info when mirror/redirect skb
2021-08-09 10:58:47 +01:00
sctp
sctp: move the active_key update after sh_keys is added
2021-08-03 11:43:43 +01:00
smc
net/smc: Correct smc link connection counter in case of smc client
2021-08-09 10:46:59 +01:00
strparser
net: sock: introduce sk_error_report
2021-06-29 11:28:21 -07:00
sunrpc
NFS client updates for Linux 5.14
2021-07-09 09:43:57 -07:00
switchdev
net: switchdev: add a context void pointer to struct switchdev_notifier_info
2021-06-28 14:09:03 -07:00
tipc
tipc: do not write skb_shinfo frags when doing decrytion
2021-07-24 19:38:21 +01:00
tls
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-06-29 15:45:27 -07:00
unix
af_unix: fix garbage collect vs MSG_PEEK
2021-07-28 10:18:00 -07:00
vmw_vsock
VSOCK: handle VIRTIO_VSOCK_OP_CREDIT_REQUEST
2021-08-03 14:30:59 -07:00
wireless
cfg80211: Fix possible memory leak in function cfg80211_bss_update
2021-07-23 10:38:18 +02:00
x25
net: x25: Use list_for_each_entry() to simplify code in x25_route.c
2021-06-10 14:08:09 -07:00
xdp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-06-29 15:45:27 -07:00
xfrm
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
2021-08-04 10:45:41 +01:00
compat.c
net: Return the correct errno code
2021-06-03 15:13:56 -07:00
devres.c
net: devres: Correct a grammatical error
2021-06-11 12:55:28 -07:00
Kconfig
bpf, kconfig: Add consolidated menu entry for bpf with core options
2021-05-11 13:56:16 -07:00
Makefile
net: l3mdev: use obj-$(CONFIG_NET_L3_MASTER_DEV) form in net/Makefile
2021-01-27 17:03:52 -08:00
socket.c
net: socket: support hardware timestamp conversion to PHC bound
2021-07-01 13:08:18 -07:00
sysctl_net.c
net: Ensure net namespace isolation of sysctls
2021-04-12 13:27:11 -07:00