1
linux/include/net
Patrick McHardy a71c085562 [NETFILTER]: nf_conntrack: use hashtable for expectations
Currently all expectations are kept on a global list that

- needs to be searched for every new conncetion
- needs to be walked for evicting expectations when a master connection
  has reached its limit
- needs to be walked on connection destruction for connections that
  have open expectations

This is obviously not good, especially when considering helpers like
H.323 that register *lots* of expectations and can set up permanent
expectations, but it also allows for an easy DoS against firewalls
using connection tracking helpers.

Use a hashtable for expectations to avoid incurring the search overhead
for every new connection. The default hash size is 1/256 of the conntrack
hash table size, this can be overriden using a module parameter.

This patch only introduces the hash table for expectation lookups and
keeps other users to reduce the noise, the following patches will get
rid of it completely.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-10 22:17:59 -07:00
..
bluetooth [Bluetooth] Fix L2CAP configuration parameter handling 2007-05-24 14:27:19 +02:00
irda [IrDA]: Netlink layer. 2007-07-10 22:16:43 -07:00
iucv [AF_IUCV]: Implementation of a skb backlog queue 2007-05-04 12:22:07 -07:00
netfilter [NETFILTER]: nf_conntrack: use hashtable for expectations 2007-07-10 22:17:59 -07:00
sctp [SCTP] Flag a pmtu change request 2007-06-13 20:44:42 +00:00
tc_act
tipc [TIPC]: Optimize stream send routine to avoid fragmentation 2007-07-10 22:06:12 -07:00
act_api.h [NET_SCHED]: Remove unnecessary stats_lock pointers 2007-07-10 22:16:38 -07:00
addrconf.h [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
af_rxrpc.h [AF_RXRPC]: Add an interface to the AF_RXRPC module for the AFS filesystem to use 2007-04-26 15:50:17 -07:00
af_unix.h [AF_UNIX]: Make socket locking much less confusing. 2007-06-03 18:08:40 -07:00
ah.h
arp.h
atmclip.h
ax25.h [SK_BUFF]: Introduce skb_reset_mac_header(skb) 2007-04-25 22:24:32 -07:00
ax88796.h AX88796 network driver 2007-07-10 12:41:08 -04:00
cfg80211.h [WIRELESS] cfg80211: Update comment for locking. 2007-04-25 22:29:48 -07:00
checksum.h [NET]: Make mangling a checksum (0 -> 0xffff on the wire) explicit. 2006-12-02 21:23:39 -08:00
cipso_ipv4.h [NetLabel]: consolidate the struct socket/sock handling to just struct sock 2007-06-08 13:33:09 -07:00
compat.h [NET]: Introduce SIOCGSTAMPNS ioctl to get timestamps with nanosec resolution 2007-04-25 22:24:04 -07:00
datalink.h
dn_dev.h
dn_fib.h [DECNet]: Use rtnl registration interface 2007-04-25 22:27:12 -07:00
dn_neigh.h
dn_nsp.h
dn_route.h [DECNet]: Use rtnl registration interface 2007-04-25 22:27:12 -07:00
dn.h
dsfield.h [NET]: IP header modifier helpers annotations. 2006-12-02 21:23:40 -08:00
dst.h [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
esp.h [NET]: Move generic skbuff stuff from XFRM code to generic code 2007-04-25 22:28:33 -07:00
fib_rules.h [NETLINK]: Mark netlink policies const 2007-06-07 13:40:10 -07:00
flow.h [IPV6] MIP6: Kill unnecessary ifdefs. 2007-07-10 22:15:41 -07:00
gen_stats.h
genetlink.h [NETLINK]: Mark netlink policies const 2007-06-07 13:40:10 -07:00
icmp.h
ieee80211_crypt.h [PATCH] Update my email address from jkmaline@cc.hut.fi to j@w1.fi 2007-04-28 11:01:01 -04:00
ieee80211_radiotap.h [PATCH] Remove comment about IEEE80211_RADIOTAP_FCS 2007-04-28 11:01:03 -04:00
ieee80211.h [PATCH] ieee80211: add ieee80211_channel_to_freq 2007-05-08 11:51:59 -04:00
ieee80211softmac_wx.h
ieee80211softmac.h
if_inet6.h
inet6_connection_sock.h [TCP]: Restore SKB socket owner setting in tcp_transmit_skb(). 2007-01-26 01:04:55 -08:00
inet6_hashtables.h [INET]: Use jhash + random secret for ehash. 2007-04-25 22:28:06 -07:00
inet_common.h
inet_connection_sock.h [TCP]: Restore SKB socket owner setting in tcp_transmit_skb(). 2007-01-26 01:04:55 -08:00
inet_ecn.h [SK_BUFF]: Convert skb->tail to sk_buff_data_t 2007-04-25 22:26:28 -07:00
inet_hashtables.h [NET]: change layout of ehash table 2007-02-08 14:16:46 -08:00
inet_sock.h [INET]: Use jhash + random secret for ehash. 2007-04-25 22:28:06 -07:00
inet_timewait_sock.h [INET]: twcal_jiffie should be unsigned long, not int 2007-03-05 13:32:48 -08:00
inetpeer.h
ip6_checksum.h [IPV6]: Dumb typo in generic csum_ipv6_magic() 2006-12-22 11:12:07 -08:00
ip6_fib.h [IPv6]: Use rtnl registration interface 2007-04-25 22:27:13 -07:00
ip6_route.h [IPv6]: Use rtnl registration interface 2007-04-25 22:27:13 -07:00
ip6_tunnel.h
ip_fib.h [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
ip_vs.h [NET]: ipvs checksum annotations. 2006-12-02 21:23:41 -08:00
ip.h [TCP]: Honour sk_bound_dev_if in tcp_v4_send_ack 2007-06-07 13:38:51 -07:00
ipcomp.h
ipconfig.h
ipip.h [IPV6] net/ipv6/sit.c: make 2 functions static 2006-12-02 21:26:15 -08:00
ipv6.h [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
ipx.h [SK_BUFF]: Introduce skb_transport_header(skb) 2007-04-25 22:25:31 -07:00
iw_handler.h [WEXT]: Clean up how wext is called. 2007-04-26 20:43:56 -07:00
lapb.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h [SK_BUFF]: Introduce skb_network_header() 2007-04-25 22:24:59 -07:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
mac80211.h [MAC80211]: Add mac80211 wireless stack. 2007-05-05 11:45:53 -07:00
mip6.h [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
ndisc.h
neighbour.h [NEIGH]: Use rtnl registration interface 2007-04-25 22:27:06 -07:00
netdma.h
netevent.h
netlabel.h [NetLabel]: consolidate the struct socket/sock handling to just struct sock 2007-06-08 13:33:09 -07:00
netlink.h [NETLINK]: attr: add nested compat attribute type 2007-07-10 22:15:38 -07:00
netrom.h [PATCH] mark struct file_operations const 1 2007-02-12 09:48:44 -08:00
nexthop.h
p8022.h
pkt_cls.h [SK_BUFF]: Convert skb->tail to sk_buff_data_t 2007-04-25 22:26:28 -07:00
pkt_sched.h [NET_SCHED]: Eliminate qdisc_tree_lock 2007-04-25 22:29:07 -07:00
protocol.h [INET]: Change protocol field in struct inet_protosw to u16 2006-12-02 21:30:55 -08:00
psnap.h
raw.h
rawv6.h [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
red.h [NET_SCHED]: turn PSCHED_GET_TIME into inline function 2007-04-25 22:27:55 -07:00
request_sock.h [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
rose.h [PATCH] mark struct file_operations const 1 2007-02-12 09:48:44 -08:00
route.h [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
rtnetlink.h [RTNETLINK]: Link creation API 2007-07-10 22:14:20 -07:00
sch_generic.h [NET_SCHED]: Unline tcf_destroy 2007-04-25 22:27:56 -07:00
scm.h
slhc_vj.h
snmp.h
sock.h [SOCK]: Shrink struct sock by 8 bytes on 64-bit. 2007-05-31 01:23:32 -07:00
syncppp.h
tcp_ecn.h [TCP]: Sed magic converts func(sk, tp, ...) -> func(sk, ...) 2007-04-25 22:29:34 -07:00
tcp_states.h
tcp.h [TCP]: Consolidate checking for tcp orphan count being too big. 2007-05-31 01:23:34 -07:00
timewait_sock.h [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
transp_v6.h
udp.h [UDP]: Revert 2-pass hashing changes. 2007-06-07 13:40:50 -07:00
udplite.h [UDP]: Revert 2-pass hashing changes. 2007-06-07 13:40:50 -07:00
wext.h [NET]: Fix networking compilation errors 2007-04-27 15:31:24 -07:00
wireless.h [WIRELESS] cfg80211: New wireless config infrastructure. 2007-04-25 22:29:41 -07:00
x25.h [X.25]: Adds /proc/sys/net/x25/x25_forward to control forwarding. 2007-02-08 13:34:36 -08:00
x25device.h [SK_BUFF]: Introduce skb_reset_mac_header(skb) 2007-04-25 22:24:32 -07:00
xfrm.h [UDP]: Cleanup UDP encapsulation code 2007-07-10 22:16:53 -07:00