1
linux/net
Patrick McHardy a71c085562 [NETFILTER]: nf_conntrack: use hashtable for expectations
Currently all expectations are kept on a global list that

- needs to be searched for every new conncetion
- needs to be walked for evicting expectations when a master connection
  has reached its limit
- needs to be walked on connection destruction for connections that
  have open expectations

This is obviously not good, especially when considering helpers like
H.323 that register *lots* of expectations and can set up permanent
expectations, but it also allows for an easy DoS against firewalls
using connection tracking helpers.

Use a hashtable for expectations to avoid incurring the search overhead
for every new connection. The default hash size is 1/256 of the conntrack
hash table size, this can be overriden using a module parameter.

This patch only introduces the hash table for expectation lookups and
keeps other users to reduce the noise, the following patches will get
rid of it completely.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-10 22:17:59 -07:00
..
802 [NET]: cleanup extra semicolons 2007-04-25 22:29:24 -07:00
8021q [VLAN]: Use rtnl_link API 2007-07-10 22:15:03 -07:00
appletalk header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
atm [NET]: SPIN_LOCK_UNLOCKED cleanup in drivers/atm, net 2007-04-26 01:37:44 -07:00
ax25 [S390] Kconfig: unwanted menus for s390. 2007-05-10 15:46:07 +02:00
bluetooth Fix use-after-free oops in Bluetooth HID. 2007-07-07 12:22:37 -07:00
bridge [NET]: IPV6 checksum offloading in network devices 2007-07-10 22:15:52 -07:00
core [NETFILTER]: x_tables: add TRACE target 2007-07-10 22:17:14 -07:00
dccp [CCID3]: Fix a bug in the send time processing 2007-07-10 22:15:34 -07:00
decnet [NET]: dev_mcast: unexport dev_mc_upload 2007-07-10 22:15:53 -07:00
econet [SK_BUFF]: Convert skb->tail to sk_buff_data_t 2007-04-25 22:26:28 -07:00
ethernet [CORE] Stack changes to add multiqueue hardware support API 2007-07-10 22:16:21 -07:00
ieee80211 [PATCH] softmac: use list_for_each_entry 2007-07-08 22:16:37 -04:00
ipv4 [NETFILTER]: nf_conntrack: reduce masks to a subset of tuples 2007-07-10 22:17:55 -07:00
ipv6 [NETFILTER]: nf_conntrack: remove 'ignore_conntrack' argument from nf_conntrack_find_get 2007-07-10 22:17:41 -07:00
ipx Fix incorrect prototype for ipxrtr_route_packet() 2007-05-17 05:25:49 -07:00
irda [IrDA]: tsap init routine factorisation. 2007-07-10 22:16:52 -07:00
iucv Add suspend-related notifications for CPU hotplug 2007-05-09 12:30:56 -07:00
key xfrm: Add security check before flushing SAD/SPD 2007-06-07 13:42:46 -07:00
lapb
llc Fix occurrences of "the the " 2007-05-09 08:57:56 +02:00
mac80211 [MAC80211]: Set low initial rate in rc80211_simple 2007-07-10 22:16:25 -07:00
netfilter [NETFILTER]: nf_conntrack: use hashtable for expectations 2007-07-10 22:17:59 -07:00
netlabel [NetLabel]: consolidate the struct socket/sock handling to just struct sock 2007-06-08 13:33:09 -07:00
netlink [NETLINK]: attr: add nested compat attribute type 2007-07-10 22:15:38 -07:00
netrom [NET]: Rework dev_base via list_head (v3) 2007-05-03 15:13:45 -07:00
packet [AF_PACKET]: Kill CONFIG_PACKET_SOCKET. 2007-05-31 01:23:32 -07:00
rfkill [RFKILL]: Fix check for correct rfkill allocation 2007-05-19 12:24:39 -07:00
rose [NET]: Rework dev_base via list_head (v3) 2007-05-03 15:13:45 -07:00
rxrpc [AF_RXRPC]: Return the number of bytes buffered in rxrpc_send_data() 2007-06-18 23:30:41 -07:00
sched [NET_SCHED]: Remove unnecessary includes 2007-07-10 22:16:41 -07:00
sctp SCTP: Add scope_id validation for link-local binds 2007-07-05 17:40:15 -07:00
sunrpc sendfile: convert nfsd to splice_direct_to_actor() 2007-07-10 08:04:14 +02:00
tipc [TIPC]: Optimize stream send routine to avoid fragmentation 2007-07-10 22:06:12 -07:00
unix [AF_UNIX]: Fix stream recvmsg() race. 2007-06-07 13:40:44 -07:00
wanrouter [NET]: Fix comparisons of unsigned < 0. 2007-06-03 18:08:47 -07:00
wireless [PATCH] cfg80211: fix signed macaddress in sysfs 2007-06-11 17:47:41 -04:00
x25 header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
xfrm [XFRM] Introduce standalone SAD lookup 2007-07-10 22:16:35 -07:00
compat.c [NET]: Adding SO_TIMESTAMPNS / SCM_TIMESTAMPNS support 2007-04-25 22:24:21 -07:00
Kconfig [S390] Kconfig: no wireless on s390. 2007-05-10 15:46:08 +02:00
Makefile [NET]: rfkill: add support for input key to control wireless radio 2007-05-07 00:34:20 -07:00
nonet.c
socket.c Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
sysctl_net.c
TUNABLE