linux/net/ipv4
Patrick McHardy d696c7bdaa netfilter: nf_conntrack: fix hash resizing with namespaces
As noticed by Jon Masters <jonathan@jonmasters.org>, the conntrack hash
size is global and not per namespace, but modifiable at runtime through
/sys/module/nf_conntrack/hashsize. Changing the hash size will only
resize the hash in the current namespace however, so other namespaces
will use an invalid hash size. This can cause crashes when enlarging
the hashsize, or false negative lookups when shrinking it.

Move the hash size into the per-namespace data and only use the global
hash size to initialize the per-namespace value when instanciating a
new namespace. Additionally restrict hash resizing to init_net for
now as other namespaces are not handled currently.

Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-02-08 11:18:07 -08:00
..
netfilter netfilter: nf_conntrack: fix hash resizing with namespaces 2010-02-08 11:18:07 -08:00
af_inet.c net: check kern before calling security subsystem 2009-11-05 22:18:18 -08:00
ah4.c xfrm: Use the user specified truncation length in ESP and AH 2009-11-25 15:48:41 -08:00
arp.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
cipso_ipv4.c ipv4: Define cipso_v4_delopt static 2009-10-07 14:45:58 -07:00
datagram.c inet: rename some inet_sock fields 2009-10-18 18:52:53 -07:00
devinet.c net: restore ip source validation 2009-12-25 17:30:22 -08:00
esp4.c xfrm: Use the user specified truncation length in ESP and AH 2009-11-25 15:48:41 -08:00
fib_frontend.c net: restore ip source validation 2009-12-25 17:30:22 -08:00
fib_hash.c ipv4: fib table algorithm performance improvement 2009-10-05 00:21:56 -07:00
fib_lookup.h ipv4: cleanup - remove two unused parameters from fib_semantic_match(). 2009-05-18 15:16:37 -07:00
fib_rules.c net: Allow fib_rule_unregister to batch 2009-12-03 12:22:55 -08:00
fib_semantics.c net: use net_eq to compare nets 2009-11-25 15:14:13 -08:00
fib_trie.c ipv4: fib table algorithm performance improvement 2009-10-05 00:21:56 -07:00
icmp.c icmp: icmp_send() can avoid a dev_put() 2009-11-01 23:55:10 -08:00
igmp.c net: Move && and || to end of previous line 2009-11-29 16:55:45 -08:00
inet_connection_sock.c TCPCT part 1a: add request_values parameter for sending SYNACK 2009-12-02 22:07:23 -08:00
inet_diag.c netlink: With opcode INET_DIAG_BC_S_LE dport was compared in inet_diag_bc_run() 2010-01-19 14:12:20 -08:00
inet_fragment.c inet fragments: fix sparse warning: context imbalance 2009-02-26 23:13:35 -08:00
inet_hashtables.c tcp: Fix a connect() race with timewait sockets 2009-12-08 20:17:51 -08:00
inet_lro.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
inet_timewait_sock.c [PATCH] tcp: documents timewait refcnt tricks 2009-12-08 20:19:53 -08:00
inetpeer.c inetpeer: Optimize inet_getid() 2009-11-13 20:46:58 -08:00
ip_forward.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
ip_fragment.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
ip_gre.c net: Simplify ip_gre pernet operations. 2009-12-01 16:15:57 -08:00
ip_input.c net: use net_eq to compare nets 2009-11-25 15:14:13 -08:00
ip_options.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
ip_output.c ip: fix mc_loop checks for tunnels with multicast outer addresses 2010-01-06 20:37:01 -08:00
ip_sockglue.c net: Cleanup redundant tests on unsigned 2009-10-29 01:39:54 -07:00
ipcomp.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
ipconfig.c Merge branch 'for-2.6.33' of git://linux-nfs.org/~bfields/linux 2009-12-16 10:43:34 -08:00
ipip.c net: Simplify ipip pernet operations. 2009-12-01 16:15:58 -08:00
ipmr.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-11-17 00:05:02 -08:00
Kconfig nfs: new subdir Documentation/filesystems/nfs 2009-10-27 19:34:04 -04:00
Makefile
netfilter.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
proc.c snmp: add missing counters for RFC 4293 2009-04-27 02:45:02 -07:00
protocol.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
raw.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-10-29 21:28:59 -07:00
route.c ipv4: don't remove /proc/net/rt_acct 2010-01-17 19:24:49 -08:00
syncookies.c tcp: Revert per-route SACK/DSACK/TIMESTAMP changes. 2009-12-15 20:56:42 -08:00
sysctl_net_ipv4.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
tcp_bic.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_cong.c Networking: use CAP_NET_ADMIN when deciding to call request_module 2009-08-14 11:18:34 +10:00
tcp_cubic.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_diag.c tcp: diag: Dont report negative values for rx queue 2009-12-03 16:06:13 -08:00
tcp_highspeed.c
tcp_htcp.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: Revert per-route SACK/DSACK/TIMESTAMP changes. 2009-12-15 20:56:42 -08:00
tcp_ipv4.c tcp: Revert per-route SACK/DSACK/TIMESTAMP changes. 2009-12-15 20:56:42 -08:00
tcp_lp.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp_minisocks.c tcp: Revert per-route SACK/DSACK/TIMESTAMP changes. 2009-12-15 20:56:42 -08:00
tcp_output.c tcp: Revert per-route SACK/DSACK/TIMESTAMP changes. 2009-12-15 20:56:42 -08:00
tcp_probe.c tcp_probe: avoid modulus operation and wrap fix 2010-01-25 15:47:50 -08:00
tcp_scalable.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_timer.c tcp: Stalling connections: Move timeout calculation routine 2009-12-08 20:56:11 -08:00
tcp_vegas.c tcp: tcp_vegas ssthresh bugfix 2009-05-25 22:44:59 -07:00
tcp_vegas.h
tcp_veno.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp_westwood.c
tcp_yeah.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
tcp.c tcp: Remove runtime check that can never be true. 2009-12-08 20:07:54 -08:00
tunnel4.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udp.c udp: udp_lib_get_port() fix 2009-12-13 19:32:39 -08:00
udplite.c net: drop capability from protocol definitions 2009-11-05 21:40:17 -08:00
xfrm4_input.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm4_output.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm4_policy.c netns xfrm: deal with dst entries in netns 2010-01-24 22:47:53 -08:00
xfrm4_state.c
xfrm4_tunnel.c