linux/net/ipv4/netfilter
Patrick McHardy d696c7bdaa netfilter: nf_conntrack: fix hash resizing with namespaces
As noticed by Jon Masters <jonathan@jonmasters.org>, the conntrack hash
size is global and not per namespace, but modifiable at runtime through
/sys/module/nf_conntrack/hashsize. Changing the hash size will only
resize the hash in the current namespace however, so other namespaces
will use an invalid hash size. This can cause crashes when enlarging
the hashsize, or false negative lookups when shrinking it.

Move the hash size into the per-namespace data and only use the global
hash size to initialize the per-namespace value when instanciating a
new namespace. Additionally restrict hash resizing to init_net for
now as other namespaces are not handled currently.

Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-02-08 11:18:07 -08:00
..
arp_tables.c netfilter: xtables: compat out of scope fix 2010-02-08 11:17:43 -08:00
arpt_mangle.c netfilter: xtables: move extension arguments into compound structure (5/6) 2008-10-08 11:35:19 +02:00
arptable_filter.c netfilter: xtables: mark initial tables constant 2009-08-24 14:56:30 +02:00
ip_queue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
ip_tables.c netfilter: xtables: compat out of scope fix 2010-02-08 11:17:43 -08:00
ipt_addrtype.c netfilter: netns-aware ipt_addrtype 2008-11-04 14:21:48 +01:00
ipt_ah.c netfilter: xtables: move extension arguments into compound structure (2/6) 2008-10-08 11:35:18 +02:00
ipt_CLUSTERIP.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_ecn.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_ECN.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-12-09 19:43:33 -08:00
ipt_LOG.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_MASQUERADE.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_NETMAP.c netfilter: xtables: move extension arguments into compound structure (5/6) 2008-10-08 11:35:19 +02:00
ipt_REDIRECT.c netfilter: xtables: move extension arguments into compound structure (5/6) 2008-10-08 11:35:19 +02:00
ipt_REJECT.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
ipt_ULOG.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
iptable_filter.c netfilter: xtables: mark initial tables constant 2009-08-24 14:56:30 +02:00
iptable_mangle.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
iptable_raw.c netfilter: xtables: mark initial tables constant 2009-08-24 14:56:30 +02:00
iptable_security.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
Kconfig netfilter: Kconfig spelling fixes (trivial) 2009-03-16 15:17:23 +01:00
Makefile netfilter: Combine ipt_ttl and ip6t_hl source 2009-02-18 18:39:31 +01:00
nf_conntrack_l3proto_ipv4_compat.c netfilter: nf_conntrack: fix hash resizing with namespaces 2010-02-08 11:18:07 -08:00
nf_conntrack_l3proto_ipv4.c netfilter: nf_conntrack: fix hash resizing with namespaces 2010-02-08 11:18:07 -08:00
nf_conntrack_proto_icmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
nf_defrag_ipv4.c netfilter: fix crashes in bridge netfilter caused by fragment jumps 2009-12-15 16:59:59 +01:00
nf_nat_amanda.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00
nf_nat_core.c netfilter: nf_conntrack: fix hash resizing with namespaces 2010-02-08 11:18:07 -08:00
nf_nat_ftp.c [NETFILTER]: remove unneeded rcu_dereference() calls 2007-11-07 04:08:23 -08:00
nf_nat_h323.c net: replace NIPQUAD() in net/ipv4/netfilter/ 2008-10-31 00:53:08 -07:00
nf_nat_helper.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2009-12-03 13:23:12 -08:00
nf_nat_irc.c net: replace NIPQUAD() in net/ipv4/netfilter/ 2008-10-31 00:53:08 -07:00
nf_nat_pptp.c netfilter: netns nat: PPTP NAT in netns 2008-10-08 11:35:11 +02:00
nf_nat_proto_common.c nf_nat: use secure_ipv4_port_ephemeral() for NAT port randomization 2008-08-18 21:32:32 -07:00
nf_nat_proto_dccp.c [NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre 2008-04-14 11:15:54 +02:00
nf_nat_proto_gre.c [NETFILTER]: nf_conntrack: const annotations in nf_conntrack_sctp, nf_nat_proto_gre 2008-04-14 11:15:54 +02:00
nf_nat_proto_icmp.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_sctp.c netfilter: Fix extra semi-colon in skb_walk_frags() changes. 2009-06-09 18:05:28 -07:00
nf_nat_proto_tcp.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_udp.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_udplite.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_proto_unknown.c [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_rule.c netfilter: xtables: mark initial tables constant 2009-08-24 14:56:30 +02:00
nf_nat_sip.c net: replace NIPQUAD() in net/ipv4/netfilter/ 2008-10-31 00:53:08 -07:00
nf_nat_snmp_basic.c net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
nf_nat_standalone.c netfilter: net/ipv[46]/netfilter: Move && and || to end of previous line 2009-11-23 23:17:06 +01:00
nf_nat_tftp.c [NETFILTER]: nf_{conntrack,nat}_tftp: annotate TFTP helper with const 2008-01-31 19:28:08 -08:00