linux/net/ipv6/netfilter
Hannes Frederic Sowa 5a3da1fe95 inet: limit length of fragment queue hash table bucket lists
This patch introduces a constant limit of the fragment queue hash
table bucket list lengths. Currently the limit 128 is choosen somewhat
arbitrary and just ensures that we can fill up the fragment cache with
empty packets up to the default ip_frag_high_thresh limits. It should
just protect from list iteration eating considerable amounts of cpu.

If we reach the maximum length in one hash bucket a warning is printed.
This is implemented on the caller side of inet_frag_find to distinguish
between the different users of inet_fragment.c.

I dropped the out of memory warning in the ipv4 fragment lookup path,
because we already get a warning by the slab allocator.

Cc: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jesper Dangaard Brouer <jbrouer@redhat.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-03-19 10:28:36 -04:00
..
ip6_tables.c netfilter: Use IS_ERR_OR_NULL(). 2013-01-22 14:28:29 -05:00
ip6t_ah.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_eui64.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_frag.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_hbh.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6t_ipv6header.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ip6t_MASQUERADE.c netfilter: ip6tables: add MASQUERADE target 2012-08-30 03:00:18 +02:00
ip6t_mh.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_NPT.c netfilter: ip6t_NPT: Ensure to check lower part of prefixes are zero 2013-02-07 18:40:27 +01:00
ip6t_REJECT.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-01-15 15:05:59 -05:00
ip6t_rpfilter.c ipv6: introduce ip6_rt_put() 2012-11-03 14:59:05 -04:00
ip6t_rt.c netfilter: ip6_tables: add flags parameter to ipv6_find_hdr() 2012-05-09 12:53:47 +02:00
ip6table_filter.c netfilter: PTR_RET can be used 2012-08-14 02:31:47 +02:00
ip6table_mangle.c netfilter ip6table_mangle: Use ipv6_addr_equal() where appropriate. 2013-01-29 22:58:40 -05:00
ip6table_nat.c netfilter: nf_nat: Also handle non-ESTABLISHED routing changes in MASQUERADE 2012-12-16 23:28:30 +01:00
ip6table_raw.c netfilter: PTR_RET can be used 2012-08-14 02:31:47 +02:00
ip6table_security.c netfilter: PTR_RET can be used 2012-08-14 02:31:47 +02:00
Kconfig netfilter: combine ipt_REDIRECT and ip6t_REDIRECT 2012-09-21 12:12:05 +02:00
Makefile netfilter: combine ipt_REDIRECT and ip6t_REDIRECT 2012-09-21 12:12:05 +02:00
nf_conntrack_l3proto_ipv6.c netfilter: nf_ct_helper: better logging for dropped packets 2013-02-19 02:48:05 +01:00
nf_conntrack_proto_icmpv6.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
nf_conntrack_reasm.c inet: limit length of fragment queue hash table bucket lists 2013-03-19 10:28:36 -04:00
nf_defrag_ipv6_hooks.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00
nf_nat_l3proto_ipv6.c netfilter: ipv6: using csum_ipv6_magic requires net/ip6_checksum.h 2012-09-05 17:46:06 -04:00
nf_nat_proto_icmpv6.c ipv6: use IS_ENABLED() 2012-11-01 12:41:35 -04:00