leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5c789e131c
linux/include/net/netfilter
History
Yi-Hung Wei 5c789e131c netfilter: nf_conncount: Add list lock and gc worker, and RCU for init tree search 
This patch is originally from Florian Westphal.

This patch does the following 3 main tasks.

1) Add list lock to 'struct nf_conncount_list' so that we can
alter the lists containing the individual connections without holding the
main tree lock.  It would be useful when we only need to add/remove to/from
a list without allocate/remove a node in the tree.  With this change, we
update nft_connlimit accordingly since we longer need to maintain
a list lock in nft_connlimit now.

2) Use RCU for the initial tree search to improve tree look up performance.

3) Add a garbage collection worker. This worker is schedule when there
are excessive tree node that needed to be recycled.

Moreover,the rbnode reclaim logic is moved from search tree to insert tree
to avoid race condition.

Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-07-18 11:26:37 +02:00
..
ipv4 netfilter: conntrack: remove l3proto abstraction 2018-07-17 15:27:49 +02:00
ipv6 netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
br_netfilter.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack_acct.h netfilter: introduce nf_conn_acct structure 2013-11-03 21:48:49 +01:00
nf_conntrack_core.h netfilter: conntrack: remove l3proto abstraction 2018-07-17 15:27:49 +02:00
nf_conntrack_count.h netfilter: nf_conncount: Add list lock and gc worker, and RCU for init tree search 2018-07-18 11:26:37 +02:00
nf_conntrack_ecache.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack_expect.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack_extend.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack_helper.h netfilter: nf_conntrack_broadcast: remove useless parameter 2018-03-05 23:15:43 +01:00
nf_conntrack_l4proto.h netfilter: conntrack: remove l3proto abstraction 2018-07-17 15:27:49 +02:00
nf_conntrack_labels.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack_seqadj.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack_synproxy.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack_timeout.h netfilter: conntrack: remove get_timeout() indirection 2018-07-16 17:55:01 +02:00
nf_conntrack_timestamp.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack_tuple.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack_zones.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_conntrack.h netfilter: conntrack: remove l3proto abstraction 2018-07-17 15:27:49 +02:00
nf_dup_netdev.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_flow_table.h rhashtable: split rhashtable.h 2018-06-22 13:43:27 +09:00
nf_log.h netfilter: check if the socket netns is correct. 2018-06-28 22:21:32 +09:00
nf_nat_core.h netfilter: add struct nf_nat_hook and use it 2018-05-23 09:26:07 +02:00
nf_nat_helper.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nf_nat_l3proto.h netfilter: nf_nat: add nat type hooks to nat core 2018-05-23 09:14:06 +02:00
nf_nat_l4proto.h netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat_redirect.h netfilter: add NAT support for shifted portmap ranges 2018-04-24 10:29:12 +02:00
nf_nat.h netfilter: nf_nat: add nat hook register functions to nf_nat 2018-05-23 09:14:05 +02:00
nf_queue.h netfilter: core: remove synchronize_net call if nfqueue is used 2018-01-08 18:01:06 +01:00
nf_socket.h netfilter: Decrease code duplication regarding transparent socket option 2018-06-03 00:02:01 +02:00
nf_tables_core.h netfilter: nf_tables: fix chain dependency validation 2018-06-01 09:46:22 +02:00
nf_tables_ipv4.h netfilter: nf_tables_inet: don't use multihook infrastructure anymore 2018-01-08 18:01:20 +01:00
nf_tables_ipv6.h netfilter: nf_tables_inet: don't use multihook infrastructure anymore 2018-01-08 18:01:20 +01:00
nf_tables.h netfilter: nf_tables: handle chain name lookups via rhltable 2018-06-03 01:18:37 +02:00
nf_tproxy.h netfilter: nft_tproxy: Move nf_tproxy_assign_sock() to nf_tproxy.h 2018-07-16 17:51:48 +02:00
nfnetlink_log.h netfilter: xt_NFLOG: use nf_log_packet instead of nfulnl_log_packet. 2018-04-19 13:02:44 +02:00
nft_fib.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nft_masq.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nft_redir.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
nft_reject.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xt_rateest.h netfilter: make xt_rateest hash table per net 2018-03-05 23:15:44 +01:00