korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-04 01:24:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
0c66dc1ea3
linux/net/ipv6
History
Florian Westphal 0c66dc1ea3 netfilter: conntrack: register hooks in netns when needed by ruleset 
This makes use of nf_ct_netns_get/put added in previous patch.
We add get/put functions to nf_conntrack_l3proto structure, ipv4 and ipv6
then implement use-count to track how many users (nft or xtables modules)
have a dependency on ipv4 and/or ipv6 connection tracking functionality.

When count reaches zero, the hooks are unregistered.

This delays activation of connection tracking inside a namespace until
stateful firewall rule or nat rule gets added.

This patch breaks backwards compatibility in the sense that connection
tracking won't be active anymore when the protocol tracker module is
loaded.  This breaks e.g. setups that ctnetlink for flow accounting and
the like, without any '-m conntrack' packet filter rules.

Followup patch restores old behavour and makes new delayed scheme
optional via sysctl.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-12-04 21:17:24 +01:00
..
ila ila: Fix crash caused by rhashtable changes 2016-11-02 15:26:02 -04:00
netfilter netfilter: conntrack: register hooks in netns when needed by ruleset 2016-12-04 21:17:24 +01:00
addrconf_core.c ipv6: change ipv6_stub_impl.ipv6_dst_lookup to take net argument 2015-07-31 15:21:30 -07:00
addrconf.c ipv6 addrconf: Implemented enhanced DAD (RFC7527) 2016-12-03 23:21:37 -05:00
addrlabel.c ipv6/addrlabel: fix ip6addrlbl_get() 2015-12-22 15:57:54 -05:00
af_inet6.c bpf: Add new cgroup attach type to enable sock modifications 2016-12-02 13:46:08 -05:00
ah6.c net: inet: Support UID-based routing in IP protocols. 2016-11-04 14:45:23 -04:00
anycast.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
calipso.c calipso: fix resource leak on calipso_genopt failure 2016-08-13 14:56:17 -07:00
datagram.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
esp6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
exthdrs_core.c ipv6: constify the skb pointer of ipv6_find_tlv(). 2016-06-27 15:06:15 -04:00
exthdrs_offload.c ipv6: fix exthdrs offload registration in out_rt path 2015-09-02 15:31:00 -07:00
exthdrs.c ipv6: sr: add support for SRH injection through setsockopt 2016-11-09 20:40:06 -05:00
fib6_rules.c net: flow: Add l3mdev flow update 2016-09-10 23:12:51 -07:00
fou6.c fou: add Kconfig options for IPv6 support 2016-05-29 22:24:21 -07:00
icmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
inet6_connection_sock.c net: inet: Support UID-based routing in IP protocols. 2016-11-04 14:45:23 -04:00
inet6_hashtables.c inet: Fix missing return value in inet6_hash 2016-10-29 12:01:49 -04:00
ip6_checksum.c ipv6: fix checksum annotation in udp6_csum_init 2016-06-14 15:26:42 -04:00
ip6_fib.c ipv6: report NLM_F_CREATE and NLM_F_EXCL flags in RTM_NEWROUTE events 2016-09-09 16:50:23 -07:00
ip6_flowlabel.c ipv6: add new struct ipcm6_cookie 2016-05-03 16:08:14 -04:00
ip6_gre.c netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
ip6_icmp.c ipv6: icmp: add a force_saddr param to icmp6_send() 2016-06-18 22:11:38 -07:00
ip6_input.c net: vrf: ipv6 support for local traffic to local addresses 2016-06-08 00:25:38 -07:00
ip6_offload.c ip6_offload: check segs for NULL in ipv6_gso_segment. 2016-12-02 13:34:58 -05:00
ip6_offload.h udp: Add GRO functions to UDP socket 2016-04-07 16:53:29 -04:00
ip6_output.c net: ipv4, ipv6: run cgroup eBPF egress programs 2016-11-25 16:26:04 -05:00
ip6_tunnel.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
ip6_udp_tunnel.c ip6_udp_tunnel: remove unused IPCB related codes 2016-11-02 15:18:36 -04:00
ip6_vti.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
ip6mr.c net: pim: add all RFC7761 message types 2016-10-31 16:18:30 -04:00
ipcomp6.c net: inet: Support UID-based routing in IP protocols. 2016-11-04 14:45:23 -04:00
ipv6_sockglue.c ipv6: sr: add support for SRH injection through setsockopt 2016-11-09 20:40:06 -05:00
Kconfig ipv6: sr: add option to control lwtunnel support 2016-11-16 11:29:46 -05:00
Makefile ipv6: sr: add option to control lwtunnel support 2016-11-16 11:29:46 -05:00
mcast_snoop.c net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code 2015-08-13 17:08:39 -07:00
mcast.c ipv6: fix a potential deadlock in do_ipv6_setsockopt() 2016-10-21 11:29:02 -04:00
mip6.c ipv6: use ktime_t for internal timestamps 2015-10-05 03:16:47 -07:00
ndisc.c ipv6 addrconf: Implemented enhanced DAD (RFC7527) 2016-12-03 23:21:37 -05:00
netfilter.c net: inet: Support UID-based routing in IP protocols. 2016-11-04 14:45:23 -04:00
output_core.c ipv6: Set skb->protocol properly for local output 2016-12-02 12:34:22 -05:00
ping.c net: inet: Support UID-based routing in IP protocols. 2016-11-04 14:45:23 -04:00
proc.c proc: Reduce cache miss in snmp6_seq_show 2016-09-30 01:50:44 -04:00
protocol.c net: Export inet_offloads and inet6_offloads 2014-09-19 17:15:31 -04:00
raw.c net: inet: Support UID-based routing in IP protocols. 2016-11-04 14:45:23 -04:00
reassembly.c ipv6: on reassembly, record frag_max_size 2016-11-03 15:41:11 -04:00
route.c ipv6 addrconf: Implemented enhanced DAD (RFC7527) 2016-12-03 23:21:37 -05:00
seg6_hmac.c ipv6: sr: add core files for SR HMAC support 2016-11-09 20:40:06 -05:00
seg6_iptunnel.c ipv6: sr: add calls to verify and insert HMAC signatures 2016-11-09 20:40:06 -05:00
seg6.c ipv6: sr: add option to control lwtunnel support 2016-11-16 11:29:46 -05:00
sit.c netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
syncookies.c tcp: randomize tcp timestamp offsets for each connection 2016-12-02 12:49:59 -05:00
sysctl_net_ipv6.c calipso: Add a label cache. 2016-06-27 15:06:17 -04:00
tcp_ipv6.c tcp: randomize tcp timestamp offsets for each connection 2016-12-02 12:49:59 -05:00
tcpv6_offload.c tcp: cleanup static functions 2015-02-28 16:56:51 -05:00
tunnel6.c ipv6: fix tunnel error handling 2015-11-03 10:52:13 -05:00
udp_impl.h udplite: call proper backlog handlers 2016-11-24 15:32:14 -05:00
udp_offload.c gso: Remove arbitrary checks for unsupported GSO 2016-05-20 18:03:15 -04:00
udp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-26 23:42:21 -05:00
udplite.c udplite: call proper backlog handlers 2016-11-24 15:32:14 -05:00
xfrm6_input.c vti6: fix input path 2016-09-21 10:09:14 +02:00
xfrm6_mode_beet.c xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c ipv6: update skb->csum when CE mark is propagated 2016-01-15 15:07:23 -05:00
xfrm6_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-10-24 06:54:12 -07:00
xfrm6_policy.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-09-12 15:52:44 -07:00
xfrm6_protocol.c xfrm6: Properly handle unsupported protocols 2014-05-06 07:08:38 +02:00
xfrm6_state.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
xfrm6_tunnel.c netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00