2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-20 19:23:57 +08:00
linux-next/include/net/netns
Florian Westphal 834184b1f3 netfilter: defrag: only register defrag functionality if needed
nf_defrag modules for ipv4 and ipv6 export an empty stub function.
Any module that needs the defragmentation hooks registered simply 'calls'
this empty function to create a phony module dependency -- modprobe will
then load the defrag module too.

This extends netfilter ipv4/ipv6 defragmentation modules to delay the hook
registration until the functionality is requested within a network namespace
instead of module load time for all namespaces.

Hooks are only un-registered on module unload or when a namespace that used
such defrag functionality exits.

We have to use struct net for this as the register hooks can be called
before netns initialization here from the ipv4/ipv6 conntrack module
init path.

There is no unregister functionality support, defrag will always be
active once it was requested inside a net namespace.

The reason is that defrag has impact on nft and iptables rulesets
(without defrag we might see framents).

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-12-06 21:42:00 +01:00
..
conntrack.h netfilter: conntrack: built-in support for UDPlite 2016-12-04 20:57:36 +01:00
core.h percpu: add __percpu sparse annotations to net 2010-02-16 23:05:38 -08:00
dccp.h [NETNS][DCCPV6]: Move the dccp_v6_ctl_sk on the struct net. 2008-04-13 22:32:25 -07:00
generic.h netns: fix net_generic() "id - 1" bloat 2016-12-03 15:59:58 -05:00
hash.h netns: constify net_hash_mix() and various callers 2015-03-18 22:00:34 -04:00
ieee802154_6lowpan.h ieee802154: 6lowpan: ensure MTU of 1280 for 6lowpan 2014-08-19 19:17:42 +02:00
ipv4.h ipv4: fib: Allow for consistent FIB dumping 2016-12-03 19:29:35 -05:00
ipv6.h ipv6: sr: add code base for control plane support of SR-IPv6 2016-11-09 20:40:06 -05:00
mib.h net: use IS_ENABLED(CONFIG_IPV6) 2011-12-11 18:25:16 -05:00
mpls.h mpls: Add a sysctl to control the size of the mpls label table 2015-03-04 00:26:06 -05:00
netfilter.h netfilter: defrag: only register defrag functionality if needed 2016-12-06 21:42:00 +01:00
nftables.h netfilter: nf_tables: add netdev table to filter from ingress 2015-05-26 18:41:23 +02:00
packet.h packet: fix broken build. 2012-08-23 09:29:45 -07:00
sctp.h net: sctp: dynamically enable or disable pf state 2015-12-16 10:56:50 -05:00
unix.h
x_tables.h netfilter: don't pull include/linux/netfilter.h from netns headers 2015-06-18 21:14:31 +02:00
xfrm.h xfrm: state: remove per-netns gc task 2016-08-24 13:16:06 +02:00