]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e925066) | patch
[NETFILTER]: nf_conntrack_expect: introduce nf_conntrack_expect_max sysct
authorPatrick McHardy <kaber@trash.net>
Sun, 8 Jul 2007 05:36:24 +0000 (22:36 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Wed, 11 Jul 2007 05:18:12 +0000 (22:18 -0700)
commit18c0a186725729e88d224fd117f7e647251c13ea
treec07c92616a50107c2dacc5836626d4b6a12c57aetree | snapshot
parente925066c8fe47113c2b53d0cfdf0a8bf39f8e998commit | diff
[NETFILTER]: nf_conntrack_expect: introduce nf_conntrack_expect_max sysct

As a last step of preventing DoS by creating lots of expectations, this
patch introduces a global maximum and a sysctl to control it. The default
is initialized to 4 * the expectation hash table size, which results in
1/64 of the default maxmimum of conntracks.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/netfilter/nf_conntrack_expect.h diff | blob | history
net/netfilter/nf_conntrack_expect.c diff | blob | history
net/netfilter/nf_conntrack_standalone.c diff | blob | history
Linux Kernel Source Tree.