kernel-ark/include/net
Patrick McHardy a71c085562 [NETFILTER]: nf_conntrack: use hashtable for expectations
Currently all expectations are kept on a global list that

- needs to be searched for every new conncetion
- needs to be walked for evicting expectations when a master connection
  has reached its limit
- needs to be walked on connection destruction for connections that
  have open expectations

This is obviously not good, especially when considering helpers like
H.323 that register *lots* of expectations and can set up permanent
expectations, but it also allows for an easy DoS against firewalls
using connection tracking helpers.

Use a hashtable for expectations to avoid incurring the search overhead
for every new connection. The default hash size is 1/256 of the conntrack
hash table size, this can be overriden using a module parameter.

This patch only introduces the hash table for expectation lookups and
keeps other users to reduce the noise, the following patches will get
rid of it completely.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-10 22:17:59 -07:00
..
bluetooth [Bluetooth] Fix L2CAP configuration parameter handling 2007-05-24 14:27:19 +02:00
irda [IrDA]: Netlink layer. 2007-07-10 22:16:43 -07:00
iucv
netfilter [NETFILTER]: nf_conntrack: use hashtable for expectations 2007-07-10 22:17:59 -07:00
sctp [SCTP] Flag a pmtu change request 2007-06-13 20:44:42 +00:00
tc_act
tipc [TIPC]: Optimize stream send routine to avoid fragmentation 2007-07-10 22:06:12 -07:00
act_api.h [NET_SCHED]: Remove unnecessary stats_lock pointers 2007-07-10 22:16:38 -07:00
addrconf.h [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
af_rxrpc.h
af_unix.h [AF_UNIX]: Make socket locking much less confusing. 2007-06-03 18:08:40 -07:00
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h AX88796 network driver 2007-07-10 12:41:08 -04:00
cfg80211.h
checksum.h
cipso_ipv4.h [NetLabel]: consolidate the struct socket/sock handling to just struct sock 2007-06-08 13:33:09 -07:00
compat.h
datalink.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dn.h
dsfield.h
dst.h [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
esp.h
fib_rules.h [NETLINK]: Mark netlink policies const 2007-06-07 13:40:10 -07:00
flow.h [IPV6] MIP6: Kill unnecessary ifdefs. 2007-07-10 22:15:41 -07:00
gen_stats.h
genetlink.h [NETLINK]: Mark netlink policies const 2007-06-07 13:40:10 -07:00
icmp.h
ieee80211_crypt.h
ieee80211_radiotap.h
ieee80211.h
ieee80211softmac_wx.h
ieee80211softmac.h
if_inet6.h
inet6_connection_sock.h
inet6_hashtables.h
inet_common.h
inet_connection_sock.h
inet_ecn.h
inet_hashtables.h
inet_sock.h
inet_timewait_sock.h
inetpeer.h
ip6_checksum.h
ip6_fib.h
ip6_route.h
ip6_tunnel.h
ip_fib.h [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
ip_vs.h
ip.h [TCP]: Honour sk_bound_dev_if in tcp_v4_send_ack 2007-06-07 13:38:51 -07:00
ipcomp.h
ipconfig.h
ipip.h
ipv6.h [XFRM]: Allow packet drops during larval state resolution. 2007-05-24 18:17:54 -07:00
ipx.h
iw_handler.h
lapb.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
mac80211.h
mip6.h [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
ndisc.h
neighbour.h
netdma.h
netevent.h
netlabel.h [NetLabel]: consolidate the struct socket/sock handling to just struct sock 2007-06-08 13:33:09 -07:00
netlink.h [NETLINK]: attr: add nested compat attribute type 2007-07-10 22:15:38 -07:00
netrom.h
nexthop.h
p8022.h
pkt_cls.h
pkt_sched.h
protocol.h
psnap.h
raw.h
rawv6.h [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
red.h
request_sock.h
rose.h
route.h [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
rtnetlink.h [RTNETLINK]: Link creation API 2007-07-10 22:14:20 -07:00
sch_generic.h
scm.h
slhc_vj.h
snmp.h
sock.h [SOCK]: Shrink struct sock by 8 bytes on 64-bit. 2007-05-31 01:23:32 -07:00
syncppp.h
tcp_ecn.h
tcp_states.h
tcp.h [TCP]: Consolidate checking for tcp orphan count being too big. 2007-05-31 01:23:34 -07:00
timewait_sock.h
transp_v6.h
udp.h [UDP]: Revert 2-pass hashing changes. 2007-06-07 13:40:50 -07:00
udplite.h [UDP]: Revert 2-pass hashing changes. 2007-06-07 13:40:50 -07:00
wext.h
wireless.h
x25.h
x25device.h
xfrm.h [UDP]: Cleanup UDP encapsulation code 2007-07-10 22:16:53 -07:00