AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-19 22:49:55 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
4d3a57f23d
linux_dsm_epyc7002/net/ipv6
History
Florian Westphal 4d3a57f23d netfilter: conntrack: do not enable connection tracking unless needed 
Discussion during NFWS 2017 in Faro has shown that the current
conntrack behaviour is unreasonable.

Even if conntrack module is loaded on behalf of a single net namespace,
its turned on for all namespaces, which is expensive.  Commit
481fa37347 ("netfilter: conntrack: add nf_conntrack_default_on sysctl")
attempted to provide an alternative to the 'default on' behaviour by
adding a sysctl to change it.

However, as Eric points out, the sysctl only becomes available
once the module is loaded, and then its too late.

So we either have to move the sysctl to the core, or, alternatively,
change conntrack to become active only once the rule set requires this.

This does the latter, conntrack is only enabled when a rule needs it.

Reported-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2017-07-31 20:42:00 +02:00
..
ila netfilter: nf_hook_ops structs can be const 2017-07-31 19:10:44 +02:00
netfilter netfilter: conntrack: do not enable connection tracking unless needed 2017-07-31 20:42:00 +02:00
addrconf_core.c Ipvlan should return an error when an address is already in use. 2017-06-09 12:26:07 -04:00
addrconf.c net, ipv6: convert inet6_ifaddr.refcnt from atomic_t to refcount_t 2017-07-04 01:29:04 -07:00
addrlabel.c net, ipv6: convert ip6addrlbl_entry.refcnt from atomic_t to refcount_t 2017-07-04 01:29:04 -07:00
af_inet6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-26 22:39:08 -04:00
ah6.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2017-06-23 14:17:31 -04:00
anycast.c net, ipv6: convert ifacaddr6.aca_refcnt from atomic_t to refcount_t 2017-07-04 01:29:04 -07:00
calipso.c net, calipso: convert calipso_doi.refcount from atomic_t to refcount_t 2017-07-04 22:35:16 +01:00
datagram.c net: convert sock.sk_refcnt from atomic_t to refcount_t 2017-07-01 07:39:08 -07:00
esp6_offload.c esp6_offload: Fix IP6CB(skb)->nhoff for ESP GRO 2017-06-22 10:49:14 +02:00
esp6.c net: convert sock.sk_wmem_alloc from atomic_t to refcount_t 2017-07-01 07:39:08 -07:00
exthdrs_core.c ipv6: constify the skb pointer of ipv6_find_tlv(). 2016-06-27 15:06:15 -04:00
exthdrs_offload.c ipv6: fix exthdrs offload registration in out_rt path 2015-09-02 15:31:00 -07:00
exthdrs.c net, ipv6: convert ipv6_txoptions.refcnt from atomic_t to refcount_t 2017-07-04 01:29:03 -07:00
fib6_rules.c ipv6: Do not leak throw route references 2017-06-20 15:34:02 -04:00
fou6.c fou: make local function static 2017-05-21 13:42:36 -04:00
icmp.c net: don't global ICMP rate limit packets originating from loopback 2017-06-14 15:33:58 -04:00
inet6_connection_sock.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-28 10:33:06 -05:00
inet6_hashtables.c net: convert sock.sk_refcnt from atomic_t to refcount_t 2017-07-01 07:39:08 -07:00
ip6_checksum.c ipv6: fix checksum annotation in udp6_csum_init 2016-06-14 15:26:42 -04:00
ip6_fib.c net: ipv6: Compare lwstate in detecting duplicate nexthops 2017-07-06 10:48:01 +01:00
ip6_flowlabel.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
ip6_gre.c net: add netlink_ext_ack argument to rtnl_link_ops.validate 2017-06-26 23:13:22 -04:00
ip6_icmp.c ipv6: icmp: add a force_saddr param to icmp6_send() 2016-06-18 22:11:38 -07:00
ip6_input.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-04-20 10:35:33 -04:00
ip6_offload.c ipv6: Fix leak in ipv6_gso_segment(). 2017-06-04 21:41:10 -04:00
ip6_offload.h udp: Add GRO functions to UDP socket 2016-04-07 16:53:29 -04:00
ip6_output.c inet: Stop generating UFO packets. 2017-07-17 09:52:58 -07:00
ip6_tunnel.c net: add netlink_ext_ack argument to rtnl_link_ops.validate 2017-06-26 23:13:22 -04:00
ip6_udp_tunnel.c ip6_udp_tunnel: remove unused IPCB related codes 2016-11-02 15:18:36 -04:00
ip6_vti.c vti: revert flush x-netns xfrm cache when vti interface is removed 2017-07-18 11:13:41 -07:00
ip6mr.c ip6mr: add netlink notifications on mrt6msg cache reports 2017-06-21 11:22:53 -04:00
ipcomp6.c net: inet: Support UID-based routing in IP protocols. 2016-11-04 14:45:23 -04:00
ipv6_sockglue.c Merge branch 'work.memdup_user' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-07-05 16:05:24 -07:00
Kconfig ipv6: sr: select DST_CACHE by default 2017-03-27 16:05:06 -07:00
Makefile esp: Add a software GRO codepath 2017-02-15 11:04:11 +01:00
mcast_snoop.c net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code 2015-08-13 17:08:39 -07:00
mcast.c net, ipv6: convert ifmcaddr6.mca_refcnt from atomic_t to refcount_t 2017-07-04 01:29:04 -07:00
mip6.c ktime: Get rid of ktime_equal() 2016-12-25 17:21:23 +01:00
ndisc.c networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
netfilter.c net: inet: Support UID-based routing in IP protocols. 2016-11-04 14:45:23 -04:00
output_core.c ipv6: avoid overflow of offset in ip6_find_1stfragopt 2017-07-19 22:50:14 -07:00
ping.c net: ping: do not abuse udp_poll() 2017-06-04 22:56:55 -04:00
proc.c proc: snmp6: Use correct type in memset 2017-06-12 09:53:14 -04:00
protocol.c net: Add sysctl to toggle early demux for tcp and udp 2017-03-24 13:17:07 -07:00
raw.c net: ping: do not abuse udp_poll() 2017-06-04 22:56:55 -04:00
reassembly.c ipv6: on reassembly, record frag_max_size 2016-11-03 15:41:11 -04:00
route.c net: ipv6: Compare lwstate in detecting duplicate nexthops 2017-07-06 10:48:01 +01:00
seg6_hmac.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-02-07 16:29:30 -05:00
seg6_iptunnel.c net: add extack arg to lwtunnel build state 2017-05-30 11:55:32 -04:00
seg6.c ipv6: drop unused variables in seg6_genl_dumphac 2017-05-21 13:42:36 -04:00
sit.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-06-30 12:43:08 -04:00
syncookies.c ipv4: ipv6: initialize treq->txhash in cookie_v[46]_check() 2017-07-18 11:22:51 -07:00
sysctl_net_ipv6.c calipso: Add a label cache. 2016-06-27 15:06:17 -04:00
tcp_ipv6.c net: convert sock.sk_refcnt from atomic_t to refcount_t 2017-07-01 07:39:08 -07:00
tcpv6_offload.c
tunnel6.c ipv6: fix tunnel error handling 2015-11-03 10:52:13 -05:00
udp_impl.h udp: make *udp*_queue_rcv_skb() functions static 2017-05-18 10:23:33 -04:00
udp_offload.c inet: Remove software UFO fragmenting code. 2017-07-17 09:52:58 -07:00
udp.c net: convert sock.sk_refcnt from atomic_t to refcount_t 2017-07-01 07:39:08 -07:00
udplite.c udplite: call proper backlog handlers 2016-11-24 15:32:14 -05:00
xfrm6_input.c xfrm6: Fix IPv6 payload_len in xfrm6_transport_finish 2017-06-22 10:49:14 +02:00
xfrm6_mode_beet.c networking: make skb_pull & friends return void pointers 2017-06-16 11:48:39 -04:00
xfrm6_mode_ro.c ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() 2017-06-02 13:57:27 -04:00
xfrm6_mode_transport.c ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() 2017-06-02 13:57:27 -04:00
xfrm6_mode_tunnel.c xfrm: Add encapsulation header offsets while SKB is not encrypted 2017-04-14 10:07:39 +02:00
xfrm6_output.c xfrm: Add an IPsec hardware offloading API 2017-04-14 10:06:10 +02:00
xfrm6_policy.c xfrm: remove flow cache 2017-07-18 11:13:41 -07:00
xfrm6_protocol.c xfrm: input: constify xfrm_input_afinfo 2017-02-09 10:22:17 +01:00
xfrm6_state.c
xfrm6_tunnel.c net, ipv6: convert xfrm6_tunnel_spi.refcnt from atomic_t to refcount_t 2017-07-04 01:29:04 -07:00