OpenSDV
/
linux-stable-rt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux-stable-rt/net/netfilter
History
Patrick McHardy d696c7bdaa netfilter: nf_conntrack: fix hash resizing with namespaces 
As noticed by Jon Masters <jonathan@jonmasters.org>, the conntrack hash
size is global and not per namespace, but modifiable at runtime through
/sys/module/nf_conntrack/hashsize. Changing the hash size will only
resize the hash in the current namespace however, so other namespaces
will use an invalid hash size. This can cause crashes when enlarging
the hashsize, or false negative lookups when shrinking it.

Move the hash size into the per-namespace data and only use the global
hash size to initialize the per-namespace value when instanciating a
new namespace. Additionally restrict hash resizing to init_net for
now as other namespaces are not handled currently.

Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2010-02-08 11:18:07 -08:00
..
ipvs ipvs: Add boundary check on ioctl arguments 2010-01-04 16:37:12 +01:00
Kconfig
Makefile
core.c
nf_conntrack_acct.c
nf_conntrack_amanda.c
nf_conntrack_core.c netfilter: nf_conntrack: fix hash resizing with namespaces 2010-02-08 11:18:07 -08:00
nf_conntrack_ecache.c
nf_conntrack_expect.c netfilter: nf_conntrack: fix hash resizing with namespaces 2010-02-08 11:18:07 -08:00
nf_conntrack_extend.c
nf_conntrack_ftp.c netfilter: nf_ct_ftp: fix out of bounds read in update_nl_seq() 2010-01-07 18:33:18 +01:00
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: nf_conntrack: fix hash resizing with namespaces 2010-02-08 11:18:07 -08:00
nf_conntrack_irc.c
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: nf_conntrack: fix hash resizing with namespaces 2010-02-08 11:18:07 -08:00
nf_conntrack_pptp.c
nf_conntrack_proto.c
nf_conntrack_proto_dccp.c
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c
nf_conntrack_proto_sctp.c
nf_conntrack_proto_tcp.c
nf_conntrack_proto_udp.c
nf_conntrack_proto_udplite.c
nf_conntrack_sane.c
nf_conntrack_sip.c netfilter: nf_conntrack_sip: fix off-by-one in compact header parsing 2010-01-19 19:06:59 +01:00
nf_conntrack_standalone.c netfilter: nf_conntrack: fix hash resizing with namespaces 2010-02-08 11:18:07 -08:00
nf_conntrack_tftp.c
nf_internals.h
nf_log.c
nf_queue.c
nf_sockopt.c
nf_tproxy_core.c
nfnetlink.c
nfnetlink_log.c
nfnetlink_queue.c
x_tables.c
xt_CLASSIFY.c
xt_CONNMARK.c
xt_CONNSECMARK.c
xt_DSCP.c
xt_HL.c
xt_LED.c
xt_MARK.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_NOTRACK.c
xt_RATEEST.c
xt_SECMARK.c
xt_TCPMSS.c
xt_TCPOPTSTRIP.c
xt_TPROXY.c
xt_TRACE.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlimit.c
xt_connmark.c
xt_conntrack.c
xt_dccp.c
xt_dscp.c
xt_esp.c
xt_hashlimit.c
xt_helper.c
xt_hl.c
xt_iprange.c
xt_length.c
xt_limit.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_osf.c
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_realm.c
xt_recent.c
xt_sctp.c
xt_socket.c
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
xt_time.c
xt_u32.c