OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net
History
Florian Westphal 0c66dc1ea3 netfilter: conntrack: register hooks in netns when needed by ruleset 
This makes use of nf_ct_netns_get/put added in previous patch.
We add get/put functions to nf_conntrack_l3proto structure, ipv4 and ipv6
then implement use-count to track how many users (nft or xtables modules)
have a dependency on ipv4 and/or ipv6 connection tracking functionality.

When count reaches zero, the hooks are unregistered.

This delays activation of connection tracking inside a namespace until
stateful firewall rule or nat rule gets added.

This patch breaks backwards compatibility in the sense that connection
tracking won't be active anymore when the protocol tracker module is
loaded.  This breaks e.g. setups that ctnetlink for flow accounting and
the like, without any '-m conntrack' packet filter rules.

Followup patch restores old behavour and makes new delayed scheme
optional via sysctl.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2016-12-04 21:17:24 +01:00
..
6lowpan
9p
802
8021q netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
appletalk
atm
ax25
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-26 23:42:21 -05:00
bridge netfilter: nf_log: do not assume ethernet header in netdev family 2016-12-04 20:45:33 +01:00
caif netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
can can: bcm: fix support for CAN FD frames 2016-11-23 15:22:18 +01:00
ceph libceph: initialize last_linger_id with a large integer 2016-11-10 20:13:08 +01:00
core net_sched: gen_estimator: account for timer drifts 2016-12-03 16:12:17 -05:00
dcb
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
decnet net: fix sleeping for sk_wait_event() 2016-11-14 13:17:21 -05:00
dns_resolver
dsa Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
ethernet
hsr
ieee802154
ipv4 netfilter: conntrack: register hooks in netns when needed by ruleset 2016-12-04 21:17:24 +01:00
ipv6 netfilter: conntrack: register hooks in netns when needed by ruleset 2016-12-04 21:17:24 +01:00
ipx
irda
iucv
kcm
key netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
l3mdev
lapb
llc net: fix sleeping for sk_wait_event() 2016-11-14 13:17:21 -05:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
mac802154
mpls
ncsi
netfilter netfilter: conntrack: register hooks in netns when needed by ruleset 2016-12-04 21:17:24 +01:00
netlabel
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
netrom
nfc
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
phonet netns: make struct pernet_operations::id unsigned int 2016-11-18 10:59:15 -05:00
qrtr
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
rfkill
rose
rxrpc
sched act_mirred: fix a typo in get_dev 2016-12-03 19:28:02 -05:00
sctp sctp: use new rhlist interface on sctp transport rhashtable 2016-11-16 23:22:17 -05:00
strparser
sunrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
switchdev
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-11-22 13:27:16 -05:00
vmw_vsock VSOCK: add loopback to virtio_transport 2016-11-24 11:53:15 -05:00
wimax
wireless wireless-drivers-next patches for 4.10 2016-11-27 20:26:59 -05:00
x25
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-12-03 12:29:53 -05:00
Kconfig bpf: BPF for lightweight tunnel infrastructure 2016-12-02 10:51:49 -05:00
Makefile
compat.c
socket.c tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING 2016-11-30 10:04:25 -05:00
sysctl_net.c