OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net
History
Pablo Neira Ayuso 71d8c47fc6 netfilter: conntrack: introduce clash resolution on insertion race 
This patch introduces nf_ct_resolve_clash() to resolve race condition on
conntrack insertions.

This is particularly a problem for connection-less protocols such as
UDP, with no initial handshake. Two or more packets may race to insert
the entry resulting in packet drops.

Another problematic scenario are packets enqueued to userspace via
NFQUEUE after the raw table, that make it easier to trigger this
race.

To resolve this, the idea is to reset the conntrack entry to the one
that won race. Packet and bytes counters are also merged.

The 'insert_failed' stats still accounts for this situation, after
this patch, the drop counter is bumped whenever we drop packets, so we
can watch for unresolved clashes.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2016-05-05 16:39:50 +02:00
..
6lowpan 6lowpan: iphc: fix handling of link-local compression 2016-04-08 19:28:13 +02:00
9p net/9p: convert to new CQ API 2016-03-10 20:54:09 -05:00
802
8021q vlan: propagate gso_max_segs 2016-03-17 21:05:01 -04:00
appletalk appletalk: fix erroneous return value 2016-02-18 14:59:34 -05:00
atm
ax25 ax25: add link layer header validation function 2016-03-09 22:13:01 -05:00
batman-adv batman-adv: clarify CFG80211 dependency 2016-03-02 13:45:47 -05:00
bluetooth sock: tigthen lockdep checks for sock_owned_by_user 2016-04-13 22:37:20 -04:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-04-23 18:51:33 -04:00
caif net: caif: fix misleading indentation 2016-03-14 13:09:50 -04:00
can sock: enable timestamping using control messages 2016-04-04 15:50:30 -04:00
ceph mm, fs: get rid of PAGE_CACHE_* and page_cache_{get,release} macros 2016-04-04 10:41:08 -07:00
core libnl: nla_put_msecs(): align on a 64-bit area 2016-04-23 20:13:24 -04:00
dcb
dccp net: introduce lockdep_is_held and update various places to use it 2016-04-07 16:44:14 -04:00
decnet decnet: Do not build routes to devices without decnet private data. 2016-04-10 23:01:30 -04:00
dns_resolver
dsa net: dsa: remove tag_protocol from dsa_switch 2016-04-21 13:43:11 -04:00
ethernet eth: Pull header from first fragment via eth_get_headlen 2016-02-24 13:58:05 -05:00
hsr NLA_BINARY misuse bug in HSR 2016-04-21 13:59:08 -04:00
ieee802154 libnl: nla_put_le64(): align on a 64-bit area 2016-04-23 20:13:24 -04:00
ipv4 netfilter: conntrack: use a single hashtable for all namespaces 2016-05-05 16:39:47 +02:00
ipv6 netfilter: fix IS_ERR_VALUE usage 2016-04-29 11:02:33 +02:00
ipx
irda Merge 4.5-rc4 into tty-next 2016-02-14 14:36:04 -08:00
iucv
kcm kcm: Add receive message timeout 2016-03-09 16:36:15 -05:00
key
l2tp libnl: nla_put_msecs(): align on a 64-bit area 2016-04-23 20:13:24 -04:00
l3mdev net: l3mdev: address selection should only consider devices in L3 domain 2016-02-26 14:22:26 -05:00
lapb
llc sock: tigthen lockdep checks for sock_owned_by_user 2016-04-13 22:37:20 -04:00
mac80211 cfg80211: remove enum ieee80211_band 2016-04-12 15:56:15 +02:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
mpls GSO: Add GSO type for fixed IPv4 ID 2016-04-14 16:23:40 -04:00
netfilter netfilter: conntrack: introduce clash resolution on insertion race 2016-05-05 16:39:50 +02:00
netlabel netlabel: do not initialise statics to NULL 2016-03-07 11:08:26 -05:00
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-04-23 18:51:33 -04:00
netrom
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2016-04-24 00:12:08 -04:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-04-23 18:51:33 -04:00
phonet sock: struct proto hash function may error 2016-02-11 03:54:14 -05:00
rds RDS: Fix the atomicity for congestion map update 2016-04-16 19:01:05 -04:00
rfkill rfkill: Use switch to demux userspace operations 2016-04-05 10:48:53 +02:00
rose
rxrpc rxrpc: Create a null security type and get rid of conditional calls 2016-04-11 15:34:41 -04:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-04-23 18:51:33 -04:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-04-23 18:51:33 -04:00
sunrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-04-23 18:51:33 -04:00
switchdev switchdev: fix typo in comments/doc 2016-03-24 14:51:24 -04:00
tipc tipc: fix stale links after re-enabling bearer 2016-04-24 14:35:07 -04:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-02-23 00:09:14 -05:00
vmw_vsock VSOCK: Only check error on skb_recv_datagram when skb is NULL 2016-04-19 20:42:01 -04:00
wimax
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-04-23 18:51:33 -04:00
x25
xfrm xfrm: align nlattr properly when needed 2016-04-23 20:13:25 -04:00
Kconfig Make DST_CACHE a silent config option 2016-03-21 22:56:38 -04:00
Makefile kcm: Kernel Connection Multiplexor module 2016-03-09 16:36:14 -05:00
compat.c
socket.c Merge branch 'for-davem' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-04-14 00:39:15 -04:00
sysctl_net.c