OpenE2K/linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
f87fb666bb
linux/net/ipv4
History
Jan Kasprzak f87fb666bb netfilter: nf_ct_icmp: keep the ICMP ct entries longer 
Current conntrack code kills the ICMP conntrack entry as soon as
the first reply is received. This is incorrect, as we then see only
the first ICMP echo reply out of several possible duplicates as
ESTABLISHED, while the rest will be INVALID. Also this unnecessarily
increases the conntrackd traffic on H-A firewalls.

Make all the ICMP conntrack entries (including the replied ones)
last for the default of nf_conntrack_icmp{,v6}_timeout seconds.

Signed-off-by: Jan "Yenya" Kasprzak <kas@fi.muni.cz>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-06-08 15:53:43 +02:00
..
netfilter netfilter: nf_ct_icmp: keep the ICMP ct entries longer 2009-06-08 15:53:43 +02:00
af_inet.c ipv4: Use 32-bit loads for ID and length in GRO 2009-05-27 03:26:02 -07:00
ah4.c netns xfrm: AH/ESP in netns! 2008-11-25 17:59:27 -08:00
arp.c ipv4: arp announce, arp_proxy and windows ip conflict verification 2009-03-13 16:02:07 -07:00
cipso_ipv4.c netlabel: Label incoming TCP connections correctly in SELinux 2009-03-28 15:01:36 +11:00
datagram.c
devinet.c net: Fix devinet_sysctl_forward 2009-05-18 22:15:58 -07:00
esp4.c netns xfrm: AH/ESP in netns! 2008-11-25 17:59:27 -08:00
fib_frontend.c ipv4: cleanup: remove unnecessary include. 2009-05-18 15:16:38 -07:00
fib_hash.c ipv4: cleanup - remove two unused parameters from fib_semantic_match(). 2009-05-18 15:16:37 -07:00
fib_lookup.h ipv4: cleanup - remove two unused parameters from fib_semantic_match(). 2009-05-18 15:16:37 -07:00
fib_rules.c net: Remove unused parameter from fill method in fib_rules_ops. 2009-05-20 17:26:23 -07:00
fib_semantics.c ipv4: cleanup - remove two unused parameters from fib_semantic_match(). 2009-05-18 15:16:37 -07:00
fib_trie.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-05-25 01:42:21 -07:00
icmp.c netns: Fix icmp shutdown. 2009-03-03 01:14:15 -08:00
igmp.c netns: igmp: make /proc/net/{igmp,mcfilter} per netns 2008-12-25 16:42:51 -08:00
inet_connection_sock.c net: move bsockets outside of read only beginning of struct inet_hashinfo 2009-02-01 12:31:33 -08:00
inet_diag.c inet_diag: Remove dup assignments 2009-04-28 08:03:26 -07:00
inet_fragment.c inet fragments: fix sparse warning: context imbalance 2009-02-26 23:13:35 -08:00
inet_hashtables.c net: move bsockets outside of read only beginning of struct inet_hashinfo 2009-02-01 12:31:33 -08:00
inet_lro.c
inet_timewait_sock.c net: Make inet_twsk_put similar to sock_put 2009-05-06 16:50:52 -07:00
inetpeer.c
ip_forward.c
ip_fragment.c netns: oops in ip[6]_frag_reasm incrementing stats 2009-03-18 23:26:11 -07:00
ip_gre.c gre: used time_before for comparing jiffies 2009-02-24 23:34:48 -08:00
ip_input.c snmp: add missing counters for RFC 4293 2009-04-27 02:45:02 -07:00
ip_options.c
ip_output.c snmp: add missing counters for RFC 4293 2009-04-27 02:45:02 -07:00
ip_sockglue.c
ipcomp.c netns xfrm: state lookup in netns 2008-11-25 17:30:50 -08:00
ipconfig.c ipv4: teach ipconfig about the MTU option in DHCP 2009-05-19 15:36:17 -07:00
ipip.c ipip: used time_before for comparing jiffies 2009-02-24 23:36:47 -08:00
ipmr.c ipmr: use goto to common label instead of opencoding 2009-02-06 23:46:51 -08:00
Kconfig ipv4: make default for INET_LRO consistent with help text 2009-05-18 21:48:38 -07:00
Makefile
netfilter.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2008-11-28 02:19:15 -08:00
proc.c snmp: add missing counters for RFC 4293 2009-04-27 02:45:02 -07:00
protocol.c
raw.c ip: support for TX timestamps on UDP and RAW sockets 2009-02-15 22:43:38 -08:00
route.c net: fix rtable leak in net/ipv4/route.c 2009-05-20 17:18:02 -07:00
syncookies.c syncookies: remove last_synq_overflow from struct tcp_sock 2009-04-20 02:25:26 -07:00
sysctl_net_ipv4.c
tcp_bic.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_cong.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_cubic.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_diag.c
tcp_highspeed.c
tcp_htcp.c htcp: merge icsk_ca_state compare 2009-03-02 03:00:14 -08:00
tcp_hybla.c
tcp_illinois.c
tcp_input.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2009-05-08 02:48:30 -07:00
tcp_ipv4.c tcp:fix the code indent 2009-05-05 12:29:47 -07:00
tcp_lp.c
tcp_minisocks.c tcp: consolidate paws check 2009-03-15 20:09:52 -07:00
tcp_output.c tcp: extend ECN sysctl to allow server-side only ECN 2009-05-04 11:07:36 -07:00
tcp_probe.c tcp: '< 0' test on unsigned 2009-03-13 16:05:14 -07:00
tcp_scalable.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_timer.c tcp: cleanup ca_state mess in tcp_timer 2009-03-02 03:00:13 -08:00
tcp_vegas.c tcp: tcp_vegas cong avoid fix 2008-12-09 00:13:04 -08:00
tcp_vegas.h
tcp_veno.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_westwood.c
tcp_yeah.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp.c tcp: Do not check flush when comparing options for GRO 2009-05-27 03:26:05 -07:00
tunnel4.c
udp_impl.h
udp.c ipv6: Fix NULL pointer dereference with time-wait sockets 2009-04-11 01:53:06 -07:00
udplite.c
xfrm4_input.c ipsec: Remove useless ret variable 2008-12-26 01:31:18 -08:00
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
xfrm4_state.c xfrm: remove useless forward declarations 2008-11-25 01:05:54 -08:00
xfrm4_tunnel.c