Programming Languages Research Group: Git - firefly-linux-kernel-4.4.55.git/commit

author	Patrick McHardy <kaber@trash.net>
	Mon, 8 Feb 2010 19:18:07 +0000 (11:18 -0800)
committer	Greg Kroah-Hartman <gregkh@suse.de>
	Tue, 23 Feb 2010 15:37:53 +0000 (07:37 -0800)
commit	242a71829e57a4962e43f89cf50d5fa99ff8a3e5
tree	b62b836d4c33bf751cd1944a2e2b2d33ae9132f4	tree \| snapshot
parent	d619798aab2394997e0a4b9d2cb362306f221c97	commit \| diff

netfilter: nf_conntrack: fix hash resizing with namespaces

commit d696c7bdaa55e2208e56c6f98e6bc1599f34286d upstream.

As noticed by Jon Masters <jonathan@jonmasters.org>, the conntrack hash
size is global and not per namespace, but modifiable at runtime through
/sys/module/nf_conntrack/hashsize. Changing the hash size will only
resize the hash in the current namespace however, so other namespaces
will use an invalid hash size. This can cause crashes when enlarging
the hashsize, or false negative lookups when shrinking it.

Move the hash size into the per-namespace data and only use the global
hash size to initialize the per-namespace value when instanciating a
new namespace. Additionally restrict hash resizing to init_net for
now as other namespaces are not handled currently.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

include/net/netns/conntrack.h		diff \| blob \| history
include/net/netns/ipv4.h		diff \| blob \| history
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c		diff \| blob \| history
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c		diff \| blob \| history
net/ipv4/netfilter/nf_nat_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_expect.c		diff \| blob \| history
net/netfilter/nf_conntrack_helper.c		diff \| blob \| history
net/netfilter/nf_conntrack_netlink.c		diff \| blob \| history
net/netfilter/nf_conntrack_standalone.c		diff \| blob \| history