| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2018-06-12 | netfilter: nf_conncount: Fix garbage collection with zones |   Yi-Hung Wei | 1 | -1/+1 | |
| Currently, we use check_hlist() for garbage colleciton. However, we use the ‘zone’ from the counted entry to query the existence of existing entries in the hlist. This could be wrong when they are in different zones, and this patch fixes this issue. Fixes: e59ea3df3fc2 ("netfilter: xt_connlimit: honor conntrack zone if available") Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |||||
| 2018-06-03 | netfilter: nf_tables: add connlimit support |   Pablo Neira Ayuso | 1 | -0/+297 | |
| This features which allows you to limit the maximum number of connections per arbitrary key. The connlimit expression is stateful, therefore it can be used from meters to dynamically populate a set, this provides a mapping to the iptables' connlimit match. This patch also comes that allows you define static connlimit policies. This extension depends on the nf_conncount infrastructure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |||||
 |
index : linux-dev | |
| Linux kernel development work - see feature branches | Jason A. Donenfeld |
| aboutsummaryrefslogtreecommitdiffstats |