Kernel/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-01-13 00:29:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
linux/net/netfilter
History
Florian Westphal 870190a9ec netfilter: nat: convert nat bysrc hash to rhashtable 
It did use a fixed-size bucket list plus single lock to protect add/del.

Unlike the main conntrack table we only need to add and remove keys.
Convert it to rhashtable to get table autosizing and per-bucket locking.

The maximum number of entries is -- as before -- tied to the number of
conntracks so we do not need another upperlimit.

The change does not handle rhashtable_remove_fast error, only possible
"error" is -ENOENT, and that is something that can happen legitimetely,
e.g. because nat module was inserted at a later time and no src manip
took place yet.

Tested with http-client-benchmark + httpterm with DNAT and SNAT rules
in place.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-07-11 12:07:57 +02:00
..
ipset
netfilter: ipset: fix race condition in ipset save, swap and delete
2016-03-28 17:57:45 +02:00
ipvs
ipvs: update real-server binding of outgoing connections in SIP-pe
2016-06-06 09:47:25 +09:00
core.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2015-10-24 06:54:12 -07:00
Kconfig
netfilter: Remove references to obsolete CONFIG_IP_ROUTE_FWMARK
2016-07-01 16:37:07 +02:00
Makefile
netfilter: nf_tables: add forward expression to the netdev family
2016-01-04 17:48:38 +01:00
nf_conntrack_acct.c
netfilter: Remove uses of seq_<foo> return values
2015-03-18 10:51:35 +01:00
nf_conntrack_amanda.c
net: Remove state argument from skb_find_text()
2015-02-22 15:59:54 -05:00
nf_conntrack_broadcast.c
netfilter: nf_conntrack: nf_conntrack snmp helper
2011-01-18 18:12:24 +01:00
nf_conntrack_core.c
netfilter: conntrack: simplify early_drop
2016-07-11 11:46:22 +02:00
nf_conntrack_ecache.c
netfilter: conntrack: move expectation event helper to ecache.c
2016-04-12 23:01:57 +02:00
nf_conntrack_expect.c
netfilter: conntrack: use a single expectation table for all namespaces
2016-05-06 11:50:01 +02:00
nf_conntrack_extend.c
netfilter: move nat hlist_head to nf_conn
2016-07-11 11:47:50 +02:00
nf_conntrack_ftp.c
netfilter: nf_ct_helper: Fix helper unregister count.
2016-05-30 12:21:22 +02:00
nf_conntrack_h323_asn1.c
netfilter: h323: bug in parsing of ASN1 SEQOF field
2011-04-04 15:21:02 +02:00
nf_conntrack_h323_main.c
ipv6: Remove external dependency on rt6i_gateway and RTF_ANYCAST
2015-05-25 13:25:33 -04:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c
netfilter: nf_ct_helper: unlink helper again when hash resize happen
2016-07-11 11:44:34 +02:00
nf_conntrack_irc.c
netfilter: nf_ct_helper: Fix helper unregister count.
2016-05-30 12:21:22 +02:00
nf_conntrack_l3proto_generic.c
netfilter: Convert print_tuple functions to return void
2014-11-05 14:10:33 -05:00
nf_conntrack_labels.c
netfilter: connlabels: change nf_connlabels_get bit arg to 'highest used'
2016-04-18 20:39:48 +02:00
nf_conntrack_netbios_ns.c
netfilter: nf_conntrack: nf_conntrack snmp helper
2011-01-18 18:12:24 +01:00
nf_conntrack_netlink.c
netfilter: conntrack: use a single expectation table for all namespaces
2016-05-06 11:50:01 +02:00
nf_conntrack_pptp.c
netfilter: nf_conntrack: push zone object into functions
2015-08-11 12:29:01 +02:00
nf_conntrack_proto_dccp.c
libnl: nla_put_be64(): align on a 64-bit area
2016-04-23 20:13:24 -04:00
nf_conntrack_proto_generic.c
netfilter: nf_conntrack: Add a struct net parameter to l4_pkt_to_tuple
2015-09-18 22:00:04 +02:00
nf_conntrack_proto_gre.c
netfilter: nf_conntrack: Add a struct net parameter to l4_pkt_to_tuple
2015-09-18 22:00:04 +02:00
nf_conntrack_proto_sctp.c
netfilter: conntrack: don't acquire lock during seq_printf
2016-04-19 20:26:25 +02:00
nf_conntrack_proto_tcp.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2016-04-24 00:12:08 -04:00
nf_conntrack_proto_udp.c
netfilter: conntrack: introduce clash resolution on insertion race
2016-05-05 16:39:50 +02:00
nf_conntrack_proto_udplite.c
netfilter: conntrack: introduce clash resolution on insertion race
2016-05-05 16:39:50 +02:00
nf_conntrack_proto.c
netfilter: nf_conntrack: remove dead code
2014-01-03 23:41:37 +01:00
nf_conntrack_sane.c
netfilter: nf_ct_helper: Fix helper unregister count.
2016-05-30 12:21:22 +02:00
nf_conntrack_seqadj.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
nf_conntrack_sip.c
netfilter: nf_ct_helper: Fix helper unregister count.
2016-05-30 12:21:22 +02:00
nf_conntrack_snmp.c
netfilter: nf_ct_snmp: add include file
2013-01-18 00:28:18 +01:00
nf_conntrack_standalone.c
netfilter: conntrack: fix race between nf_conntrack proc read and hash resize
2016-07-11 11:38:57 +02:00
nf_conntrack_tftp.c
netfilter: nf_ct_helper: Fix helper unregister count.
2016-05-30 12:21:22 +02:00
nf_conntrack_timeout.c
netfilter: cttimeout: add netns support
2015-12-14 12:48:58 +01:00
nf_conntrack_timestamp.c
netfilter: nf_ct_timestamp: Fix BUG_ON after netns deletion
2013-12-20 14:58:29 +01:00
nf_dup_netdev.c
net: remove skb_sender_cpu_clear()
2016-03-01 17:36:47 -05:00
nf_internals.h
netfilter: nf_queue: fix nf_queue_nf_hook_drop()
2015-07-23 16:17:58 +02:00
nf_log_common.c
netfilter: bridge: add helpers for fetching physin/outdev
2015-04-08 16:49:08 +02:00
nf_log.c
netfilter: nf_log: fix error on write NONE to logger choice sysctl
2016-07-05 14:57:57 +02:00
nf_nat_amanda.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
nf_nat_core.c
netfilter: nat: convert nat bysrc hash to rhashtable
2016-07-11 12:07:57 +02:00
nf_nat_ftp.c
netfilter: nf_ct_helper: better logging for dropped packets
2013-02-19 02:48:05 +01:00
nf_nat_helper.c
netfilter: nf_conntrack: make sequence number adjustments usuable without NAT
2013-08-28 00:26:48 +02:00
nf_nat_irc.c
netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper
2014-01-06 14:17:17 +01:00
nf_nat_proto_common.c
netfilter: use IS_ENABLED() macro
2014-06-30 11:38:03 +02:00
nf_nat_proto_dccp.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
nf_nat_proto_sctp.c
netfilter: use IS_ENABLED() macro
2014-06-30 11:38:03 +02:00
nf_nat_proto_tcp.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
nf_nat_proto_udp.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
nf_nat_proto_udplite.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
nf_nat_proto_unknown.c
netfilter: add protocol independent NAT core
2012-08-30 03:00:14 +02:00
nf_nat_redirect.c
netfilter: nf_nat_redirect: add missing NULL pointer check
2015-10-27 06:54:56 +01:00
nf_nat_sip.c
netfilter: replace strnicmp with strncasecmp
2014-10-14 02:18:24 +02:00
nf_nat_tftp.c
netfilter: nf_ct_helper: better logging for dropped packets
2013-02-19 02:48:05 +01:00
nf_queue.c
netfilter: nf_queue: Make the queue_handler pernet
2016-05-25 11:54:22 +02:00
nf_sockopt.c
netfilter: don't use mutex_lock_interruptible()
2014-08-08 16:47:23 +02:00
nf_synproxy_core.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
2015-09-05 21:57:42 -07:00
nf_tables_api.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2016-07-06 09:15:15 -07:00
nf_tables_core.c
netfilter: nf_tables: fix a wrong check to skip the inactive rules
2016-06-15 12:17:24 +02:00
nf_tables_inet.c
netfilter: nf_tables: release objects on netns destruction
2015-12-28 18:34:35 +01:00
nf_tables_netdev.c
netfilter: nf_tables_netdev: fix error path in module initialization
2016-01-18 13:53:37 +01:00
nf_tables_trace.c
libnl: nla_put_be64(): align on a 64-bit area
2016-04-23 20:13:24 -04:00
nfnetlink_acct.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-05-15 13:32:48 -04:00
nfnetlink_cthelper.c
netfilter: nfnetlink: pass down netns pointer to call() and call_rcu()
2015-12-28 18:41:41 +01:00
nfnetlink_cttimeout.c
netfilter: cttimeout: unlink timeout obj again when hash resize happen
2016-07-11 11:39:08 +02:00
nfnetlink_log.c
netfilter: xt_NFLOG: nflog-range does not truncate packets
2016-06-24 11:03:23 +02:00
nfnetlink_queue.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
2016-06-01 17:54:19 -07:00
nfnetlink.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2016-02-23 00:09:14 -05:00
nft_bitwise.c
netfilter: nf_tables: support variable sized data in nft_data_init()
2015-04-13 17:17:30 +02:00
nft_byteorder.c
netfilter: nft_byteorder: avoid unneeded le/be conversion steps
2016-01-13 14:02:59 +01:00
nft_cmp.c
netfilter: nf_tables: support variable sized data in nft_data_init()
2015-04-13 17:17:30 +02:00
nft_compat.c
netfilter: nft_compat: check match/targetinfo attr size
2016-03-11 11:37:56 +01:00
nft_counter.c
libnl: nla_put_be64(): align on a 64-bit area
2016-04-23 20:13:24 -04:00
nft_ct.c
netfilter: nftables: add connlabel set support
2016-05-05 16:27:59 +02:00
nft_dup_netdev.c
netfilter: nf_tables: add packet duplication to the netdev family
2016-01-03 21:04:23 +01:00
nft_dynset.c
netfilter: nf_tables: add generation mask to sets
2016-06-24 11:03:26 +02:00
nft_exthdr.c
netfilter: nf_tables: switch registers to 32 bit addressing
2015-04-13 17:17:29 +02:00
nft_fwd_netdev.c
netfilter: nf_tables: add forward expression to the netdev family
2016-01-04 17:48:38 +01:00
nft_hash.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2016-07-06 09:15:15 -07:00
nft_immediate.c
netfilter: nf_tables: support variable sized data in nft_data_init()
2015-04-13 17:17:30 +02:00
nft_limit.c
libnl: nla_put_be64(): align on a 64-bit area
2016-04-23 20:13:24 -04:00
nft_log.c
netfilter: nf_log: handle NFPROTO_INET properly in nf_logger_[find_get|put]
2016-06-23 13:24:42 +02:00
nft_lookup.c
netfilter: nf_tables: add support for inverted logic in nft_lookup
2016-06-24 11:03:29 +02:00
nft_masq.c
netfilter: nft_masq: support port range
2016-03-02 20:05:27 +01:00
nft_meta.c
net: simplify and make pkt_type_ok() available for other users
2016-07-04 15:11:13 -07:00
nft_nat.c
netfilter: nf_tables: switch registers to 32 bit addressing
2015-04-13 17:17:29 +02:00
nft_payload.c
netfilter: nft_payload: add packet mangling support
2015-11-25 13:54:51 +01:00
nft_queue.c
netfilter: nf_tables: kill nft_pktinfo.ops
2015-09-18 21:58:01 +02:00
nft_rbtree.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2016-07-06 09:15:15 -07:00
nft_redir.c
netfilter: nf_tables: add register parsing/dumping helpers
2015-04-13 17:17:28 +02:00
nft_reject_inet.c
ipv4: Push struct net down into nf_send_reset
2015-09-29 20:21:31 +02:00
nft_reject.c
netfilter; Add some missing default cases to switch statements in nft_reject.
2015-04-27 13:20:34 -04:00
x_tables.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2016-07-06 09:15:15 -07:00
xt_addrtype.c
netfilter: x_tables: Use par->net instead of computing from the passed net devices
2015-09-18 21:58:25 +02:00
xt_AUDIT.c
netfilter: Convert uses of __constant_<foo> to <foo>
2014-03-13 14:13:19 +01:00
xt_bpf.c
net: filter: split 'struct sk_filter' into socket and bpf parts
2014-08-02 15:03:58 -07:00
xt_cgroup.c
netfilter: implement xt_cgroup cgroup2 path match
2015-12-14 20:34:55 +01:00
xt_CHECKSUM.c
netfilter: add CHECKSUM target
2010-07-15 17:20:46 +02:00
xt_CLASSIFY.c
netfilter: xt_CLASSIFY: add ARP support, allow CLASSIFY target on any table
2010-11-15 13:57:56 +01:00
xt_cluster.c
net: use reciprocal_scale() helper
2014-08-23 12:21:21 -07:00
xt_comment.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_connbytes.c
netfilter: Convert pr_warning to pr_warn
2014-09-10 12:40:10 -07:00
xt_connlabel.c
netfilter: connlabels: change nf_connlabels_get bit arg to 'highest used'
2016-04-18 20:39:48 +02:00
xt_connlimit.c
netfilter: nf_conntrack: Add a struct net parameter to l4_pkt_to_tuple
2015-09-18 22:00:04 +02:00
xt_connmark.c
netfilter: Fix FSF address in file headers
2013-12-06 12:37:57 -05:00
xt_CONNSECMARK.c
xt_conntrack.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
xt_cpu.c
netfilter: xtables: add missing aliases for autoloading via iptables
2011-01-18 06:33:54 +01:00
xt_CT.c
netfilter: cttimeout: add netns support
2015-12-14 12:48:58 +01:00
xt_dccp.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_devgroup.c
netfilter: xtables: add device group match
2011-02-03 00:05:43 +01:00
xt_dscp.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_DSCP.c
netfilter: fix various sparse warnings
2014-11-13 12:14:42 +01:00
xt_ecn.c
netfilter: xtables: collapse conditions in xt_ecn
2011-12-27 20:45:25 +01:00
xt_esp.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_hashlimit.c
netfilter: Remove checks of seq_printf() return values
2014-11-05 14:11:02 -05:00
xt_helper.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_hl.c
netfilter: Reduce switch/case indent
2011-07-01 16:11:15 -07:00
xt_HL.c
netfilter: Reduce switch/case indent
2011-07-01 16:11:15 -07:00
xt_HMARK.c
net: use reciprocal_scale() helper
2014-08-23 12:21:21 -07:00
xt_IDLETIMER.c
netfilter: IDLETIMER: fix race condition when destroy the target
2016-04-29 14:28:48 +02:00
xt_ipcomp.c
netfilter: xt_ipcomp: Use ntohs to ease sparse warning
2014-02-19 11:41:25 +01:00
xt_iprange.c
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2011-02-04 14:28:58 -08:00
xt_ipvs.c
ipvs: Pass ipvs into conn_out_get
2015-09-24 09:34:41 +09:00
xt_l2tp.c
netfilter: introduce l2tp match extension
2014-01-09 21:36:39 +01:00
xt_LED.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2014-08-05 18:46:26 -07:00
xt_length.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_limit.c
netfilter: add my copyright statements
2013-04-18 20:27:55 +02:00
xt_LOG.c
netfilter: x_tables: Use par->net instead of computing from the passed net devices
2015-09-18 21:58:25 +02:00
xt_mac.c
netfilter: Convert compare_ether_addr to ether_addr_equal
2012-05-09 20:49:18 -04:00
xt_mark.c
netfilter: xt_MARK: Add ARP support
2015-05-14 13:00:27 +02:00
xt_multiport.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_nat.c
netfilter: xt_nat: fix incorrect hooks for SNAT and DNAT targets
2012-10-15 13:39:12 +02:00
xt_NETMAP.c
netfilter: combine ipt_NETMAP and ip6t_NETMAP
2012-09-21 12:11:08 +02:00
xt_nfacct.c
netfilter: nfacct: per network namespace support
2015-08-07 11:50:56 +02:00
xt_NFLOG.c
netfilter: xt_NFLOG: nflog-range does not truncate packets
2016-06-24 11:03:23 +02:00
xt_NFQUEUE.c
netfilter: xt_NFQUEUE: separate reusable code
2013-12-07 23:20:45 +01:00
xt_osf.c
netfilter: xt_osf: remove unused variable
2016-02-29 13:59:43 +01:00
xt_owner.c
netfilter: Allow xt_owner in any user namespace
2016-06-23 13:58:55 +02:00
xt_physdev.c
netfilter: physdev: use helpers
2015-04-08 16:49:09 +02:00
xt_pkttype.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_policy.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_quota.c
net: Fix files explicitly needing to include module.h
2011-10-31 19:30:28 -04:00
xt_rateest.c
net_sched: add 64bit rate estimators
2013-06-11 02:51:03 -07:00
xt_RATEEST.c
net: sched: do not acquire qdisc spinlock in qdisc/class stats dump
2016-06-07 16:37:14 -07:00
xt_realm.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00
xt_recent.c
netfilter: x_tables: Use par->net instead of computing from the passed net devices
2015-09-18 21:58:25 +02:00
xt_REDIRECT.c
netfilter: combine IPv4 and IPv6 nf_nat_redirect code in one module
2014-11-27 13:08:42 +01:00
xt_repldata.h
net: netfilter: LLVMLinux: vlais-netfilter
2014-06-07 11:44:39 -07:00
xt_sctp.c
netfilter: xt_sctp: use WORD_ROUND macro to calculate length of multiple of 4 bytes
2010-06-09 14:47:40 +02:00
xt_SECMARK.c
secmark: make secmark object handling generic
2010-10-21 10:12:48 +11:00
xt_set.c
netfilter: ipset: Fix coding styles reported by checkpatch.pl
2015-06-14 10:40:18 +02:00
xt_socket.c
tcp/dccp: do not touch listener sk_refcnt under synflood
2016-04-04 22:11:20 -04:00
xt_state.c
netfilter: nf_conntrack: IPS_UNTRACKED bit
2010-06-08 16:09:52 +02:00
xt_statistic.c
net: replace macros net_random and net_srandom with direct calls to prandom
2014-01-14 15:15:25 -08:00
xt_string.c
net: Remove state argument from skb_find_text()
2015-02-22 15:59:54 -05:00
xt_tcpmss.c
netfilter: xtables: change hotdrop pointer to direct modification
2010-05-11 18:35:27 +02:00
xt_TCPMSS.c
netfilter: xt_TCPMSS: handle CHECKSUM_COMPLETE in tcpmss_tg6()
2016-01-18 12:18:17 +01:00
xt_TCPOPTSTRIP.c
net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool
2015-08-17 21:33:06 -07:00
xt_tcpudp.c
netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF
2016-07-03 10:55:07 +02:00
xt_TEE.c
netfilter: tee: select NF_DUP_IPV6 unconditionally
2016-02-08 12:58:28 +01:00
xt_time.c
netfilter: xt_time: add support to ignore day transition
2012-09-24 14:29:01 +02:00
xt_TPROXY.c
inet: refactor inet[6]_lookup functions to take skb
2016-02-11 03:54:14 -05:00
xt_TRACE.c
netfilter: xt_TRACE: add explicitly nf_logger_find_get call
2016-06-23 13:26:49 +02:00
xt_u32.c
netfilter: xtables: deconstify struct xt_action_param for matches
2010-05-11 18:33:37 +02:00