[Devel] [PATCH rh7 v2 0/3] Create conntrack structures only if they are really needed
Andrei Vagin
avagin at virtuozzo.com
Tue Sep 13 00:44:32 PDT 2016
On Mon, Sep 12, 2016 at 02:37:38PM +0300, Kirill Tkhai wrote:
> Allocate conntracks only after there was a rule, which uses them.
>
> v2: Allow after there is a rule and never prohibit.
Reviewed-by: Andrei Vagin <avagin at virtuozzo.com>
> ---
>
> Kirill Tkhai (3):
> net: Primitives to allow conntrack allocation
> net: Mark conntrack users in xtables
> net: Mark conntrack users in nftables
>
>
> include/net/net_namespace.h | 10 ++++++++++
> include/net/netns/conntrack.h | 1 +
> net/ipv4/netfilter/ipt_CLUSTERIP.c | 2 ++
> net/ipv4/netfilter/ipt_MASQUERADE.c | 1 +
> net/ipv4/netfilter/ipt_SYNPROXY.c | 6 +++++-
> net/ipv6/netfilter/ip6t_MASQUERADE.c | 1 +
> net/ipv6/netfilter/ip6t_SYNPROXY.c | 6 +++++-
> net/netfilter/nf_conntrack_core.c | 9 ++++++++-
> net/netfilter/nf_conntrack_netlink.c | 1 +
> net/netfilter/nf_synproxy_core.c | 1 +
> net/netfilter/nft_ct.c | 2 ++
> net/netfilter/nft_nat.c | 2 ++
> net/netfilter/xt_CONNSECMARK.c | 2 ++
> net/netfilter/xt_HMARK.c | 1 +
> net/netfilter/xt_NETMAP.c | 2 ++
> net/netfilter/xt_REDIRECT.c | 2 ++
> net/netfilter/xt_cluster.c | 1 +
> net/netfilter/xt_connbytes.c | 2 ++
> net/netfilter/xt_connlabel.c | 3 ++-
> net/netfilter/xt_connlimit.c | 2 ++
> net/netfilter/xt_connmark.c | 3 +++
> net/netfilter/xt_conntrack.c | 2 ++
> net/netfilter/xt_helper.c | 1 +
> net/netfilter/xt_ipvs.c | 1 +
> net/netfilter/xt_nat.c | 9 +++++++++
> net/netfilter/xt_socket.c | 9 +++++++++
> net/netfilter/xt_state.c | 2 ++
> 27 files changed, 80 insertions(+), 4 deletions(-)
>
> --
> Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
More information about the Devel
mailing list