linux/include/net/netfilter
Patrick McHardy f264a7df08 [NETFILTER]: nf_conntrack_expect: introduce nf_conntrack_expect_max sysct
As a last step of preventing DoS by creating lots of expectations, this
patch introduces a global maximum and a sysctl to control it. The default
is initialized to 4 * the expectation hash table size, which results in
1/64 of the default maxmimum of conntracks.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-07-10 22:18:12 -07:00
..
ipv4 [NETFILTER]: nf_nat: move NAT declarations from nf_conntrack_ipv4.h to nf_nat.h 2007-07-10 22:17:16 -07:00
ipv6 [NETFILTER]: nf_conntrack: move extern declaration to header files 2006-12-02 21:31:16 -08:00
nf_conntrack_core.h [NETFILTER]: nf_conntrack: use hashtable for expectations 2007-07-10 22:17:59 -07:00
nf_conntrack_ecache.h [NETFILTER]: nf_conntrack_expect: function naming unification 2007-07-10 22:17:53 -07:00
nf_conntrack_expect.h [NETFILTER]: nf_conntrack_expect: introduce nf_conntrack_expect_max sysct 2007-07-10 22:18:12 -07:00
nf_conntrack_extend.h [NETFILTER]: nf_nat: use extension infrastructure 2007-07-10 22:17:20 -07:00
nf_conntrack_helper.h [NETFILTER]: nf_conntrack_expect: maintain per conntrack expectation list 2007-07-10 22:18:02 -07:00
nf_conntrack_l3proto.h [NETFILTER]: nf_conntrack: remove old memory allocator of conntrack 2007-07-10 22:17:35 -07:00
nf_conntrack_l4proto.h [NETLINK]: Possible cleanups. 2007-04-26 00:57:41 -07:00
nf_conntrack_tuple.h [NETFILTER]: nf_conntrack: reduce masks to a subset of tuples 2007-07-10 22:17:55 -07:00
nf_conntrack.h [NETFILTER]: nf_conntrack_expect: maintain per conntrack expectation list 2007-07-10 22:18:02 -07:00
nf_nat_core.h [NETFILTER]: nf_nat: move NAT declarations from nf_conntrack_ipv4.h to nf_nat.h 2007-07-10 22:17:16 -07:00
nf_nat_helper.h [NETFILTER]: Add NAT support for nf_conntrack 2006-12-02 22:07:13 -08:00
nf_nat_protocol.h [NETFILTER]: Add NAT support for nf_conntrack 2006-12-02 22:07:13 -08:00
nf_nat_rule.h [NETFILTER]: nf_nat: remove unused argument of function allocating binding 2007-05-10 23:47:44 -07:00
nf_nat.h [NETFILTER]: nf_nat: use hlists for bysource hash 2007-07-10 22:17:43 -07:00