git.samba.org - sfrench/cifs-2.6.git/commit

author	Patrick McHardy <kaber@trash.net>
	Mon, 8 Feb 2010 16:35:23 +0000 (17:35 +0100)
committer	Patrick McHardy <kaber@trash.net>
	Mon, 8 Feb 2010 16:35:23 +0000 (17:35 +0100)
commit	9ab48ddcb144fdee908708669448dd136cf4894a
tree	17553fbd8a4ed0a6ab60607473807ee088639819	tree
parent	dab1531a07ad7c5be4ebe715a3d08742f0c638e3	commit \| diff

netfilter: nf_conntrack: fix hash resizing with namespaces

As noticed by Jon Masters <jonathan@jonmasters.org>, the conntrack hash
size is global and not per namespace, but modifiable at runtime through
/sys/module/nf_conntrack/hashsize. Changing the hash size will only
resize the hash in the current namespace however, so other namespaces
will use an invalid hash size. This can cause crashes when enlarging
the hashsize, or false negative lookups when shrinking it.

Move the hash size into the per-namespace data and only use the global
hash size to initialize the per-namespace value when instanciating a
new namespace. Additionally restrict hash resizing to init_net for
now as other namespaces are not handled currently.

Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>

include/net/netns/conntrack.h		diff \| blob \| history
include/net/netns/ipv4.h		diff \| blob \| history
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c		diff \| blob \| history
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c		diff \| blob \| history
net/ipv4/netfilter/nf_nat_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_core.c		diff \| blob \| history
net/netfilter/nf_conntrack_expect.c		diff \| blob \| history
net/netfilter/nf_conntrack_helper.c		diff \| blob \| history
net/netfilter/nf_conntrack_netlink.c		diff \| blob \| history
net/netfilter/nf_conntrack_standalone.c		diff \| blob \| history