Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / f264a7df08d50bb4a23be6a9aa06940e497ac1c4
commitf264a7df08d50bb4a23be6a9aa06940e497ac1c4[log] [tgz]
authorPatrick McHardy <kaber@trash.net>Sat Jul 07 22:36:24 2007 -0700
committerDavid S. Miller <davem@sunset.davemloft.net>Tue Jul 10 22:18:12 2007 -0700
treec07c92616a50107c2dacc5836626d4b6a12c57ae
parentb560580a13b180bc1e3cad7ffbc93388cc39be5d [diff]
[NETFILTER]: nf_conntrack_expect: introduce nf_conntrack_expect_max sysct

As a last step of preventing DoS by creating lots of expectations, this
patch introduces a global maximum and a sysctl to control it. The default
is initialized to 4 * the expectation hash table size, which results in
1/64 of the default maxmimum of conntracks.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
3 files changed
tree: c07c92616a50107c2dacc5836626d4b6a12c57ae
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. fs/
  7. include/
  8. init/
  9. ipc/
  10. kernel/
  11. lib/
  12. mm/
  13. net/
  14. scripts/
  15. security/
  16. sound/
  17. usr/
  18. .gitignore
  19. .mailmap
  20. COPYING
  21. CREDITS
  22. Kbuild
  23. MAINTAINERS
  24. Makefile
  25. README
  26. REPORTING-BUGS