Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / common / 3e86638e9a0be8bcf7db007909d8307b8b9f8e3b
commit3e86638e9a0be8bcf7db007909d8307b8b9f8e3b[log] [tgz]
authorFlorian Westphal <fw@strlen.de>Mon May 02 18:40:14 2016 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>Thu May 05 16:39:48 2016 +0200
tree75d479d79da94ed566823e26e0731494e15de259
parent56d52d4892d0e478a005b99ed10d0a7f488ea8c1 [diff]
netfilter: conntrack: consider ct netns in early_drop logic

When iterating, skip conntrack entries living in a different netns.

We could ignore netns and kill some other non-assured one, but it
has two problems:

- a netns can kill non-assured conntracks in other namespace
- we would start to 'over-subscribe' the affected/overlimit netns.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1 file changed
tree: 75d479d79da94ed566823e26e0731494e15de259
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS