redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/include/uapi/linux/netfilter
History
Josh Hunt 07cf8f5ae2 netfilter: ipset: add forceadd kernel support for hash set types 
Adds a new property for hash set types, where if a set is created
with the 'forceadd' option and the set becomes full the next addition
to the set may succeed and evict a random entry from the set.

To keep overhead low eviction is done very simply. It checks to see
which bucket the new entry would be added. If the bucket's pos value
is non-zero (meaning there's at least one entry in the bucket) it
replaces the first entry in the bucket. If pos is zero, then it continues
down the normal add process.

This property is useful if you have a set for 'ban' lists where it may
not matter if you release some entries from the set early.

Signed-off-by: Josh Hunt <johunt@akamai.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
2014-03-06 09:31:43 +01:00
..
ipset netfilter: ipset: add forceadd kernel support for hash set types 2014-03-06 09:31:43 +01:00
Kbuild netfilter: introduce l2tp match extension 2014-01-09 21:36:39 +01:00
nf_conntrack_common.h netfilter: add nftables 2013-10-14 17:15:48 +02:00
nf_conntrack_ftp.h
nf_conntrack_sctp.h
nf_conntrack_tcp.h
nf_conntrack_tuple_common.h
nf_nat.h netfilter: nf_nat: add full port randomization support 2014-01-03 23:41:26 +01:00
nf_tables.h netfilter: nf_tables: add optional user data area to rules 2014-02-27 16:56:00 +01:00
nf_tables_compat.h netfilter: nf_tables: add compatibility layer for x_tables 2013-10-14 18:00:04 +02:00
nfnetlink.h netfilter: nfnetlink: add batch support and use it from nf_tables 2013-10-14 18:01:01 +02:00
nfnetlink_acct.h
nfnetlink_compat.h
nfnetlink_conntrack.h netfilter: nf_conntrack: make sequence number adjustments usuable without NAT 2013-08-28 00:26:48 +02:00
nfnetlink_cthelper.h
nfnetlink_cttimeout.h netfilter: cttimeout: allow to set/get default protocol timeouts 2013-10-01 13:17:39 +02:00
nfnetlink_log.h
nfnetlink_queue.h netfilter: nfnetlink_queue: enable UID/GID socket info retrieval 2013-12-21 11:57:54 +01:00
x_tables.h
xt_addrtype.h
xt_AUDIT.h
xt_bpf.h netfilter: x_tables: add xt_bpf match 2013-01-21 12:20:19 +01:00
xt_cgroup.h netfilter: x_tables: lightweight process control group matching 2014-01-03 23:41:44 +01:00
xt_CHECKSUM.h
xt_CLASSIFY.h
xt_cluster.h
xt_comment.h
xt_connbytes.h
xt_connlabel.h netfilter: add connlabel conntrack extension 2013-01-18 00:28:15 +01:00
xt_connlimit.h
xt_CONNMARK.h
xt_connmark.h
xt_CONNSECMARK.h
xt_conntrack.h netfilter: xt_conntrack: Add flag to support aliases 2013-02-05 01:45:23 +01:00
xt_cpu.h
xt_CT.h netfilter: xt_CT: add alias flag 2013-02-05 01:49:26 +01:00
xt_dccp.h
xt_devgroup.h
xt_DSCP.h
xt_dscp.h
xt_ecn.h
xt_esp.h
xt_hashlimit.h
xt_helper.h
xt_HMARK.h netfilter: export xt_HMARK.h to userland 2013-08-14 10:48:05 +02:00
xt_IDLETIMER.h
xt_ipcomp.h netfilter: add IPv4/6 IPComp extension match support 2013-12-24 12:37:58 +01:00
xt_iprange.h
xt_ipvs.h
xt_l2tp.h netfilter: introduce l2tp match extension 2014-01-09 21:36:39 +01:00
xt_LED.h
xt_length.h
xt_limit.h
xt_LOG.h
xt_mac.h
xt_mark.h
xt_MARK.h
xt_multiport.h
xt_nfacct.h
xt_NFLOG.h
xt_NFQUEUE.h netfilter: xt_NFQUEUE: introduce CPU fanout 2013-04-02 01:25:44 +02:00
xt_osf.h netfilter: Fix FSF address in file headers 2013-12-06 12:37:57 -05:00
xt_owner.h
xt_physdev.h
xt_pkttype.h
xt_policy.h
xt_quota.h
xt_rateest.h
xt_RATEEST.h
xt_realm.h
xt_recent.h
xt_rpfilter.h netfilter: export xt_rpfilter.h to userland 2013-08-14 10:47:15 +02:00
xt_sctp.h
xt_SECMARK.h
xt_set.h netfilter: ipset: set match: add support to match the counters 2013-04-29 20:09:03 +02:00
xt_socket.h netfilter: xt_socket: add XT_SOCKET_NOWILDCARD flag 2013-06-20 20:28:49 +02:00
xt_state.h
xt_statistic.h
xt_string.h
xt_SYNPROXY.h netfilter: add SYNPROXY core/target 2013-08-28 00:27:54 +02:00
xt_TCPMSS.h
xt_tcpmss.h
xt_TCPOPTSTRIP.h
xt_tcpudp.h
xt_TEE.h
xt_time.h
xt_TPROXY.h
xt_u32.h