redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net/ipv6
History
Daniel Borkmann 5e8018fc61 netfilter: nf_conntrack: add efficient mark to zone mapping 
This work adds the possibility of deriving the zone id from the skb->mark
field in a scalable manner. This allows for having only a single template
serving hundreds/thousands of different zones, for example, instead of the
need to have one match for each zone as an extra CT jump target.

Note that we'd need to have this information attached to the template as at
the time when we're trying to lookup a possible ct object, we already need
to know zone information for a possible match when going into
__nf_conntrack_find_get(). This work provides a minimal implementation for
a possible mapping.

In order to not add/expose an extra ct->status bit, the zone structure has
been extended to carry a flag for deriving the mark.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-08-18 01:24:05 +02:00
..
netfilter netfilter: nf_conntrack: add efficient mark to zone mapping 2015-08-18 01:24:05 +02:00
addrconf.c net/ipv6: add sysctl option accept_ra_min_hop_limit 2015-07-30 15:56:40 -07:00
addrconf_core.c ipv6: change ipv6_stub_impl.ipv6_dst_lookup to take net argument 2015-07-31 15:21:30 -07:00
addrlabel.c netlink: implement nla_put_in_addr and nla_put_in6_addr 2015-03-31 13:58:35 -04:00
af_inet6.c ipv6: Disable flowlabel state ranges by default 2015-07-31 17:07:11 -07:00
ah6.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
anycast.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
datagram.c net: Set sk_txhash from a random number 2015-07-29 22:44:04 -07:00
esp6.c esp6: Switch to new AEAD interface 2015-05-28 11:23:20 +08:00
exthdrs.c ipv6: use flag instead of u16 for hop in inet6_skb_parm 2015-07-09 15:06:59 -07:00
exthdrs_core.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
exthdrs_offload.c
fib6_rules.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-04-06 22:34:15 -04:00
icmp.c ipv6: change ipv6_stub_impl.ipv6_dst_lookup to take net argument 2015-07-31 15:21:30 -07:00
inet6_connection_sock.c
inet6_hashtables.c inet: inet_twsk_deschedule factorization 2015-07-09 15:12:20 -07:00
ip6_checksum.c
ip6_fib.c lwtunnel: change prototype of lwtunnel_state_get() 2015-07-27 01:02:49 -07:00
ip6_flowlabel.c ipv6: Flow label state ranges 2015-05-03 21:58:01 -04:00
ip6_gre.c ipv6: Implement different admin modes for automatic flow labels 2015-07-31 17:07:11 -07:00
ip6_icmp.c
ip6_input.c ipv6: fix crash over flow-based vxlan device 2015-07-26 20:54:56 -07:00
ip6_offload.c Revert "sit: Add gro callbacks to sit_offload" 2015-07-20 16:52:28 -07:00
ip6_offload.h
ip6_output.c ipv6: Call skb_get_hash_flowi6 to get skb->hash in ip6_make_flowlabel 2015-07-31 17:07:11 -07:00
ip6_tunnel.c ipv6: Implement different admin modes for automatic flow labels 2015-07-31 17:07:11 -07:00
ip6_udp_tunnel.c net: Modify sk_alloc to not reference count the netns of kernel sockets. 2015-05-11 10:50:18 -04:00
ip6_vti.c vti6: Add pmtu handling to vti6_xmit. 2015-06-01 16:03:43 -07:00
ip6mr.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
ipcomp6.c
ipv6_sockglue.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
Kconfig net: Build IPv6 into kernel by default 2015-07-13 13:10:21 -07:00
Makefile net: Export IGMP/MLD message validation code 2015-05-04 14:49:23 -04:00
mcast.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
mcast_snoop.c net: fix two sparse warnings introduced by IGMP/MLD parsing exports 2015-05-04 19:19:54 -04:00
mip6.c
ndisc.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-07-31 23:52:20 -07:00
netfilter.c netfilter: bridge: forward IPv6 fragmented packets 2015-06-12 14:10:12 +02:00
output_core.c netfilter: don't pull include/linux/netfilter.h from netns headers 2015-06-18 21:14:31 +02:00
ping.c
proc.c
protocol.c
raw.c ipv6: Nonlocal bind 2015-07-09 21:09:10 -07:00
reassembly.c inet: frags: remove INET_FRAG_EVICTED and use list_evictor for the test 2015-07-26 21:00:15 -07:00
route.c ipv6: Avoid rt6_probe() taking writer lock in the fast path 2015-07-27 01:08:25 -07:00
sit.c ipv6: call iptunnel_xmit with NULL sock pointer if no tunnel sock is available 2015-04-08 12:09:43 -04:00
syncookies.c tcp: get_cookie_sock() consolidation 2015-06-07 15:19:52 -07:00
sysctl_net_ipv6.c ipv6: Implement different admin modes for automatic flow labels 2015-07-31 17:07:11 -07:00
tcp_ipv6.c net: Set sk_txhash from a random number 2015-07-29 22:44:04 -07:00
tcpv6_offload.c
tunnel6.c
udp.c udp: fix behavior of wrong checksums 2015-05-31 21:42:18 -07:00
udp_impl.h
udp_offload.c
udplite.c
xfrm6_input.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
xfrm6_mode_beet.c xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
xfrm6_policy.c ipv6: Add rt6_get_cookie() function 2015-05-25 13:25:34 -04:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c