openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/include
History
Subash Abhinov Kasiviswanathan 902d6a4c2a netfilter: nf_defrag: Skip defrag if NOTRACK is set 
conntrack defrag is needed only if some module like CONNTRACK or NAT
explicitly requests it. For plain forwarding scenarios, defrag is
not needed and can be skipped if NOTRACK is set in a rule.

Since conntrack defrag is currently higher priority than raw table,
setting NOTRACK is not sufficient. We need to move raw to a higher
priority for iptables only.

This is achieved by introducing a module parameter "raw_before_defrag"
which allows to change the priority of raw table to place it before
defrag. By default, the parameter is disabled and the priority of raw
table is NF_IP_PRI_RAW to support legacy behavior. If the module
parameter is enabled, then the priority of the raw table is set to
NF_IP_PRI_RAW_BEFORE_DEFRAG.

Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2018-01-11 13:14:20 +01:00
..
acpi Merge branch 'acpi-ec' into acpi 2017-11-30 13:37:29 +01:00
asm-generic Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-12-29 15:42:26 -05:00
clocksource arm64 updates for 4.15 2017-11-15 10:56:56 -08:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2018-01-05 12:10:06 -08:00
drm drm: rework delayed connector cleanup in connector_iter 2017-12-13 22:59:00 +01:00
dt-bindings fixes/cleanups for rc1, non-desktop flags for VR 2017-11-23 21:04:56 -10:00
keys
kvm KVM: arm/arm64: timer: Don't set irq as forwarded if no usable GIC 2017-12-18 10:53:23 +01:00
linux tuntap: XDP transmission 2018-01-09 10:57:08 -05:00
math-emu
media media updates for v4.15-rc1 2017-11-15 20:30:12 -08:00
memory
misc
net netfilter: nf_tables: get rid of struct nft_af_info abstraction 2018-01-10 15:32:11 +01:00
pcmcia
ras
rdma Updates for 4.15 kernel merge window 2017-11-15 14:54:53 -08:00
scsi scsi: libsas: align sata_device's rps_resp on a cacheline 2017-11-21 23:06:32 -05:00
soc We have two changes to the core framework this time around. The first being a 2017-11-17 20:04:24 -08:00
sound ALSA: hda - Fix yet remaining issue with vmaster 0dB initialization 2017-11-22 12:34:56 +01:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2017-11-24 19:19:20 -10:00
trace net: tracepoint: exposing sk_faimily in tracepoint inet_sock_set_state 2018-01-08 14:32:45 -05:00
uapi netfilter: nf_defrag: Skip defrag if NOTRACK is set 2018-01-11 13:14:20 +01:00
video fbdev changes for v4.15: 2017-11-20 21:50:24 -10:00
xen xen: fixes for 4.15-rc5 2017-12-22 12:30:10 -08:00