adulau/aha
1
0
Fork 0
mirror of https://github.com/adulau/aha.git synced 2024-12-31 21:26:18 +00:00
Code Issues Projects Releases Packages Wiki Activity
aha/include/net/netfilter
History
Jan Kasprzak f87fb666bb netfilter: nf_ct_icmp: keep the ICMP ct entries longer 
Current conntrack code kills the ICMP conntrack entry as soon as
the first reply is received. This is incorrect, as we then see only
the first ICMP echo reply out of several possible duplicates as
ESTABLISHED, while the rest will be INVALID. Also this unnecessarily
increases the conntrackd traffic on H-A firewalls.

Make all the ICMP conntrack entries (including the replied ones)
last for the default of nf_conntrack_icmp{,v6}_timeout seconds.

Signed-off-by: Jan "Yenya" Kasprzak <kas@fi.muni.cz>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2009-06-08 15:53:43 +02:00
..
ipv4 netfilter: nf_ct_icmp: keep the ICMP ct entries longer 2009-06-08 15:53:43 +02:00
ipv6 netfilter: nf_ct_icmp: keep the ICMP ct entries longer 2009-06-08 15:53:43 +02:00
nf_conntrack.h netfilter: nf_ct_icmp: keep the ICMP ct entries longer 2009-06-08 15:53:43 +02:00
nf_conntrack_acct.h netfilter: netns nf_conntrack: per-netns conntrack accounting 2008-10-08 11:35:09 +02:00
nf_conntrack_core.h netfilter: conntrack: don't deliver events for racy packets 2009-03-16 15:06:42 +01:00
nf_conntrack_ecache.h netfilter: conntrack: replace notify chain by function pointer 2009-06-03 10:32:06 +02:00
nf_conntrack_expect.h netfilter: ctnetlink: fix regression in expectation handling 2009-04-06 17:47:20 +02:00
nf_conntrack_extend.h netfilter: accounting rework: ct_extend + 64bit counters (v4) 2008-07-21 10:10:58 -07:00
nf_conntrack_helper.h netfilter: limit the length of the helper name 2009-03-25 18:44:01 +01:00
nf_conntrack_l3proto.h netfilter: ctnetlink: add callbacks to the per-proto nlattrs 2009-03-25 18:24:48 +01:00
nf_conntrack_l4proto.h netfilter: nf_conntrack: add generic function to get len of generic policy 2009-03-25 21:52:17 +01:00
nf_conntrack_tuple.h netfilter: nf_conntrack: use SLAB_DESTROY_BY_RCU and get rid of call_rcu() 2009-03-25 21:05:46 +01:00
nf_log.h netfilter: use a linked list of loggers 2009-03-16 14:54:21 +01:00
nf_nat.h netfilter: nf_nat: add support for persistent mappings 2009-04-16 18:33:01 +02:00
nf_nat_core.h netfilter: ctnetlink: remove bogus module dependency between ctnetlink and nf_nat 2008-10-14 11:58:31 -07:00
nf_nat_helper.h [NETFILTER]: nf_nat: kill helper and seq_adjust hooks 2008-04-14 11:15:52 +02:00
nf_nat_protocol.h [NETFILTER]: nf_nat: use bool type in nf_nat_proto 2008-04-14 11:15:53 +02:00
nf_nat_rule.h [NETFILTER]: nf_nat: don't add NAT extension for confirmed conntracks 2008-04-14 11:15:51 +02:00
nf_queue.h netfilter: Use unsigned types for hooknum and pf vars 2008-10-08 11:35:00 +02:00
nf_tproxy_core.h netfilter: iptables tproxy core 2008-10-08 11:35:12 +02:00
nfnetlink_log.h netfilter: nfnetlink_log: fix warning and prototype mismatch 2008-11-18 12:16:52 +01:00
xt_rateest.h