q3k
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/net/netfilter
History
Tim Gardner 0079c5aee3 netfilter: xt_recent: add an entry reaper 
One of the problems with the way xt_recent is implemented is that
there is no efficient way to remove expired entries. Of course,
one can write a rule '-m recent --remove', but you have to know
beforehand which entry to delete. This commit adds reaper
logic which checks the head of the LRU list when a rule
is invoked that has a '--seconds' value and XT_RECENT_REAP set. If an
entry ceases to accumulate time stamps, then it will eventually bubble
to the top of the LRU list where it is then reaped.

Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
 		2010-03-17 15:53:12 +01:00
..
ipvs Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6 2010-02-26 09:31:09 -08:00
Kconfig netfilter: xt_recent: remove old proc directory 2010-03-17 15:53:11 +01:00
Makefile netfilter: xtables: merge xt_CONNMARK into xt_connmark 2010-03-17 15:48:36 +01:00
core.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
nf_conntrack_acct.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
nf_conntrack_amanda.c net: replace uses of __constant_{endian} 2009-02-01 00:45:17 -08:00
nf_conntrack_core.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_ecache.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
nf_conntrack_expect.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_extend.c netfilter: don't use INIT_RCU_HEAD() 2010-02-12 06:25:36 +01:00
nf_conntrack_ftp.c netfilter: nf_ct_ftp: fix out of bounds read in update_nl_seq() 2010-01-07 18:33:18 +01:00
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c Merge branch 'master' of /repos/git/net-next-2.6 2010-02-10 14:17:10 +01:00
nf_conntrack_irc.c netfilter: fix endian bug in conntrack printks 2009-03-28 23:55:57 -07:00
nf_conntrack_l3proto_generic.c
nf_conntrack_netbios_ns.c net: skb->rtable accessor 2009-06-03 02:51:02 -07:00
nf_conntrack_netlink.c netfilter: ctnetlink: fix creation of conntrack with helpers 2010-02-19 14:24:39 +01:00
nf_conntrack_pptp.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_proto.c netfilter: ctnetlink: add callbacks to the per-proto nlattrs 2009-03-25 18:24:48 +01:00
nf_conntrack_proto_dccp.c netfilter: nf_conntrack: pass template to l4proto ->error() handler 2010-02-15 17:45:08 +01:00
nf_conntrack_proto_generic.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
nf_conntrack_proto_gre.c netfilter: nf_conntrack: split up IPCT_STATUS event 2010-02-03 13:48:53 +01:00
nf_conntrack_proto_sctp.c netfilter: nf_conntrack: split up IPCT_STATUS event 2010-02-03 13:48:53 +01:00
nf_conntrack_proto_tcp.c netfilter: nf_conntrack: pass template to l4proto ->error() handler 2010-02-15 17:45:08 +01:00
nf_conntrack_proto_udp.c netfilter: nf_conntrack: pass template to l4proto ->error() handler 2010-02-15 17:45:08 +01:00
nf_conntrack_proto_udplite.c netfilter: nf_conntrack: pass template to l4proto ->error() handler 2010-02-15 17:45:08 +01:00
nf_conntrack_sane.c netfilter: nf_conntrack: connection tracking helper name persistent aliases 2008-11-17 16:01:42 +01:00
nf_conntrack_sip.c Merge branch 'for-next' into for-linus 2010-03-08 16:55:37 +01:00
nf_conntrack_standalone.c netfilter: nf_conntrack: add support for "conntrack zones" 2010-02-15 18:13:33 +01:00
nf_conntrack_tftp.c netfilter: nf_conntrack: connection tracking helper name persistent aliases 2008-11-17 16:01:42 +01:00
nf_internals.h
nf_log.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/sysctl-2.6 2009-12-08 07:38:50 -08:00
nf_queue.c netfilter: nf_queue: fix NF_STOLEN skb leak 2010-02-19 15:28:38 +01:00
nf_sockopt.c net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
nf_tproxy_core.c net: Partially allow skb destructors to be used on receive path 2009-02-04 16:55:27 -08:00
nfnetlink.c netfilter: nfnetlink: netns support 2010-01-13 16:02:14 +01:00
nfnetlink_log.c netfilter: nfnetlink_log: fix silly refcount leak 2010-02-26 17:48:40 +01:00
nfnetlink_queue.c netfilter: don't use INIT_RCU_HEAD() 2010-02-12 06:25:36 +01:00
x_tables.c netfilter: CONFIG_COMPAT: allow delta to exceed 32767 2010-02-15 18:17:10 +01:00
xt_CLASSIFY.c
xt_CONNSECMARK.c
xt_CT.c netfilter: xt_CT: par->family is an nfproto 2010-03-17 15:48:35 +01:00
xt_DSCP.c netfilter: xtables: remove xt_TOS v0 2009-08-10 12:25:11 +02:00
xt_HL.c netfilter: Combine ipt_TTL and ip6t_HL source 2009-02-18 18:38:40 +01:00
xt_LED.c netfilter: x_tables: add LED trigger target 2009-02-20 10:55:14 +01:00
xt_NFLOG.c netfilter: xt_NFLOG: don't call nf_log_packet in NFLOG module. 2008-11-04 14:21:08 +01:00
xt_NFQUEUE.c netfilter: xt_NFQUEUE: consolidate v4/v6 targets into one 2010-03-17 15:48:35 +01:00
xt_NOTRACK.c
xt_RATEEST.c netfilter: xtables: do not grab random bytes at __init 2010-01-04 16:27:25 +01:00
xt_SECMARK.c
xt_TCPMSS.c netfilter: xtables: replace XT_MATCH_ITERATE macro 2010-02-24 18:34:48 +01:00
xt_TCPOPTSTRIP.c netfilter: update my email address 2010-03-17 15:53:10 +01:00
xt_TPROXY.c
xt_TRACE.c
xt_cluster.c netfilter: fix some sparse endianess warnings 2009-06-22 14:15:02 +02:00
xt_comment.c
xt_connbytes.c
xt_connlimit.c netfilter: update my email address 2010-03-17 15:53:10 +01:00
xt_connmark.c netfilter: update my email address 2010-03-17 15:53:10 +01:00
xt_conntrack.c netfilter: xtables: fix conntrack match v1 ipt-save output 2009-11-23 10:43:57 +01:00
xt_dccp.c nf/dccp: merge errorpaths 2008-12-14 23:19:02 -08:00
xt_dscp.c netfilter: xtables: remove xt_TOS v0 2009-08-10 12:25:11 +02:00
xt_esp.c
xt_hashlimit.c netfilter: update my email address 2010-03-17 15:53:10 +01:00
xt_helper.c
xt_hl.c netfilter: Combine ipt_ttl and ip6t_hl source 2009-02-18 18:39:31 +01:00
xt_iprange.c netfilter: xtables: remove xt_iprange v0 2009-08-10 13:09:44 +02:00
xt_length.c
xt_limit.c netfilter: xtables: constify args in compat copying functions 2010-02-15 16:59:28 +01:00
xt_mac.c
xt_mark.c netfilter: xtables: merge xt_MARK into xt_mark 2010-03-17 15:48:36 +01:00
xt_multiport.c
xt_osf.c netfilter: xt_osf: change %pi4 to %pI4 2010-01-11 11:55:36 +01:00
xt_owner.c netfilter: xtables: remove xt_owner v0 2009-08-10 13:32:30 +02:00
xt_physdev.c netfilter: factorize ifname_compare() 2009-03-25 17:31:52 +01:00
xt_pkttype.c
xt_policy.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xt_quota.c netfilter: xt_quota: fix wrong return value (error case) 2009-08-23 19:09:23 -07:00
xt_rateest.c netfilter: xt_rateest: fix comparison with self 2009-06-22 14:17:12 +02:00
xt_realm.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xt_recent.c netfilter: xt_recent: add an entry reaper 2010-03-17 15:53:12 +01:00
xt_repldata.h netfilter: xtables: generate initial table on-demand 2010-02-10 17:50:47 +01:00
xt_sctp.c netfilter: xt_sctp: sctp chunk mapping doesn't work 2009-02-09 14:34:56 -08:00
xt_socket.c netfilter: xt_socket: make module available for INPUT chain 2009-10-29 15:35:10 +01:00
xt_state.c
xt_statistic.c netfilter: xtables: avoid pointer to self 2009-03-16 15:35:29 +01:00
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
xt_time.c netfilter: update my email address 2010-03-17 15:53:10 +01:00
xt_u32.c netfilter: update my email address 2010-03-17 15:53:10 +01:00