diff options
author | Florian Westphal <fw@strlen.de> | 2016-05-02 19:40:14 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-05-05 17:39:48 +0300 |
commit | 3e86638e9a0be8bcf7db007909d8307b8b9f8e3b (patch) | |
tree | 75d479d79da94ed566823e26e0731494e15de259 /lib/crc32defs.h | |
parent | 56d52d4892d0e478a005b99ed10d0a7f488ea8c1 (diff) | |
download | linux-3e86638e9a0be8bcf7db007909d8307b8b9f8e3b.tar.xz |
netfilter: conntrack: consider ct netns in early_drop logic
When iterating, skip conntrack entries living in a different netns.
We could ignore netns and kill some other non-assured one, but it
has two problems:
- a netns can kill non-assured conntracks in other namespace
- we would start to 'over-subscribe' the affected/overlimit netns.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'lib/crc32defs.h')
0 files changed, 0 insertions, 0 deletions