system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-17 16:58:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net/ipv6/netfilter
History
Eric Dumazet 00cd7bf9f9 netfilter: nf_defrag_ipv6: allow nf_conntrack_frag6_high_thresh increases 
Currently, net.netfilter.nf_conntrack_frag6_high_thresh can only be lowered.

I found this issue while investigating a probable kernel issue
causing flakes in tools/testing/selftests/net/ip_defrag.sh

In particular, these sysctl changes were ignored:
	ip netns exec "${NETNS}" sysctl -w net.netfilter.nf_conntrack_frag6_high_thresh=9000000 >/dev/null 2>&1
	ip netns exec "${NETNS}" sysctl -w net.netfilter.nf_conntrack_frag6_low_thresh=7000000  >/dev/null 2>&1

This change is inline with commit 8361962392 ("net/ipfrag: let ip[6]frag_high_thresh
in ns be higher than in init_net")

Fixes: 8db3d41569bb ("netfilter: nf_defrag_ipv6: use net_generic infra")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2022-08-24 08:06:44 +02:00
..
ip6_tables.c netfilter: ip6tables: allow use of ip6t_do_table as hookfn 2021-10-14 23:06:53 +02:00
ip6t_ah.c netfilter: ip6tables: Remove redundant null checks 2020-07-29 20:39:43 +02:00
ip6t_eui64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ip6t_frag.c netfilter: ip6tables: Remove redundant null checks 2020-07-29 20:39:43 +02:00
ip6t_hbh.c netfilter: ip6tables: Remove redundant null checks 2020-07-29 20:39:43 +02:00
ip6t_ipv6header.c netfilter: move inline nf_ip6_ext_hdr() function to a more appropriate header. 2019-09-13 12:34:09 +02:00
ip6t_mh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
ip6t_NPT.c netfilter: ip6t_NPT: rewrite addresses in ICMPv6 original packet 2020-08-28 19:18:48 +02:00
ip6t_REJECT.c netfilter: use actual socket sk for REJECT action 2020-12-01 14:33:55 +01:00
ip6t_rpfilter.c netfilter: Fix rpfilter dropping vrf packets by mistake 2019-07-16 13:16:47 +02:00
ip6t_rt.c netfilter: ip6t_rt: fix rt0_hdr parsing in rt_mt6 2021-10-14 23:08:35 +02:00
ip6t_srh.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
ip6t_SYNPROXY.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
ip6table_filter.c netfilter: ip6tables: allow use of ip6t_do_table as hookfn 2021-10-14 23:06:53 +02:00
ip6table_mangle.c netfilter: ip6tables: allow use of ip6t_do_table as hookfn 2021-10-14 23:06:53 +02:00
ip6table_nat.c netfilter: ip6tables: allow use of ip6t_do_table as hookfn 2021-10-14 23:06:53 +02:00
ip6table_raw.c netfilter: ip6tables: allow use of ip6t_do_table as hookfn 2021-10-14 23:06:53 +02:00
ip6table_security.c netfilter: ip6tables: allow use of ip6t_do_table as hookfn 2021-10-14 23:06:53 +02:00
Kconfig netfilter: Remove flowtable relics 2022-01-27 00:00:20 +01:00
Makefile netfilter: Remove flowtable relics 2022-01-27 00:00:20 +01:00
nf_conntrack_reasm.c netfilter: nf_defrag_ipv6: allow nf_conntrack_frag6_high_thresh increases 2022-08-24 08:06:44 +02:00
nf_defrag_ipv6_hooks.c netfilter: conntrack: fix boot failure with nf_conntrack.enable_hooks=1 2021-09-28 13:04:55 +02:00
nf_dup_ipv6.c netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
nf_reject_ipv6.c netfilter: conntrack: skip verification of zero UDP checksum 2022-05-13 18:56:28 +02:00
nf_socket_ipv6.c netfilter: socket: icmp6: fix use-after-scope 2021-09-03 18:25:31 +02:00
nf_tproxy_ipv6.c netfilter: nft_tproxy: Fix typo in IPv6 module description. 2019-10-17 12:21:11 +02:00
nft_dup_ipv6.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_fib_ipv6.c netfilter: nft_fib: reverse path filter for policy-based routing on iif 2022-04-11 12:10:09 +02:00
nft_reject_ipv6.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00