diff options
| author | David S. Miller <davem@davemloft.net> | 2016-10-21 10:25:22 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-10-21 10:25:22 -0400 |
| commit | 8dbad1a81128f7e224fce3cce28a1d545d9c0b88 (patch) | |
| tree | 57efecac9c603028704e8c97fa8993b4e00356e0 /Documentation/networking | |
| parent | 97dcaa0fcfd24daa9a36c212c1ad1d5a97759212 (diff) | |
| parent | 7034b566a4e7d550621c2dfafd380b77b3787cd9 (diff) | |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for your net tree,
they are:
1) Fix compilation warning in xt_hashlimit on m68k 32-bits, from
Geert Uytterhoeven.
2) Fix wrong timeout in set elements added from packet path via
nft_dynset, from Anders K. Pedersen.
3) Remove obsolete nf_conntrack_events_retry_timeout sysctl
documentation, from Nicolas Dichtel.
4) Ensure proper initialization of log flags via xt_LOG, from
Liping Zhang.
5) Missing alias to autoload ipcomp, also from Liping Zhang.
6) Missing NFTA_HASH_OFFSET attribute validation, again from Liping.
7) Wrong integer type in the new nft_parse_u32_check() function,
from Dan Carpenter.
8) Another wrong integer type declaration in nft_exthdr_init, also
from Dan Carpenter.
9) Fix insufficient mode validation in nft_range.
10) Fix compilation warning in nft_range due to possible uninitialized
value, from Arnd Bergmann.
11) Zero nf_hook_ops allocated via xt_hook_alloc() in x_tables to
calm down kmemcheck, from Florian Westphal.
12) Schedule gc_worker() to run again if GC_MAX_EVICTS quota is reached,
from Nicolas Dichtel.
13) Fix nf_queue() after conversion to single-linked hook list, related
to incorrect bypass flag handling and incorrect hook point of
reinjection.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'Documentation/networking')
| -rw-r--r-- | Documentation/networking/nf_conntrack-sysctl.txt | 18 |
1 files changed, 0 insertions, 18 deletions
diff --git a/Documentation/networking/nf_conntrack-sysctl.txt b/Documentation/networking/nf_conntrack-sysctl.txt index 4fb51d32fccc..399e4e866a9c 100644 --- a/Documentation/networking/nf_conntrack-sysctl.txt +++ b/Documentation/networking/nf_conntrack-sysctl.txt | |||
| @@ -33,24 +33,6 @@ nf_conntrack_events - BOOLEAN | |||
| 33 | If this option is enabled, the connection tracking code will | 33 | If this option is enabled, the connection tracking code will |
| 34 | provide userspace with connection tracking events via ctnetlink. | 34 | provide userspace with connection tracking events via ctnetlink. |
| 35 | 35 | ||
| 36 | nf_conntrack_events_retry_timeout - INTEGER (seconds) | ||
| 37 | default 15 | ||
| 38 | |||
| 39 | This option is only relevant when "reliable connection tracking | ||
| 40 | events" are used. Normally, ctnetlink is "lossy", that is, | ||
| 41 | events are normally dropped when userspace listeners can't keep up. | ||
| 42 | |||
| 43 | Userspace can request "reliable event mode". When this mode is | ||
| 44 | active, the conntrack will only be destroyed after the event was | ||
| 45 | delivered. If event delivery fails, the kernel periodically | ||
| 46 | re-tries to send the event to userspace. | ||
| 47 | |||
| 48 | This is the maximum interval the kernel should use when re-trying | ||
| 49 | to deliver the destroy event. | ||
| 50 | |||
| 51 | A higher number means there will be fewer delivery retries and it | ||
| 52 | will take longer for a backlog to be processed. | ||
| 53 | |||
| 54 | nf_conntrack_expect_max - INTEGER | 36 | nf_conntrack_expect_max - INTEGER |
| 55 | Maximum size of expectation table. Default value is | 37 | Maximum size of expectation table. Default value is |
| 56 | nf_conntrack_buckets / 256. Minimum is 1. | 38 | nf_conntrack_buckets / 256. Minimum is 1. |