Hi Dave,
these patches fix a proc file removal race in ipt_recent, a timer removal
race in hashlimit and, based upon a suggestion by Herbert, change TCP
conntrack to keep track of unacknowledged data and reduce the timeout to
5 minutes while data is unacknowledged in order to more aggressively prune
dead connections.
Please apply, thanks.
include/linux/netfilter/nf_conntrack_tcp.h | 3 ++
net/ipv4/netfilter/ipt_recent.c | 2 +-
net/netfilter/nf_conntrack_proto_tcp.c | 29 +++++++++++++++++++++++----
net/netfilter/xt_hashlimit.c | 4 +--
4 files changed, 29 insertions(+), 9 deletions(-)
Patrick McHardy (1):
netfilter: nf_conntrack_tcp: decrease timeouts while data in unacknowledged
Pavel Emelyanov (2):
netfilter: ipt_recent: fix race between recent_mt_destroy and proc manipulations
netfilter: xt_hashlimit: fix race between htable_destroy and htable_gc
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
