Re: [PATCH v2] ipset: enable memory accounting for ipset allocations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH v2] ipset: enable memory accounting for ipset allocations
From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Sun, 4 Oct 2020 21:09:13 +0200
Cc: netfilter-devel@xxxxxxxxxxxxxxx, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>, Florian Westphal <fw@xxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>
In-reply-to: <343416af-f22f-3834-7ee9-14b6dd7558ff@virtuozzo.com>
User-agent: Mutt/1.10.1 (2018-07-13)

On Fri, Sep 25, 2020 at 11:56:02AM +0300, Vasily Averin wrote:
> Currently netadmin inside non-trusted container can quickly allocate
> whole node's memory via request of huge ipset hashtable.
> Other ipset-related memory allocations should be restricted too.

Applied, thanks.

References:
- Re: [PATCH] ipset: enable memory accounting for ipset allocations
  - From: kernel test robot
- [PATCH v2] ipset: enable memory accounting for ipset allocations
  - From: Vasily Averin

Prev by Date: Re: [PATCH net-next] netfilter: nf_tables_offload: Remove unused macro FLOW_SETUP_BLOCK
Next by Date: Re: [PATCH nf-next] netfilter: nfnetlink: place subsys mutexes in distinct lockdep classes
Previous by thread: [PATCH v2] ipset: enable memory accounting for ipset allocations
Next by thread: Re: [PATCH] ipset: enable memory accounting for ipset allocations
Index(es):
- Date
- Thread

[Index of Archives] [Netfitler Users] [Berkeley Packet Filter] [LARTC] [Bugtraq] [Yosemite Forum]

Powered by Linux