]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: ed3ba9b) | patch
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only
authorPablo Neira Ayuso <pablo@netfilter.org>
Fri, 21 Mar 2025 22:24:20 +0000 (23:24 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 2 Apr 2025 20:50:56 +0000 (22:50 +0200)
commit9d74da1177c800eb3d51c13f9821b7b0683845a5
tree6d10a227eecb828b89c0dadb72f1717a14ed3c4etree
parented3ba9b6e280e14cc3148c1b226ba453f02fa76ccommit | diff
netfilter: nft_set_hash: GC reaps elements with conncount for dynamic sets only

conncount has its own GC handler which determines when to reap stale
elements, this is convenient for dynamic sets. However, this also reaps
non-dynamic sets with static configurations coming from control plane.
Always run connlimit gc handler but honor feedback to reap element if
this set is dynamic.

Fixes: 290180e2448c ("netfilter: nf_tables: add connlimit support")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_set_hash.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.