michael/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
linux-5.10.y
linux/include/net
History
Fernando Fernandez Mancera 6e86f0eca8 netfilter: nf_conncount: rework API to use sk_buff directly 
[ Upstream commit be102eb6a0 ]

When using nf_conncount infrastructure for non-confirmed connections a
duplicated track is possible due to an optimization introduced since
commit d265929930 ("netfilter: nf_conncount: reduce unnecessary GC").

In order to fix this introduce a new conncount API that receives
directly an sk_buff struct.  It fetches the tuple and zone and the
corresponding ct from it. It comes with both existing conncount variants
nf_conncount_count_skb() and nf_conncount_add_skb(). In addition remove
the old API and adjust all the users to use the new one.

This way, for each sk_buff struct it is possible to check if there is a
ct present and already confirmed. If so, skip the add operation.

Fixes: d265929930 ("netfilter: nf_conncount: reduce unnecessary GC")
Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Stable-dep-of: 69894e5b4c ("netfilter: nft_connlimit: update the count if add was skipped")
Signed-off-by: Sasha Levin <sashal@kernel.org>
2026-01-19 13:11:35 +01:00
..
9p
net: 9p: drop duplicate word in comment
2020-07-15 20:34:11 -07:00
bluetooth
Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE"
2024-09-12 11:06:43 +02:00
caif
net: caif: add proper error handling
2021-06-10 13:39:24 +02:00
iucv
net/af_iucv: clean up function prototypes
2020-05-19 12:50:14 -07:00
netfilter
netfilter: nf_conncount: rework API to use sk_buff directly
2026-01-19 13:11:35 +01:00
netns
xfrm: fix a data-race in xfrm_gen_index()
2023-10-25 11:54:19 +02:00
nfc
net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
2025-12-07 06:08:12 +09:00
phonet
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 336
2019-06-05 17:37:07 +02:00
sctp
sctp: hold endpoint before calling cb in sctp_transport_lookup_process
2025-12-07 06:08:16 +09:00
tc_act
net_sched: act_ctinfo: use atomic64_t for three counters
2025-08-28 16:22:33 +02:00
6lowpan.h
6lowpan: Replace zero-length array with flexible-array member
2020-02-28 14:51:30 +01:00
act_api.h
net: sched: fix err handler in tcf_action_init()
2021-04-14 08:42:05 +02:00
addrconf.h
ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
2024-05-02 16:23:34 +02:00
af_ieee802154.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
2019-05-30 11:26:41 -07:00
af_rxrpc.h
rxrpc: Make rxrpc_kernel_get_srtt() indicate validity
2020-08-20 18:21:28 +01:00
af_unix.h
af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc().
2024-05-02 16:23:43 +02:00
af_vsock.h
vsock: each transport cycles only on its own sockets
2022-03-23 09:13:27 +01:00
ah.h
arp.h
ipv4: Invalidate neighbour for broadcast address upon address addition
2022-04-13 21:00:57 +02:00
atmclip.h
ax25.h
ax25: fix reference count leaks of ax25_dev
2022-04-20 09:23:31 +02:00
ax88796.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
bareudp.h
bareudp: Reverted support to enable & disable rx metadata collection
2020-07-21 18:30:47 -07:00
bond_3ad.h
net: bonding: Share lacpdu_mcast_addr definition
2022-09-28 11:10:31 +02:00
bond_alb.h
bonding (gcc13): synchronize bond_{a,t}lb_xmit() types
2023-06-14 11:09:31 +02:00
bond_options.h
bonding: add an option to specify a delay between peer notifications
2019-07-04 12:30:48 -07:00
bonding.h
bonding: fix macvlan over alb bond support
2023-08-30 16:23:14 +02:00
bpf_sk_storage.h
bpf: Change bpf_sk_storage_*() to accept ARG_PTR_TO_BTF_ID_SOCK_COMMON
2020-09-25 13:58:01 -07:00
busy_poll.h
net: busy-poll: use ktime_get_ns() instead of local_clock()
2024-09-04 13:17:46 +02:00
calipso.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13
2019-05-21 11:28:45 +02:00
cfg80211-wext.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
cfg80211.h
wifi: cfg80211: Fix interface type validation
2025-08-28 16:22:43 +02:00
cfg802154.h
mac802154: fix llsec key resources release in mac802154_llsec_key_del
2024-04-13 12:58:25 +02:00
checksum.h
net: Fix checksum update for ILA adj-transport
2025-06-27 11:04:24 +01:00
cipso_ipv4.h
cipso: Remove unused inline functions
2020-07-15 07:45:24 -07:00
cls_cgroup.h
net/cls_cgroup: Fix task_get_classid() during qdisc run
2025-12-07 06:08:13 +09:00
codel_impl.h
codel_qdisc.h
codel.h
compat.h
net/ipv4/ipv6: Replace one-element arraya with flexible-array members
2024-03-26 18:21:53 -04:00
datalink.h
dcbevent.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 201
2019-05-30 11:29:52 -07:00
dcbnl.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 201
2019-05-30 11:29:52 -07:00
devlink.h
devlink: Add enable_remote_dev_reset generic parameter
2020-10-09 12:06:53 -07:00
dsa.h
net: dsa: propagate switchdev vlan_filtering prepare phase to drivers
2020-10-05 05:56:48 -07:00
dsfield.h
ipv6: Annotate bitwise IPv6 dsfield pointer cast
2019-12-16 16:09:44 -08:00
dst_cache.h
wireguard: device: reset peer src endpoint when netns exits
2021-12-08 09:03:22 +01:00
dst_metadata.h
net: fix a memleak when uncloning an skb dst and its metadata
2022-02-16 12:54:26 +01:00
dst_ops.h
net: fix __dst_negative_advice() race
2024-06-16 13:32:36 +02:00
dst.h
include: net: add static inline dst_dev_overhead() to dst.h
2025-03-13 12:47:32 +01:00
erspan.h
erspan: Add type I version 0 support.
2020-05-05 13:23:29 -07:00
esp.h
esp: limit skb_page_frag_refill use to a single page
2022-04-27 13:53:48 +02:00
espintcp.h
xfrm: espintcp: save and call old ->sk_destruct
2020-04-20 07:34:16 +02:00
ethoc.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500
2019-06-19 17:09:55 +02:00
failover.h
fib_notifier.h
ipv6: Remove old route notifications and convert listeners
2019-12-24 22:37:30 -08:00
fib_rules.h
ipv6: fix memory leak in fib6_rule_suppress
2021-12-08 09:03:21 +01:00
firewire.h
flow_dissector.h
net: extract port range fields from fl_flow_key
2025-03-13 12:47:29 +01:00
flow_offload.h
net: extract port range fields from fl_flow_key
2025-03-13 12:47:29 +01:00
flow.h
net: Add l3mdev index to flow struct and avoid oif reset for port devices
2024-10-17 15:08:35 +02:00
fou.h
fq_impl.h
net/fq_impl: use skb_get_hash instead of skb_get_hash_perturb
2020-07-31 09:24:24 +02:00
fq.h
net/fq_impl: use skb_get_hash instead of skb_get_hash_perturb
2020-07-31 09:24:24 +02:00
garp.h
treewide: Use sizeof_field() macro
2019-12-09 10:36:44 -08:00
gen_stats.h
net_sched: extend packet counter to 64bit
2019-11-05 18:20:55 -08:00
genetlink.h
genetlink: hold RCU in genlmsg_mcast()
2024-11-08 16:21:57 +01:00
geneve.h
net: Move the definition of the default Geneve udp port to public header file
2019-03-22 12:09:31 -07:00
gre.h
gro_cells.h
gtp.h
gue.h
GUE: Fix a typo
2020-06-22 21:12:44 -07:00
hwbm.h
net: hwbm: if CONFIG_NET_HWBM unset, make stub functions static
2019-10-25 16:24:32 -07:00
icmp.h
net: icmp: pass zeroed opts from icmp{,v6}_ndo_send before sending
2021-03-04 11:38:46 +01:00
ieee80211_radiotap.h
mac80211: add radiotap flag to prevent sequence number overwrite
2020-07-31 09:27:00 +02:00
ieee802154_netdev.h
net: ieee802154: return -EINVAL for unknown addr type
2022-10-26 13:25:55 +02:00
if_inet6.h
net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX
2023-12-20 15:44:27 +01:00
ife.h
net: ife: drop include of module.h from net/ife.h
2019-04-22 21:50:53 -07:00
ila.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
inet6_connection_sock.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
inet6_hashtables.h
net: remove duplicate reuseport_lookup functions
2024-06-16 13:32:06 +02:00
inet_common.h
bpf: Allow any port in bpf_bind helper
2020-05-09 00:48:20 +02:00
inet_connection_sock.h
tcp/dccp: allow a connection when sk_max_ack_backlog is zero
2025-02-01 18:22:19 +01:00
inet_ecn.h
inet_ecn: Fix endianness of checksum update when setting ECT(1)
2020-12-01 17:16:54 -08:00
inet_frag.h
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
2022-01-27 10:54:33 +01:00
inet_hashtables.h
net: remove duplicate reuseport_lookup functions
2024-06-16 13:32:06 +02:00
inet_sock.h
net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set
2022-08-21 15:15:51 +02:00
inet_timewait_sock.h
tcp: honor SO_PRIORITY in TIME_WAIT state
2019-09-27 12:05:02 +02:00
inetpeer.h
ip6_checksum.h
tcp: remove indirect calls for icsk->icsk_af_ops->send_check
2020-06-20 17:47:53 -07:00
ip6_fib.h
ipv6: annotate accesses to fn->fn_sernum
2022-02-01 17:25:44 +01:00
ip6_route.h
net: ipv6: fix returned variable type in ip6_skb_dst_mtu
2021-08-12 13:22:07 +02:00
ip6_tunnel.h
ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
2022-05-09 09:05:04 +02:00
ip_fib.h
ipv4/fib: send notify when delete source address routes
2023-10-25 11:54:23 +02:00
ip_tunnels.h
net/ip6_tunnel: Prevent perpetual tunnel growth
2025-10-29 14:01:19 +01:00
ip_vs.h
ipvs: Update width of source for ip_vs_sync_conn_options
2023-05-30 12:57:49 +01:00
ip.h
ipv4: ignore dst hint for multipath routes
2023-09-19 12:20:26 +02:00
ipcomp.h
ipconfig.h
ipv6_frag.h
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
2022-01-27 10:54:33 +01:00
ipv6_stubs.h
net: ipv6: add fib6_nh_release_dsts stub
2021-12-01 09:19:05 +01:00
ipv6.h
ipv6: Fix signed integer overflow in __ip6_append_data
2025-04-10 14:30:48 +02:00
ipx.h
bonding/alb: properly access headers in bond_alb_xmit()
2020-02-05 14:28:09 +01:00
iw_handler.h
kcm.h
kcm: Serialise kcm_sendmsg() for the same socket.
2024-09-04 13:17:40 +02:00
l3mdev.h
vrf: use RCU protection in l3mdev_l3_out()
2025-03-13 12:47:14 +01:00
lag.h
lapb.h
net: lapb: increase LAPB_HEADER_LEN
2024-12-19 18:06:10 +01:00
lib80211.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc: fix sk_buff leak in llc_conn_service()
2019-10-08 13:23:05 -07:00
llc_if.h
llc_pdu.h
llc: Drop support for ETH_P_TR_802_2.
2024-02-23 08:41:56 +01:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
llc: fix out-of-bound array index in llc_sk_dev_hash()
2021-11-18 14:04:27 +01:00
lwtunnel.h
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
2023-09-19 12:20:09 +02:00
mac80211.h
mac80211: Add support to trigger sta disconnect on hardware restart
2024-11-08 16:22:01 +01:00
mac802154.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
2019-05-30 11:26:41 -07:00
macsec.h
net: macsec: indicate next pn update when offloading
2023-10-25 11:54:14 +02:00
mip6.h
net: mip6: Replace zero-length array with flexible-array member
2020-03-02 11:16:27 -08:00
mld.h
net: ipv6: mld: Replace zero-length array with flexible-array member
2020-02-29 21:52:20 -08:00
mpls_iptunnel.h
net: mpls: Replace zero-length array with flexible-array member
2020-02-28 12:08:37 -08:00
mpls.h
net: Make mpls_entry_encode() available for generic users
2020-05-29 21:20:20 -07:00
mptcp.h
mptcp: remove MPTCP 'ifdef' in TCP SYN cookies
2023-01-14 10:16:51 +01:00
mrp.h
mrp: introduce active flags to prevent UAF when applicant uninit
2023-01-14 10:16:18 +01:00
ncsi.h
ndisc.h
ipv6: ndisc: adjust ndisc_ifinfo_sysctl_change prototype
2020-08-24 06:40:07 -07:00
neighbour.h
neighbour: delete neigh_lookup_nodev as not used
2023-06-21 15:45:40 +02:00
net_failover.h
net_namespace.h
net: defer final 'struct net' free in netns dismantle
2025-05-02 07:41:08 +02:00
net_ratelimit.h
netevent.h
netlabel.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13
2019-05-21 11:28:45 +02:00
netlink.h
netlink: export policy in extended ACK
2020-10-09 20:22:32 -07:00
netprio_cgroup.h
netprio: use css ID instead of cgroup ID
2019-11-12 08:18:03 -08:00
netrom.h
net: netrom: Fix error cleanup path of nr_proto_init
2019-04-11 13:59:49 -07:00
nexthop.h
nexthop: Emit a notification when a nexthop is added
2025-10-02 13:35:46 +02:00
nl802154.h
net: ieee802154: handle iftypes as u32
2021-12-01 09:19:03 +01:00
nsh.h
p8022.h
page_pool.h
mm: fix struct page layout on 32-bit systems
2021-05-19 10:13:17 +02:00
pie.h
pie: realign comment
2020-03-04 13:25:55 -08:00
ping.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
pkt_cls.h
net: zero-initialize tc skb extension on allocation
2021-06-03 09:00:51 +02:00
pkt_sched.h
net/sched: sch_qfq: Fix null-deref in agg_dequeue
2025-12-07 06:08:06 +09:00
pptp.h
protocol.h
tcp/udp: Make early_demux back namespacified.
2022-11-10 18:14:26 +01:00
psample.h
psample: Add a fwd declaration for skbuff
2021-08-18 08:59:11 +02:00
psnap.h
raw.h
raw: Fix a data-race around sysctl_raw_l3mdev_accept.
2022-07-21 21:20:10 +02:00
rawv6.h
red.h
sch_red: fix off-by-one checks in red_check_params()
2021-04-14 08:42:07 +02:00
regulatory.h
net/wireless: regulatory.h: drop duplicate word in comment
2020-07-31 09:24:23 +02:00
request_sock.h
tcp: bpf: Optionally store mac header in TCP_SAVE_SYN
2020-08-24 14:35:00 -07:00
rose.h
route.h
lsm,selinux: pass flowi_common instead of flowi to the LSM hooks
2022-06-09 10:21:09 +02:00
rpl.h
ipv6: rpl: Fix Route of Death.
2023-06-14 11:09:42 +02:00
rsi_91x.h
rtnetlink.h
net: rtnetlink: add bulk delete support flag
2025-10-29 14:01:21 +01:00
rtnh.h
net: Rename net/nexthop.h net/rtnh.h
2019-04-22 21:47:25 -07:00
sch_generic.h
net_sched: Flush gso_skb list too during ->change()
2025-06-04 14:36:56 +02:00
scm.h
scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
2023-05-17 11:47:47 +02:00
secure_seq.h
secure_seq: use the 64 bits of the siphash for port offset calculation
2022-05-30 09:33:23 +02:00
seg6_hmac.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
seg6_local.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
seg6.h
seg6: fix seg6_validate_srh() to avoid slab-out-of-bounds
2020-06-04 15:39:32 -07:00
slhc_vj.h
smc.h
net/smc: introduce CHID callback for ISM devices
2020-09-28 15:19:03 -07:00
snmp.h
net/tls: add skeleton of MIB statistics
2019-10-05 16:29:00 -07:00
sock_reuseport.h
udp: Update reuse->has_conns under reuseport_lock.
2022-10-30 09:41:19 +01:00
sock.h
inet: Avoid ehash lookup race in inet_ehash_insert()
2026-01-19 13:11:27 +01:00
Space.h
stp.h
strparser.h
bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding
2021-11-18 14:04:27 +01:00
switchdev.h
bridge: switchdev: Notify about VLAN protocol changes
2022-12-02 17:39:57 +01:00
tcp_states.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
tcp.h
bpf: Clean up sockmap related Kconfigs
2025-06-27 11:04:09 +01:00
timewait_sock.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152
2019-05-30 11:26:32 -07:00
tipc.h
tls_toe.h
net/tls: rename tls_hw_* functions tls_toe_*
2019-10-04 14:07:07 -07:00
tls.h
net: tls: Cancel RX async resync request on rcd_delta overflow
2025-12-07 06:08:20 +09:00
transp_v6.h
tcp: move ipv4_specific to tcp include file
2020-06-23 20:10:15 -07:00
tso.h
net: tso: cache transport header length
2020-06-18 20:46:23 -07:00
tun_proto.h
udp_tunnel.h
udp: call udp_encap_enable for v6 sockets when enabling encap
2022-04-08 14:39:54 +02:00
udp.h
net: drop UFO packets in udp_rcv_segment()
2025-08-28 16:22:37 +02:00
udplite.h
tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
2023-04-26 11:27:41 +02:00
vsock_addr.h
vsock: remove include/linux/vm_sockets.h file
2019-11-14 18:12:17 -08:00
vxlan.h
vxlan: Fix nexthop hash size
2023-08-11 11:57:50 +02:00
wext.h
wimax.h
net: wimax: fix duplicate words in comments
2020-07-15 20:34:02 -07:00
x25.h
net/x25: add new state X25_STATE_5
2019-12-09 10:28:43 -08:00
x25device.h
xdp_priv.h
page_pool: do not release pool until inflight == 0.
2019-11-16 12:39:10 -08:00
xdp_sock_drv.h
xsk: i40e: ice: ixgbe: mlx5: Test for dma_need_sync earlier for better performance
2020-08-31 21:15:04 +02:00
xdp_sock.h
xsk: Fix race in SKB mode transmit with shared cq
2021-01-17 14:17:05 +01:00
xdp.h
xdp: Allow registering memory model without rxq reference
2024-07-05 09:12:48 +02:00
xfrm.h
Revert "xfrm: destroy xfrm_state synchronously on net exit path"
2026-01-19 13:11:24 +01:00
xsk_buff_pool.h
xsk: Fix unaligned descriptor validation
2023-05-17 11:47:50 +02:00