michael/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
linux-5.15.y
linux/include/net
History
Fernando Fernandez Mancera b160895d6b netfilter: nf_conncount: rework API to use sk_buff directly 
[ Upstream commit be102eb6a0 ]

When using nf_conncount infrastructure for non-confirmed connections a
duplicated track is possible due to an optimization introduced since
commit d265929930 ("netfilter: nf_conncount: reduce unnecessary GC").

In order to fix this introduce a new conncount API that receives
directly an sk_buff struct.  It fetches the tuple and zone and the
corresponding ct from it. It comes with both existing conncount variants
nf_conncount_count_skb() and nf_conncount_add_skb(). In addition remove
the old API and adjust all the users to use the new one.

This way, for each sk_buff struct it is possible to check if there is a
ct present and already confirmed. If so, skip the add operation.

Fixes: d265929930 ("netfilter: nf_conncount: reduce unnecessary GC")
Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Stable-dep-of: 69894e5b4c ("netfilter: nft_connlimit: update the count if add was skipped")
Signed-off-by: Sasha Levin <sashal@kernel.org>
2026-01-19 13:09:35 +01:00
..
9p
9p: Add client parameter to p9_req_put()
2022-08-17 14:24:07 +02:00
bluetooth
Bluetooth: SCO: Fix UAF on sco_sock_timeout
2025-05-02 07:44:25 +02:00
caif
net: remove the caif_hsi driver
2021-07-01 13:19:48 -07:00
iucv
net/af_iucv: don't track individual TX skbs for TRANS_HIPER sockets
2021-01-28 20:36:21 -08:00
netfilter
netfilter: nf_conncount: rework API to use sk_buff directly
2026-01-19 13:09:35 +01:00
netns
Namespaceify mtu_expires sysctl
2025-03-13 12:50:43 +01:00
nfc
net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
2025-12-07 06:09:20 +09:00
phonet
sctp
sctp: detect and prevent references to a freed transport in sendmsg
2025-05-02 07:44:04 +02:00
tc_act
net_sched: act_connmark: use RCU in tcf_connmark_dump()
2025-12-07 06:09:28 +09:00
6lowpan.h
act_api.h
net: sched: act: move global static variable net_id to tc_action_ops
2025-12-07 06:09:28 +09:00
addrconf.h
ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr
2024-04-17 11:15:14 +02:00
af_ieee802154.h
af_rxrpc.h
afs: Don't truncate iter during data fetch
2021-04-23 10:17:26 +01:00
af_unix.h
af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc().
2024-05-02 16:24:47 +02:00
af_vsock.h
vsock: each transport cycles only on its own sockets
2022-03-23 09:16:41 +01:00
ah.h
arp.h
ipv4: Invalidate neighbour for broadcast address upon address addition
2022-04-13 20:59:05 +02:00
atmclip.h
ax25.h
ax25: fix reference count leaks of ax25_dev
2022-04-20 09:34:22 +02:00
ax88796.h
ax88796: export ax_NS8390_init() hook
2021-08-03 13:05:25 +01:00
bareudp.h
bond_3ad.h
bonding: update LACP activity flag after setting lacp_active
2025-08-28 16:24:38 +02:00
bond_alb.h
bonding (gcc13): synchronize bond_{a,t}lb_xmit() types
2023-06-14 11:13:00 +02:00
bond_options.h
Bonding: add arp_missed_max option
2023-06-05 09:21:19 +02:00
bonding.h
bonding: fix macvlan over alb bond support
2023-08-30 16:18:15 +02:00
bpf_sk_storage.h
bpf: struct sock is declared twice in bpf_sk_storage header
2021-03-26 17:43:55 +01:00
busy_poll.h
net: busy-poll: use ktime_get_ns() instead of local_clock()
2024-09-04 13:23:40 +02:00
calipso.h
cfg80211-wext.h
cfg80211.h
wifi: cfg80211: Fix interface type validation
2025-08-28 16:24:20 +02:00
cfg802154.h
mac802154: fix llsec key resources release in mac802154_llsec_key_del
2024-04-10 16:18:39 +02:00
checksum.h
net: Fix checksum update for ILA adj-transport
2025-06-27 11:05:38 +01:00
cipso_ipv4.h
cls_cgroup.h
net/cls_cgroup: Fix task_get_classid() during qdisc run
2025-12-07 06:09:22 +09:00
codel_impl.h
codel_qdisc.h
codel.h
compat.h
net/ipv4/ipv6: Replace one-element arraya with flexible-array members
2021-08-05 11:46:42 +01:00
datalink.h
dcbevent.h
dcbnl.h
devlink.h
devlink: Use xarray to store devlink instances
2021-08-14 13:59:10 +01:00
dsa.h
net: dsa: introduce preferred_default_local_cpu_port and use on MT7530
2024-04-27 17:05:29 +02:00
dsfield.h
dst_cache.h
wireguard: device: reset peer src endpoint when netns exits
2021-12-08 09:04:46 +01:00
dst_metadata.h
net: fix a memleak when uncloning an skb dst and its metadata
2022-02-16 12:56:30 +01:00
dst_ops.h
net: fix __dst_negative_advice() race
2024-06-16 13:39:59 +02:00
dst.h
include: net: add static inline dst_dev_overhead() to dst.h
2025-03-13 12:50:58 +01:00
erspan.h
esp.h
esp: limit skb_page_frag_refill use to a single page
2022-04-27 14:38:52 +02:00
espintcp.h
ethoc.h
failover.h
fib_notifier.h
fib_rules.h
ipv6: fix memory leak in fib6_rule_suppress
2021-12-08 09:04:43 +01:00
firewire.h
flow_dissector.h
net: extract port range fields from fl_flow_key
2025-03-13 12:50:52 +01:00
flow_offload.h
net: extract port range fields from fl_flow_key
2025-03-13 12:50:52 +01:00
flow.h
net: Add l3mdev index to flow struct and avoid oif reset for port devices
2024-10-17 15:11:57 +02:00
fou.h
fq_impl.h
net/fq_impl: do not maintain a backlog-sorted list of flows
2021-01-21 13:33:45 +01:00
fq.h
net/fq_impl: do not maintain a backlog-sorted list of flows
2021-01-21 13:33:45 +01:00
garp.h
gen_stats.h
genetlink.h
genetlink: hold RCU in genlmsg_mcast()
2024-11-01 01:52:34 +01:00
geneve.h
gre.h
ip_gre: add csum offload support for gre header
2021-01-29 20:39:14 -08:00
gro_cells.h
gro.h
gro: add combined call_gro_receive() + INDIRECT_CALL_INET() helper
2021-03-18 19:51:12 -07:00
gtp.h
gue.h
hwbm.h
icmp.h
ipv6: ICMPV6: add response to ICMPV6 RFC 8335 PROBE messages
2021-06-28 14:29:45 -07:00
ieee80211_radiotap.h
mac80211: Use flex-array for radiotap header bitmap
2021-08-13 09:58:25 +02:00
ieee802154_netdev.h
net: ieee802154: return -EINVAL for unknown addr type
2022-10-26 12:35:54 +02:00
if_inet6.h
net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX
2023-12-20 15:17:34 +01:00
ife.h
ila.h
inet6_connection_sock.h
inet6_hashtables.h
net: remove duplicate reuseport_lookup functions
2024-06-16 13:39:21 +02:00
inet_common.h
bpf: Allow rewriting to ports under ip_unprivileged_port_start
2021-01-27 18:18:15 -08:00
inet_connection_sock.h
tcp/dccp: allow a connection when sk_max_ack_backlog is zero
2025-01-23 17:15:49 +01:00
inet_ecn.h
inet_ecn: Use csum16_add() helper for IP_ECN_set_* helpers
2020-12-14 18:38:58 -08:00
inet_frag.h
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
2022-01-27 11:05:35 +01:00
inet_hashtables.h
net: remove duplicate reuseport_lookup functions
2024-06-16 13:39:21 +02:00
inet_sock.h
net: allow unbound socket for packets in VRF when tcp_l3mdev_accept set
2022-08-17 14:23:36 +02:00
inet_timewait_sock.h
inetpeer.h
ioam6.h
ipv6: ioam: Support for IOAM injection with lwtunnels
2021-07-21 08:14:33 -07:00
ip6_checksum.h
ip6_fib.h
net: fib: avoid warn splat in flow dissector
2023-09-19 12:22:58 +02:00
ip6_route.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2021-08-05 15:08:47 -07:00
ip6_tunnel.h
ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode
2022-05-09 09:14:36 +02:00
ip_fib.h
ipv4/fib: send notify when delete source address routes
2023-10-25 11:59:00 +02:00
ip_tunnels.h
net/ip6_tunnel: Prevent perpetual tunnel growth
2025-10-29 14:03:08 +01:00
ip_vs.h
ipvs: Update width of source for ip_vs_sync_conn_options
2023-05-24 17:36:46 +01:00
ip.h
ipv4: ignore dst hint for multipath routes
2023-09-19 12:22:58 +02:00
ipcomp.h
ipconfig.h
ipv6_frag.h
inet: frags: annotate races around fqdir->dead and fqdir->high_thresh
2022-01-27 11:05:35 +01:00
ipv6_stubs.h
bpf: Derive source IP addr via bpf_*_fib_lookup()
2024-03-06 14:38:50 +00:00
ipv6.h
ipv6: Fix signed integer overflow in __ip6_append_data
2025-04-10 14:31:48 +02:00
iw_handler.h
kcm.h
kcm: Serialise kcm_sendmsg() for the same socket.
2024-09-04 13:23:32 +02:00
l3mdev.h
vrf: use RCU protection in l3mdev_l3_out()
2025-03-13 12:50:35 +01:00
lag.h
lapb.h
net: lapb: increase LAPB_HEADER_LEN
2024-12-19 18:07:20 +01:00
lib80211.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc: Drop support for ETH_P_TR_802_2.
2024-02-23 08:54:27 +01:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
llc: fix out-of-bound array index in llc_sk_dev_hash()
2021-11-18 19:17:10 +01:00
lwtunnel.h
lwt: Check LWTUNNEL_XMIT_CONTINUE strictly
2023-09-19 12:22:34 +02:00
mac80211.h
wifi: mac80211: don't complete management TX on SAE commit
2025-08-28 16:24:21 +02:00
mac802154.h
macsec.h
net: macsec: indicate next pn update when offloading
2023-10-19 23:05:34 +02:00
mctp.h
mctp: Handle error of rtnl_register_module().
2024-10-17 15:11:57 +02:00
mctpdevice.h
mctp: Remove the repeated declaration
2021-08-25 11:23:14 +01:00
mip6.h
mld.h
mld: add new workqueues for process mld events
2021-03-26 15:14:56 -07:00
mpls_iptunnel.h
mpls.h
mptcp.h
mptcp: remove MPTCP 'ifdef' in TCP SYN cookies
2023-01-12 11:58:52 +01:00
mrp.h
mrp: introduce active flags to prevent UAF when applicant uninit
2022-12-31 13:14:42 +01:00
ncsi.h
ndisc.h
ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()
2022-03-08 19:12:33 +01:00
neighbour.h
neighbour: delete neigh_lookup_nodev as not used
2023-06-21 15:59:19 +02:00
net_failover.h
net_namespace.h
net: defer final 'struct net' free in netns dismantle
2025-05-02 07:44:23 +02:00
net_ratelimit.h
netevent.h
netlabel.h
netlink.h
net: netlink: add the case when nlh is NULL
2021-07-27 11:43:50 +01:00
netprio_cgroup.h
netrom.h
nexthop.h
net: ipv4: Fix rtnexthop len when RTA_FLOW is present
2021-09-24 14:07:10 +01:00
nl802154.h
net: ieee802154: handle iftypes as u32
2021-12-01 09:04:46 +01:00
nsh.h
p8022.h
page_pool.h
page_pool: fix inconsistency for page_pool_ring_[un]lock()
2023-06-05 09:21:22 +02:00
pie.h
ping.h
pkt_cls.h
sch_htb: Fix inconsistency when leaf qdisc creation fails
2021-08-30 16:33:59 -07:00
pkt_sched.h
net/sched: sch_qfq: Fix null-deref in agg_dequeue
2025-12-07 06:09:12 +09:00
pptp.h
protocol.h
tcp/udp: Make early_demux back namespacified.
2022-11-10 18:15:38 +01:00
psample.h
psample: Add a fwd declaration for skbuff
2021-08-09 15:34:21 -07:00
psnap.h
raw.h
raw: Fix a data-race around sysctl_raw_l3mdev_accept.
2022-07-21 21:24:27 +02:00
rawv6.h
red.h
sch_red: fix off-by-one checks in red_check_params()
2021-03-25 17:40:43 -07:00
regulatory.h
net/wireless: regulatory.h: drop duplicate word in comment
2020-07-31 09:24:23 +02:00
request_sock.h
tcp: Use BPF timeout setting for SYN ACK RTO
2024-07-05 09:14:41 +02:00
rose.h
route.h
ipv4: add RCU protection to ip4_dst_hoplimit()
2025-03-13 12:50:42 +01:00
rpl.h
ipv6: rpl: Fix Route of Death.
2023-06-14 11:13:02 +02:00
rsi_91x.h
rtnetlink.h
net: rtnetlink: add bulk delete support flag
2025-10-29 14:03:11 +01:00
rtnh.h
sch_generic.h
net_sched: Flush gso_skb list too during ->change()
2025-05-22 14:08:22 +02:00
scm.h
scm: fix MSG_CTRUNC setting condition for SO_PASSSEC
2023-05-11 23:00:26 +09:00
secure_seq.h
secure_seq: use the 64 bits of the siphash for port offset calculation
2022-05-18 10:26:53 +02:00
seg6_hmac.h
seg6_local.h
seg6.h
udp6: Use Segment Routing Header for dest address if present
2022-01-27 11:05:05 +01:00
selftests.h
net: selftest: fix build issue if INET is disabled
2021-04-28 14:06:45 -07:00
slhc_vj.h
smc.h
net/smc: introduce CHID callback for ISM devices
2020-09-28 15:19:03 -07:00
snmp.h
sock_reuseport.h
soreuseport: Fix socket selection for SO_INCOMING_CPU.
2022-12-31 13:14:07 +01:00
sock.h
inet: Avoid ehash lookup race in inet_ehash_insert()
2026-01-19 13:09:23 +01:00
Space.h
wan: remove sbni/granch driver
2021-08-03 13:05:26 +01:00
stp.h
strparser.h
tls: rx: don't store the decryption status in socket context
2024-03-06 14:38:47 +00:00
switchdev.h
net: make switchdev_bridge_port_{,unoffload} loosely coupled with the bridge
2021-08-04 12:35:07 +01:00
tcp_states.h
tcp.h
tcp: check skb is non-NULL in tcp_rto_delta_us()
2024-10-17 15:11:08 +02:00
timewait_sock.h
tipc.h
tls_toe.h
tls.h
net: tls: Cancel RX async resync request on rcd_delta overflow
2025-12-07 06:09:31 +09:00
transp_v6.h
tso.h
tun_proto.h
udp_tunnel.h
rxrpc: Fix ICMP/ICMP6 error handling
2022-09-15 11:30:05 +02:00
udp.h
net: drop UFO packets in udp_rcv_segment()
2025-08-28 16:24:13 +02:00
udplite.h
tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct().
2023-04-26 13:51:54 +02:00
vsock_addr.h
vxlan.h
vxlan: Fix nexthop hash size
2023-08-11 15:13:54 +02:00
wext.h
x25.h
x25device.h
xdp_priv.h
xdp_sock_drv.h
i40e: xsk: Move tmp desc array from driver to pool
2022-06-14 18:36:18 +02:00
xdp_sock.h
xdp: Add proper __rcu annotations to redirect map entries
2021-06-24 19:41:15 +02:00
xdp.h
xdp: Allow registering memory model without rxq reference
2023-06-05 09:21:21 +02:00
xfrm.h
Revert "xfrm: destroy xfrm_state synchronously on net exit path"
2026-01-19 13:09:18 +01:00
xsk_buff_pool.h
xsk: Fix unaligned descriptor validation
2023-05-11 23:00:27 +09:00