From: Patrick McHardy <kaber@trash.net>
Date: Sun, 8 Jul 2007 05:36:24 +0000 (-0700)
Subject: [NETFILTER]: nf_conntrack_expect: introduce nf_conntrack_expect_max sysct
X-Git-Tag: v2.6.23-rc1~1109^2~58
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f264a7df08d50bb4a23be6a9aa06940e497ac1c4;p=pandora-kernel.git

[NETFILTER]: nf_conntrack_expect: introduce nf_conntrack_expect_max sysct

As a last step of preventing DoS by creating lots of expectations, this
patch introduces a global maximum and a sysctl to control it. The default
is initialized to 4 * the expectation hash table size, which results in
1/64 of the default maxmimum of conntracks.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed