diff options
author | Vasily Averin <vvs@virtuozzo.com> | 2020-09-25 11:56:02 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-10-04 21:08:25 +0200 |
commit | 9446ab34ace256e5e470c5aa221d46e544ad895e (patch) | |
tree | d713cfca44e780cd30cc0929ae16acc67acf572d /net/ipv6/ip6_checksum.c | |
parent | 82ec6630f9fcd129ebd839a6c862d0dbffe9eafc (diff) |
netfilter: ipset: enable memory accounting for ipset allocations
Currently netadmin inside non-trusted container can quickly allocate
whole node's memory via request of huge ipset hashtable.
Other ipset-related memory allocations should be restricted too.
v2: fixed typo ALLOC -> ACCOUNT
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv6/ip6_checksum.c')
0 files changed, 0 insertions, 0 deletions