netfilter: Add fail-open support
authorKrishna Kumar <krkumar2@in.ibm.com>
Thu, 24 May 2012 03:56:44 +0000 (03:56 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 7 Jun 2012 12:58:39 +0000 (14:58 +0200)
commitfdb694a01f1fcd30fd16d8aa290c34699fe98a17
tree4da135c27f582e3a3f6891a4bc4bf4abb6a57829
parent68c07cb6d8aa05daf38ab47d5bb674d81a2066fb
netfilter: Add fail-open support

Implement a new "fail-open" mode where packets are not dropped
upon queue-full condition. This mode can be enabled/disabled per
queue using netlink NFQA_CFG_FLAGS & NFQA_CFG_MASK attributes.

Signed-off-by: Krishna Kumar <krkumar2@in.ibm.com>
Signed-off-by: Vivek Kashyap <vivk@us.ibm.com>
Signed-off-by: Sridhar Samudrala <samudrala@us.ibm.com>
include/linux/netfilter/nfnetlink_queue.h
net/netfilter/nfnetlink_queue.c