diff options
| author | Jesper Dangaard Brouer <hawk@comx.dk> | 2010-04-23 06:34:56 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-04-23 06:34:56 -0400 |
| commit | af740b2c8f4521e2c45698ee6040941a82d6349d (patch) | |
| tree | ae9fb87ebbfd422b07cb8e027fbe13e9c40c403e /net/netfilter/nf_conntrack_core.c | |
| parent | cecc74de25d2cfb08e7702cd38e3f195950f1228 (diff) | |
netfilter: nf_conntrack: extend with extra stat counter
I suspect an unfortunatly series of events occuring under a DDoS
attack, in function __nf_conntrack_find() nf_contrack_core.c.
Adding a stats counter to see if the search is restarted too often.
Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/nf_conntrack_core.c')
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 0c9bbe93cc1..3907efb97a7 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c | |||
| @@ -319,8 +319,10 @@ begin: | |||
| 319 | * not the expected one, we must restart lookup. | 319 | * not the expected one, we must restart lookup. |
| 320 | * We probably met an item that was moved to another chain. | 320 | * We probably met an item that was moved to another chain. |
| 321 | */ | 321 | */ |
| 322 | if (get_nulls_value(n) != hash) | 322 | if (get_nulls_value(n) != hash) { |
| 323 | NF_CT_STAT_INC(net, search_restart); | ||
| 323 | goto begin; | 324 | goto begin; |
| 325 | } | ||
| 324 | local_bh_enable(); | 326 | local_bh_enable(); |
| 325 | 327 | ||
| 326 | return NULL; | 328 | return NULL; |