aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorJesper Dangaard Brouer <hawk@comx.dk>2010-04-23 06:34:56 -0400
committerPatrick McHardy <kaber@trash.net>2010-04-23 06:34:56 -0400
commitaf740b2c8f4521e2c45698ee6040941a82d6349d (patch)
treeae9fb87ebbfd422b07cb8e027fbe13e9c40c403e /net/ipv4
parentcecc74de25d2cfb08e7702cd38e3f195950f1228 (diff)
netfilter: nf_conntrack: extend with extra stat counter
I suspect an unfortunatly series of events occuring under a DDoS attack, in function __nf_conntrack_find() nf_contrack_core.c. Adding a stats counter to see if the search is restarted too often. Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index 2fb7b76da94f..244f7cb08d68 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -336,12 +336,12 @@ static int ct_cpu_seq_show(struct seq_file *seq, void *v)
336 const struct ip_conntrack_stat *st = v; 336 const struct ip_conntrack_stat *st = v;
337 337
338 if (v == SEQ_START_TOKEN) { 338 if (v == SEQ_START_TOKEN) {
339 seq_printf(seq, "entries searched found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error expect_new expect_create expect_delete\n"); 339 seq_printf(seq, "entries searched found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error expect_new expect_create expect_delete search_restart\n");
340 return 0; 340 return 0;
341 } 341 }
342 342
343 seq_printf(seq, "%08x %08x %08x %08x %08x %08x %08x %08x " 343 seq_printf(seq, "%08x %08x %08x %08x %08x %08x %08x %08x "
344 "%08x %08x %08x %08x %08x %08x %08x %08x \n", 344 "%08x %08x %08x %08x %08x %08x %08x %08x %08x\n",
345 nr_conntracks, 345 nr_conntracks,
346 st->searched, 346 st->searched,
347 st->found, 347 st->found,
@@ -358,7 +358,8 @@ static int ct_cpu_seq_show(struct seq_file *seq, void *v)
358 358
359 st->expect_new, 359 st->expect_new,
360 st->expect_create, 360 st->expect_create,
361 st->expect_delete 361 st->expect_delete,
362 st->search_restart
362 ); 363 );
363 return 0; 364 return 0;
364} 365}