diff options
author | Jesper Dangaard Brouer <hawk@comx.dk> | 2010-04-23 06:34:56 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-04-23 06:34:56 -0400 |
commit | af740b2c8f4521e2c45698ee6040941a82d6349d (patch) | |
tree | ae9fb87ebbfd422b07cb8e027fbe13e9c40c403e /net/ipv4 | |
parent | cecc74de25d2cfb08e7702cd38e3f195950f1228 (diff) |
netfilter: nf_conntrack: extend with extra stat counter
I suspect an unfortunatly series of events occuring under a DDoS
attack, in function __nf_conntrack_find() nf_contrack_core.c.
Adding a stats counter to see if the search is restarted too often.
Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c index 2fb7b76da94f..244f7cb08d68 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c | |||
@@ -336,12 +336,12 @@ static int ct_cpu_seq_show(struct seq_file *seq, void *v) | |||
336 | const struct ip_conntrack_stat *st = v; | 336 | const struct ip_conntrack_stat *st = v; |
337 | 337 | ||
338 | if (v == SEQ_START_TOKEN) { | 338 | if (v == SEQ_START_TOKEN) { |
339 | seq_printf(seq, "entries searched found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error expect_new expect_create expect_delete\n"); | 339 | seq_printf(seq, "entries searched found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error expect_new expect_create expect_delete search_restart\n"); |
340 | return 0; | 340 | return 0; |
341 | } | 341 | } |
342 | 342 | ||
343 | seq_printf(seq, "%08x %08x %08x %08x %08x %08x %08x %08x " | 343 | seq_printf(seq, "%08x %08x %08x %08x %08x %08x %08x %08x " |
344 | "%08x %08x %08x %08x %08x %08x %08x %08x \n", | 344 | "%08x %08x %08x %08x %08x %08x %08x %08x %08x\n", |
345 | nr_conntracks, | 345 | nr_conntracks, |
346 | st->searched, | 346 | st->searched, |
347 | st->found, | 347 | st->found, |
@@ -358,7 +358,8 @@ static int ct_cpu_seq_show(struct seq_file *seq, void *v) | |||
358 | 358 | ||
359 | st->expect_new, | 359 | st->expect_new, |
360 | st->expect_create, | 360 | st->expect_create, |
361 | st->expect_delete | 361 | st->expect_delete, |
362 | st->search_restart | ||
362 | ); | 363 | ); |
363 | return 0; | 364 | return 0; |
364 | } | 365 | } |