diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2009-03-16 10:18:50 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2009-03-16 10:18:50 -0400 |
commit | 1db7a748dfd50d7615913730763c024444900030 (patch) | |
tree | 66a89288be39fc7b6575c2039006b48e16889c21 /net/ipv4 | |
parent | 67c0d57930ff9a24c6c34abee1b01f7716a9b0e2 (diff) |
netfilter: conntrack: increase drop stats if sequence adjustment fails
This patch increases the statistics of packets drop if the sequence
adjustment fails in ipv4_confirm().
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 4beb04fac588..8b681f24e271 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -120,8 +120,10 @@ static unsigned int ipv4_confirm(unsigned int hooknum, | |||
120 | typeof(nf_nat_seq_adjust_hook) seq_adjust; | 120 | typeof(nf_nat_seq_adjust_hook) seq_adjust; |
121 | 121 | ||
122 | seq_adjust = rcu_dereference(nf_nat_seq_adjust_hook); | 122 | seq_adjust = rcu_dereference(nf_nat_seq_adjust_hook); |
123 | if (!seq_adjust || !seq_adjust(skb, ct, ctinfo)) | 123 | if (!seq_adjust || !seq_adjust(skb, ct, ctinfo)) { |
124 | NF_CT_STAT_INC_ATOMIC(nf_ct_net(ct), drop); | ||
124 | return NF_DROP; | 125 | return NF_DROP; |
126 | } | ||
125 | } | 127 | } |
126 | out: | 128 | out: |
127 | /* We've seen it coming out the other side: confirm it */ | 129 | /* We've seen it coming out the other side: confirm it */ |