Commit aa584016 authored by lvxiafei's avatar lvxiafei Committed by Pablo Neira Ayuso
Browse files

netfilter: conntrack: table full detailed log 



Add the netns field in the "nf_conntrack: table full, dropping packet"
log to help locate the specific netns when the table is full.

Signed-off-by: default avatarlvxiafei <lvxiafei@sensetime.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent faa60990

net/netfilter/nf_conntrack_core.c

+5 −1
Original line number Diff line number Diff line
@@ -1673,7 +1673,11 @@ __nf_conntrack_alloc(struct net *net, 
			if (!conntrack_gc_work.early_drop)

				conntrack_gc_work.early_drop = true;

			atomic_dec(&cnet->count);

			if (net == &init_net)

				net_warn_ratelimited("nf_conntrack: table full, dropping packet\n");

			else

				net_warn_ratelimited("nf_conntrack: table full in netns %u, dropping packet\n",

						     net->ns.inum);

			return ERR_PTR(-ENOMEM);

		}

	}