* [PATCH] netfilter: better wording for table-full message
@ 2011-08-23 13:07 Jan Engelhardt
2011-08-23 13:25 ` Florian Westphal
0 siblings, 1 reply; 4+ messages in thread
From: Jan Engelhardt @ 2011-08-23 13:07 UTC (permalink / raw)
To: Patrick McHardy; +Cc: hawk, Netfilter Developer Mailing List
Like this?
parent ad146381889371c2d1b89b27d9dc70ae257fc1c8 (v3.1-rc2-2-gad14638)
commit 51b33b93d4c2e6c63afb177158f660fd17daf47c
Author: Jan Engelhardt <jengelh@medozas.de>
Date: Tue Aug 23 15:07:00 2011 +0200
netfilter: better wording for table-full message
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
---
net/netfilter/nf_conntrack_core.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index f7af8b8..eb4be11 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -649,8 +649,9 @@ __nf_conntrack_alloc(struct net *net, u16 zone,
atomic_dec(&net->ct.count);
if (net_ratelimit())
printk(KERN_WARNING
- "nf_conntrack: table full, dropping"
- " packet.\n");
+ "nf_conntrack: table full, no new "
+ "CT created, packet will have "
+ "classification INVALID.\n");
return ERR_PTR(-ENOMEM);
}
}
--
# Created with git-export-patch
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] netfilter: better wording for table-full message
2011-08-23 13:07 [PATCH] netfilter: better wording for table-full message Jan Engelhardt
@ 2011-08-23 13:25 ` Florian Westphal
2011-08-23 16:19 ` Stephen Clark
2011-08-24 7:28 ` Patrick McHardy
0 siblings, 2 replies; 4+ messages in thread
From: Florian Westphal @ 2011-08-23 13:25 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Patrick McHardy, hawk, Netfilter Developer Mailing List
Jan Engelhardt <jengelh@medozas.de> wrote:
> parent ad146381889371c2d1b89b27d9dc70ae257fc1c8 (v3.1-rc2-2-gad14638)
> commit 51b33b93d4c2e6c63afb177158f660fd17daf47c
> Author: Jan Engelhardt <jengelh@medozas.de>
> Date: Tue Aug 23 15:07:00 2011 +0200
>
> netfilter: better wording for table-full message
> - "nf_conntrack: table full, dropping"
> - " packet.\n");
> + "nf_conntrack: table full, no new "
> + "CT created, packet will have "
> + "classification INVALID.\n");
packets seem to be dropped after all; call chain is:
nf_conntrack_in -> resolve_normal_ct -> init_conntrack -> __nf_conntrack_alloc.
AFAICS, the -ENOMEM is propagated back to nf_conntrack_in, where ret
will be set to NF_DROP.
The important point is resolve_normal_ct() return value;
on NULL the packet would be untracked.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] netfilter: better wording for table-full message
2011-08-23 13:25 ` Florian Westphal
@ 2011-08-23 16:19 ` Stephen Clark
2011-08-24 7:28 ` Patrick McHardy
1 sibling, 0 replies; 4+ messages in thread
From: Stephen Clark @ 2011-08-23 16:19 UTC (permalink / raw)
To: Florian Westphal
Cc: Jan Engelhardt, Patrick McHardy, hawk, Netfilter Developer Mailing List
On 08/23/2011 09:25 AM, Florian Westphal wrote:
> Jan Engelhardt<jengelh@medozas.de> wrote:
>
>> parent ad146381889371c2d1b89b27d9dc70ae257fc1c8 (v3.1-rc2-2-gad14638)
>> commit 51b33b93d4c2e6c63afb177158f660fd17daf47c
>> Author: Jan Engelhardt<jengelh@medozas.de>
>> Date: Tue Aug 23 15:07:00 2011 +0200
>>
>> netfilter: better wording for table-full message
>> - "nf_conntrack: table full, dropping"
>> - " packet.\n");
>> + "nf_conntrack: table full, no new "
>> + "CT created, packet will have "
>> + "classification INVALID.\n");
>>
> packets seem to be dropped after all; call chain is:
>
> nf_conntrack_in -> resolve_normal_ct -> init_conntrack -> __nf_conntrack_alloc.
>
> AFAICS, the -ENOMEM is propagated back to nf_conntrack_in, where ret
> will be set to NF_DROP.
>
> The important point is resolve_normal_ct() return value;
> on NULL the packet would be untracked.
>
>
Should there be some kind of hint on how to increase the table size?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] netfilter: better wording for table-full message
2011-08-23 13:25 ` Florian Westphal
2011-08-23 16:19 ` Stephen Clark
@ 2011-08-24 7:28 ` Patrick McHardy
1 sibling, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2011-08-24 7:28 UTC (permalink / raw)
To: Florian Westphal; +Cc: Jan Engelhardt, hawk, Netfilter Developer Mailing List
Am 23.08.2011 15:25, schrieb Florian Westphal:
> Jan Engelhardt <jengelh@medozas.de> wrote:
>> parent ad146381889371c2d1b89b27d9dc70ae257fc1c8 (v3.1-rc2-2-gad14638)
>> commit 51b33b93d4c2e6c63afb177158f660fd17daf47c
>> Author: Jan Engelhardt <jengelh@medozas.de>
>> Date: Tue Aug 23 15:07:00 2011 +0200
>>
>> netfilter: better wording for table-full message
>> - "nf_conntrack: table full, dropping"
>> - " packet.\n");
>> + "nf_conntrack: table full, no new "
>> + "CT created, packet will have "
>> + "classification INVALID.\n");
>
> packets seem to be dropped after all; call chain is:
>
> nf_conntrack_in -> resolve_normal_ct -> init_conntrack -> __nf_conntrack_alloc.
>
> AFAICS, the -ENOMEM is propagated back to nf_conntrack_in, where ret
> will be set to NF_DROP.
Right, I was following the !ct path.
> The important point is resolve_normal_ct() return value;
> on NULL the packet would be untracked.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-08-24 7:28 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-08-23 13:07 [PATCH] netfilter: better wording for table-full message Jan Engelhardt
2011-08-23 13:25 ` Florian Westphal
2011-08-23 16:19 ` Stephen Clark
2011-08-24 7:28 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.