diff options
| author |   Pablo Neira Ayuso <pablo@netfilter.org> | 2012-11-27 14:49:42 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-12-03 15:06:52 +0100 |
| commit | d871befe357ccc262edbb0a4f9aeea650012edf5 (patch) | |
| tree | a3fd15012d471a83c58b7d1bb76a0839c6869296 /include/uapi/linux/netfilter | |
| parent | netfilter: nf_conntrack: improve nf_conn object traceability (diff) | |
| download | linux-dev-d871befe357ccc262edbb0a4f9aeea650012edf5.tar.xz linux-dev-d871befe357ccc262edbb0a4f9aeea650012edf5.zip | |
netfilter: ctnetlink: dump entries from the dying and unconfirmed lists
This patch adds a new operation to dump the content of the dying and
unconfirmed lists.
Under some situations, the global conntrack counter can be inconsistent
with the number of entries that we can dump from the conntrack table.
The way to resolve this is to allow dumping the content of the unconfirmed
and dying lists, so far it was not possible to look at its content.
This provides some extra instrumentation to resolve problematic situations
in which anyone suspects memory leaks.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/uapi/linux/netfilter')
| -rw-r--r-- | include/uapi/linux/netfilter/nfnetlink_conntrack.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nfnetlink_conntrack.h b/include/uapi/linux/netfilter/nfnetlink_conntrack.h index 43bfe3e1685b..86e930cf3dfb 100644 --- a/include/uapi/linux/netfilter/nfnetlink_conntrack.h +++ b/include/uapi/linux/netfilter/nfnetlink_conntrack.h @@ -9,6 +9,8 @@ enum cntl_msg_types { IPCTNL_MSG_CT_GET_CTRZERO, IPCTNL_MSG_CT_GET_STATS_CPU, IPCTNL_MSG_CT_GET_STATS, + IPCTNL_MSG_CT_GET_DYING, + IPCTNL_MSG_CT_GET_UNCONFIRMED, IPCTNL_MSG_MAX }; |