diff options
| author |   Jesper Dangaard Brouer <hawk@comx.dk> | 2010-04-23 12:34:56 +0200 |
|---|---|---|
| committer |   Patrick McHardy <kaber@trash.net> | 2010-04-23 12:34:56 +0200 |
| commit | af740b2c8f4521e2c45698ee6040941a82d6349d (patch) | |
| tree | ae9fb87ebbfd422b07cb8e027fbe13e9c40c403e /net/netfilter/nf_conntrack_standalone.c | |
| parent | netfilter: ip_tables: convert pr_devel() to pr_debug() (diff) | |
| download | linux-dev-af740b2c8f4521e2c45698ee6040941a82d6349d.tar.xz linux-dev-af740b2c8f4521e2c45698ee6040941a82d6349d.zip | |
netfilter: nf_conntrack: extend with extra stat counter
I suspect an unfortunatly series of events occuring under a DDoS
attack, in function __nf_conntrack_find() nf_contrack_core.c.
Adding a stats counter to see if the search is restarted too often.
Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/nf_conntrack_standalone.c')
| -rw-r--r-- | net/netfilter/nf_conntrack_standalone.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index faa8eb3722b9..ea4a8d384234 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -252,12 +252,12 @@ static int ct_cpu_seq_show(struct seq_file *seq, void *v) const struct ip_conntrack_stat *st = v; if (v == SEQ_START_TOKEN) { - seq_printf(seq, "entries searched found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error expect_new expect_create expect_delete\n"); + seq_printf(seq, "entries searched found new invalid ignore delete delete_list insert insert_failed drop early_drop icmp_error expect_new expect_create expect_delete search_restart\n"); return 0; } seq_printf(seq, "%08x %08x %08x %08x %08x %08x %08x %08x " - "%08x %08x %08x %08x %08x %08x %08x %08x \n", + "%08x %08x %08x %08x %08x %08x %08x %08x %08x\n", nr_conntracks, st->searched, st->found, @@ -274,7 +274,8 @@ static int ct_cpu_seq_show(struct seq_file *seq, void *v) st->expect_new, st->expect_create, - st->expect_delete + st->expect_delete, + st->search_restart ); return 0; } |