netfilter: nf_conntrack: account packets drop by tcp_packet()

Since tcp_packet() may return -NF_DROP in two situations, the packet-drop stats must be increased. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2009-02-24 14:48:01 +0100
committer: Patrick McHardy <kaber@trash.net> 2009-02-24 14:48:01 +0100
commit: 7d1e04598e5e92527840b6889fb75b4b30fdd33b (patch)
tree: 3f51683922f948ff96ba81c95b0cad53f1d7b52c /net/netfilter
parent: netfilter: ip_tables: unfold two critical loops in ip_packet_match() (diff)
download: linux-dev-7d1e04598e5e92527840b6889fb75b4b30fdd33b.tar.xz
linux-dev-7d1e04598e5e92527840b6889fb75b4b30fdd33b.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 2235432c59d1..ebc275600125 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -734,6 +734,8 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
 		nf_conntrack_put(skb->nfct);
 		skb->nfct = NULL;
 		NF_CT_STAT_INC_ATOMIC(net, invalid);
+		if (ret == -NF_DROP)
+			NF_CT_STAT_INC_ATOMIC(net, drop);
 		return -ret;
 	}
author	Pablo Neira Ayuso <pablo@netfilter.org>	2009-02-24 14:48:01 +0100
committer	Patrick McHardy <kaber@trash.net>	2009-02-24 14:48:01 +0100
commit	7d1e04598e5e92527840b6889fb75b4b30fdd33b (patch)
tree	3f51683922f948ff96ba81c95b0cad53f1d7b52c /net/netfilter
parent	netfilter: ip_tables: unfold two critical loops in ip_packet_match() (diff)
download	linux-dev-7d1e04598e5e92527840b6889fb75b4b30fdd33b.tar.xz linux-dev-7d1e04598e5e92527840b6889fb75b4b30fdd33b.zip