netfilter: conntrack: table full detailed log

Add the netns field in the "nf_conntrack: table full, dropping packet" log to help locate the specific netns when the table is full. Signed-off-by: lvxiafei <lvxiafei@sensetime.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: lvxiafei <lvxiafei@sensetime.com> 2025-05-22 17:19:54 +0800
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2025-07-25 18:35:30 +0200
commit: aa5840167780a315f8a050b77f41acb852465e2d (patch)
tree: af6abb8c98c8169b247afd54a1b3037d1f90e5c8
parent: Merge branch 'selftests-drv-net-fix-and-improve-command-requirement-checking' (diff)
download: wireguard-linux-aa5840167780a315f8a050b77f41acb852465e2d.tar.xz
wireguard-linux-aa5840167780a315f8a050b77f41acb852465e2d.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 2a90945aef89..fbd901b3b7ce 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1673,7 +1673,11 @@ __nf_conntrack_alloc(struct net *net,
 			if (!conntrack_gc_work.early_drop)
 				conntrack_gc_work.early_drop = true;
 			atomic_dec(&cnet->count);
-			net_warn_ratelimited("nf_conntrack: table full, dropping packet\n");
+			if (net == &init_net)
+				net_warn_ratelimited("nf_conntrack: table full, dropping packet\n");
+			else
+				net_warn_ratelimited("nf_conntrack: table full in netns %u, dropping packet\n",
+						     net->ns.inum);
 			return ERR_PTR(-ENOMEM);
 		}
 	}
author	lvxiafei <lvxiafei@sensetime.com>	2025-05-22 17:19:54 +0800
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2025-07-25 18:35:30 +0200
commit	aa5840167780a315f8a050b77f41acb852465e2d (patch)
tree	af6abb8c98c8169b247afd54a1b3037d1f90e5c8
parent	Merge branch 'selftests-drv-net-fix-and-improve-command-requirement-checking' (diff)
download	wireguard-linux-aa5840167780a315f8a050b77f41acb852465e2d.tar.xz wireguard-linux-aa5840167780a315f8a050b77f41acb852465e2d.zip