diff options
author | Florian Westphal <fw@strlen.de> | 2020-08-26 01:52:44 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-08-28 20:51:26 +0300 |
commit | bc92470413f3af152db0d8f90ef3eb13f8cc417a (patch) | |
tree | 90fafe6916c11e0944b2802ead68d954ddd6b178 /net/netfilter/nf_conntrack_netlink.c | |
parent | 4afc41dfa5a716e9e7a90c22972583f337c0bcbf (diff) | |
download | linux-bc92470413f3af152db0d8f90ef3eb13f8cc417a.tar.xz |
netfilter: conntrack: add clash resolution stat counter
There is a misconception about what "insert_failed" means.
We increment this even when a clash got resolved, so it might not indicate
a problem.
Add a dedicated counter for clash resolution and only increment
insert_failed if a clash cannot be resolved.
For the old /proc interface, export this in place of an older stat
that got removed a while back.
For ctnetlink, export this with a new attribute.
Also correct an outdated comment that implies we add a duplicate tuple --
we only add the (unique) reply direction.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_conntrack_netlink.c')
-rw-r--r-- | net/netfilter/nf_conntrack_netlink.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c index c64f23a8f373..89d99f6dfd0a 100644 --- a/net/netfilter/nf_conntrack_netlink.c +++ b/net/netfilter/nf_conntrack_netlink.c @@ -2516,7 +2516,9 @@ ctnetlink_ct_stat_cpu_fill_info(struct sk_buff *skb, u32 portid, u32 seq, nla_put_be32(skb, CTA_STATS_EARLY_DROP, htonl(st->early_drop)) || nla_put_be32(skb, CTA_STATS_ERROR, htonl(st->error)) || nla_put_be32(skb, CTA_STATS_SEARCH_RESTART, - htonl(st->search_restart))) + htonl(st->search_restart)) || + nla_put_be32(skb, CTA_STATS_CLASH_RESOLVE, + htonl(st->clash_resolve))) goto nla_put_failure; nlmsg_end(skb, nlh); |