diff options
| author | Jesper Dangaard Brouer <hawk@comx.dk> | 2010-04-23 12:34:56 +0200 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-04-23 12:34:56 +0200 |
| commit | af740b2c8f4521e2c45698ee6040941a82d6349d (patch) | |
| tree | ae9fb87ebbfd422b07cb8e027fbe13e9c40c403e /net/netfilter/nf_conntrack_core.c | |
| parent | cecc74de25d2cfb08e7702cd38e3f195950f1228 (diff) | |
netfilter: nf_conntrack: extend with extra stat counter
I suspect an unfortunatly series of events occuring under a DDoS
attack, in function __nf_conntrack_find() nf_contrack_core.c.
Adding a stats counter to see if the search is restarted too often.
Signed-off-by: Jesper Dangaard Brouer <hawk@comx.dk>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/nf_conntrack_core.c')
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 0c9bbe93cc16..3907efb97a7c 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -319,8 +319,10 @@ begin: * not the expected one, we must restart lookup. * We probably met an item that was moved to another chain. */ - if (get_nulls_value(n) != hash) + if (get_nulls_value(n) != hash) { + NF_CT_STAT_INC(net, search_restart); goto begin; + } local_bh_enable(); return NULL; |