netfilter: nf_defrag_ipv6: allow nf_conntrack_frag6_high_thresh increases

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Currently, net.netfilter.nf_conntrack_frag6_high_thresh can only be lowered.

I found this issue while investigating a probable kernel issue
causing flakes in tools/testing/selftests/net/ip_defrag.sh

In particular, these sysctl changes were ignored:
ip netns exec "${NETNS}" sysctl -w net.netfilter.nf_conntrack_frag6_high_thresh=9000000 >/dev/null 2>&1
ip netns exec "${NETNS}" sysctl -w net.netfilter.nf_conntrack_frag6_low_thresh=7000000 >/dev/null 2>&1

This change is inline with commit 836196239298 ("net/ipfrag: let ip[6]frag_high_thresh
in ns be higher than in init_net")

Fixes: 8db3d41569bb ("netfilter: nf_defrag_ipv6: use net_generic infra")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Eric Dumazet and committed by

Pablo Neira Ayuso 3 years ago 00cd7bf9 9afb4b27

-1

1 changed file

expand all

net

ipv6

netfilter

nf_conntrack_reasm.c

-1

net/ipv6/netfilter/nf_conntrack_reasm.c

··· 86 86 table[1].extra2 = &nf_frag->fqdir->high_thresh; 87 87 table[2].data = &nf_frag->fqdir->high_thresh; 88 88 table[2].extra1 = &nf_frag->fqdir->low_thresh; 89 - table[2].extra2 = &nf_frag->fqdir->high_thresh; 90 89 91 90 hdr = register_net_sysctl(net, "net/netfilter", table); 92 91 if (hdr == NULL)