netfilter: conntrack: table full detailed log

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add the netns field in the "nf_conntrack: table full, dropping packet"
log to help locate the specific netns when the table is full.

Signed-off-by: lvxiafei <lvxiafei@sensetime.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

lvxiafei and committed by

Pablo Neira Ayuso 8 months ago aa584016 faa60990

+5 -1

1 changed file

expand all

net

netfilter

nf_conntrack_core.c

+5 -1

net/netfilter/nf_conntrack_core.c

··· 1673 1673 if (!conntrack_gc_work.early_drop) 1674 1674 conntrack_gc_work.early_drop = true; 1675 1675 atomic_dec(&cnet->count); 1676 - net_warn_ratelimited("nf_conntrack: table full, dropping packet\n"); 1676 + if (net == &init_net) 1677 + net_warn_ratelimited("nf_conntrack: table full, dropping packet\n"); 1678 + else 1679 + net_warn_ratelimited("nf_conntrack: table full in netns %u, dropping packet\n", 1680 + net->ns.inum); 1677 1681 return ERR_PTR(-ENOMEM); 1678 1682 } 1679 1683 }