Skip to content

Commit

Permalink
---
Browse files Browse the repository at this point in the history 
yaml
---
r: 59002
b: refs/heads/master
c: f264a7d
h: refs/heads/master
v: v3
  • Loading branch information
Patrick McHardy authored and David S. Miller committed Jul 11, 2007
1 parent 983b465 commit 0a2afa9
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 2 deletions.
2 changes: 1 addition & 1 deletion [refs]
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
---
refs/heads/master: b560580a13b180bc1e3cad7ffbc93388cc39be5d
refs/heads/master: f264a7df08d50bb4a23be6a9aa06940e497ac1c4
1 change: 1 addition & 0 deletions trunk/include/net/netfilter/nf_conntrack_expect.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@

extern struct hlist_head *nf_ct_expect_hash;
extern unsigned int nf_ct_expect_hsize;
extern unsigned int nf_ct_expect_max;

struct nf_conntrack_expect
{
Expand Down
10 changes: 10 additions & 0 deletions trunk/net/netfilter/nf_conntrack_expect.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ EXPORT_SYMBOL_GPL(nf_ct_expect_hsize);

static unsigned int nf_ct_expect_hash_rnd __read_mostly;
static unsigned int nf_ct_expect_count;
unsigned int nf_ct_expect_max __read_mostly;
static int nf_ct_expect_hash_rnd_initted __read_mostly;
static int nf_ct_expect_vmalloc;

Expand Down Expand Up @@ -367,6 +368,14 @@ int nf_ct_expect_related(struct nf_conntrack_expect *expect)
master_help->expecting >= master_help->helper->max_expected)
evict_oldest_expect(master);

if (nf_ct_expect_count >= nf_ct_expect_max) {
if (net_ratelimit())
printk(KERN_WARNING
"nf_conntrack: expectation table full");
ret = -EMFILE;
goto out;
}

nf_ct_expect_insert(expect);
nf_ct_expect_event(IPEXP_NEW, expect);
ret = 0;
Expand Down Expand Up @@ -522,6 +531,7 @@ int __init nf_conntrack_expect_init(void)
if (!nf_ct_expect_hsize)
nf_ct_expect_hsize = 1;
}
nf_ct_expect_max = nf_ct_expect_hsize * 4;

nf_ct_expect_hash = nf_ct_alloc_hashtable(&nf_ct_expect_hsize,
&nf_ct_expect_vmalloc);
Expand Down
9 changes: 8 additions & 1 deletion trunk/net/netfilter/nf_conntrack_standalone.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -372,7 +372,14 @@ static ctl_table nf_ct_sysctl_table[] = {
.extra1 = &log_invalid_proto_min,
.extra2 = &log_invalid_proto_max,
},

{
.ctl_name = CTL_UNNUMBERED,
.procname = "nf_conntrack_expect_max",
.data = &nf_ct_expect_max,
.maxlen = sizeof(int),
.mode = 0644,
.proc_handler = &proc_dointvec,
},
{ .ctl_name = 0 }
};

Expand Down

0 comments on commit 0a2afa9

Please sign in to comment.