Skip to content

Commit

Permalink
netfilter: conntrack: fix reading nf_conntrack_buckets
Browse files Browse the repository at this point in the history
commit f6351c3 upstream.

The old way of changing the conntrack hashsize runtime was through changing
the module param via file /sys/module/nf_conntrack/parameters/hashsize. This
was extended to sysctl change in commit 3183ab8 ("netfilter: conntrack:
allow increasing bucket size via sysctl too").

The commit introduced second "user" variable nf_conntrack_htable_size_user
which shadow actual variable nf_conntrack_htable_size. When hashsize is
changed via module param this "user" variable isn't updated. This results in
sysctl net/netfilter/nf_conntrack_buckets shows the wrong value when users
update via the old way.

This patch fix the issue by always updating "user" variable when reading the
proc file. This will take care of changes to the actual variable without
sysctl need to be aware.

Fixes: 3183ab8 ("netfilter: conntrack: allow increasing bucket size via sysctl too")
Reported-by: Yoel Caspersen <yoel@kviknet.dk>
Signed-off-by: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  • Loading branch information
Jesper Dangaard Brouer authored and Greg Kroah-Hartman committed Jan 19, 2021
1 parent f1bf14d commit b69a79c
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions net/netfilter/nf_conntrack_standalone.c
Original file line number Diff line number Diff line change
Expand Up @@ -500,6 +500,9 @@ nf_conntrack_hash_sysctl(struct ctl_table *table, int write,
{
int ret;

/* module_param hashsize could have changed value */
nf_conntrack_htable_size_user = nf_conntrack_htable_size;

ret = proc_dointvec(table, write, buffer, lenp, ppos);
if (ret < 0 || !write)
return ret;
Expand Down

0 comments on commit b69a79c

Please sign in to comment.