[conntrack-tools] cache: fix ENOSPC errors due to over-population of inactive entries

Pablo Neira netfilter-cvslog-bounces at lists.netfilter.org
Mon Dec 22 13:04:17 CET 2008 

Gitweb:		http://git.netfilter.org/cgi-bin/gitweb.cgi?p=conntrack-tools.git;a=commit;h=a6281c6f10110bf64e51c04a37c0fe9f9508482e
commit a6281c6f10110bf64e51c04a37c0fe9f9508482e
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Mon Dec 22 13:03:55 2008 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Mon Dec 22 13:03:55 2008 +0100

    cache: fix ENOSPC errors due to over-population of inactive entries
    
    This patch fixes a problem that can result in cache over-population
    with inactive entries due to mismatching in the comparison. This
    may result in lots of ENOSPC errors while trying to add new entries
    to the internal cache.
    
    We may have entries in the internal cache that with the same
    original tuple, but different reply tuple due to NAT port
    adjustment. Thus, the comparison that happens during the entry
    hashtable lookup fails and we add a new entry while keeping
    the old one.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit f90efb777e087ed2c24af080cb033a256969e766
Author:     Pablo Neira Ayuso <pablo at netfilter.org>
AuthorDate: Mon Dec 22 12:45:58 2008 +0100
Commit:     Pablo Neira Ayuso <pablo at netfilter.org>
CommitDate: Mon Dec 22 12:45:58 2008 +0100

    cache_iterators: add total entries available in the cache to stats
    
    This patch adds the total number of entries currently living in the
    cache. Currently, we have two type of entries, active and inactive.
    The inactive ones talk about an ended connection. This is useful for
    trouble-shooting if we hit enospc when adding new entries.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
       via  a6281c6f10110bf64e51c04a37c0fe9f9508482e (commit)
       via  f90efb777e087ed2c24af080cb033a256969e766 (commit)
      from  c7243650c18ec4317a0897e9b406193854955201 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a6281c6f10110bf64e51c04a37c0fe9f9508482e
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Mon Dec 22 13:03:55 2008 +0100

    cache: fix ENOSPC errors due to over-population of inactive entries
    
    This patch fixes a problem that can result in cache over-population
    with inactive entries due to mismatching in the comparison. This
    may result in lots of ENOSPC errors while trying to add new entries
    to the internal cache.
    
    We may have entries in the internal cache that with the same
    original tuple, but different reply tuple due to NAT port
    adjustment. Thus, the comparison that happens during the entry
    hashtable lookup fails and we add a new entry while keeping
    the old one.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

commit f90efb777e087ed2c24af080cb033a256969e766
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Mon Dec 22 12:45:58 2008 +0100

    cache_iterators: add total entries available in the cache to stats
    
    This patch adds the total number of entries currently living in the
    cache. Currently, we have two type of entries, active and inactive.
    The inactive ones talk about an ended connection. This is useful for
    trouble-shooting if we hit enospc when adding new entries.
    
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

-----------------------------------------------------------------------

 src/cache.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)
This patch adds the total number of entries currently living in the
cache. Currently, we have two type of entries, active and inactive.
The inactive ones talk about an ended connection. This is useful for
trouble-shooting if we hit enospc when adding new entries.

Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>

diff --git a/src/cache.c b/src/cache.c
index 5e7d738..6106d28 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -455,7 +455,7 @@ void cache_stats_extended(const struct cache *c, int fd)
 	int size;
 
 	size = snprintf(buf, sizeof(buf),
-			    "cache:%s\tactive connections:\t%12u\n"
+			    "cache:%s\tactive/total entries:\t%12u/%12u\n"
 			    "\tcreation OK:\t\t\t%12u\n"
 			    "\tcreation failed:\t\t%12u\n"
 			    "\t\tno memory available:\t%12u\n"
@@ -467,7 +467,7 @@ void cache_stats_extended(const struct cache *c, int fd)
 			    "\tdeletion failed:\t\t%12u\n"
 			    "\t\tentry not found:\t%12u\n",
 			    c->name,
-			    c->stats.active,
+			    c->stats.active, hashtable_counter(c->h),
 			    c->stats.add_ok,
 			    c->stats.add_fail,
 			    c->stats.add_fail_enomem,

More information about the netfilter-cvslog mailing list