On 08/23/2011 09:25 AM, Florian Westphal wrote:
Jan Engelhardt<jengelh@xxxxxxxxxx> wrote:
parent ad146381889371c2d1b89b27d9dc70ae257fc1c8 (v3.1-rc2-2-gad14638)
commit 51b33b93d4c2e6c63afb177158f660fd17daf47c
Author: Jan Engelhardt<jengelh@xxxxxxxxxx>
Date: Tue Aug 23 15:07:00 2011 +0200
netfilter: better wording for table-full message
- "nf_conntrack: table full, dropping"
- " packet.\n");
+ "nf_conntrack: table full, no new "
+ "CT created, packet will have "
+ "classification INVALID.\n");
packets seem to be dropped after all; call chain is:
nf_conntrack_in -> resolve_normal_ct -> init_conntrack -> __nf_conntrack_alloc.
AFAICS, the -ENOMEM is propagated back to nf_conntrack_in, where ret
will be set to NF_DROP.
The important point is resolve_normal_ct() return value;
on NULL the packet would be untracked.
Should there be some kind of hint on how to increase the table size?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
