Commit 1db7a748 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Patrick McHardy

netfilter: conntrack: increase drop stats if sequence adjustment fails

This patch increases the statistics of packets drop if the sequence
adjustment fails in ipv4_confirm().
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 67c0d579
...@@ -120,9 +120,11 @@ static unsigned int ipv4_confirm(unsigned int hooknum, ...@@ -120,9 +120,11 @@ static unsigned int ipv4_confirm(unsigned int hooknum,
typeof(nf_nat_seq_adjust_hook) seq_adjust; typeof(nf_nat_seq_adjust_hook) seq_adjust;
seq_adjust = rcu_dereference(nf_nat_seq_adjust_hook); seq_adjust = rcu_dereference(nf_nat_seq_adjust_hook);
if (!seq_adjust || !seq_adjust(skb, ct, ctinfo)) if (!seq_adjust || !seq_adjust(skb, ct, ctinfo)) {
NF_CT_STAT_INC_ATOMIC(nf_ct_net(ct), drop);
return NF_DROP; return NF_DROP;
} }
}
out: out:
/* We've seen it coming out the other side: confirm it */ /* We've seen it coming out the other side: confirm it */
return nf_conntrack_confirm(skb); return nf_conntrack_confirm(skb);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment