summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2008-12-22 13:03:55 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2008-12-22 13:03:55 +0100
commita6281c6f10110bf64e51c04a37c0fe9f9508482e (patch)
tree6db20e9d06c7f22b50ff43144e67ca5d73ad6d0f
parentf90efb777e087ed2c24af080cb033a256969e766 (diff)
downloadconntrack-tools-a6281c6f10110bf64e51c04a37c0fe9f9508482e.tar.gz
conntrack-tools-a6281c6f10110bf64e51c04a37c0fe9f9508482e.zip
cache: fix ENOSPC errors due to over-population of inactive entries
This patch fixes a problem that can result in cache over-population with inactive entries due to mismatching in the comparison. This may result in lots of ENOSPC errors while trying to add new entries to the internal cache. We may have entries in the internal cache that with the same original tuple, but different reply tuple due to NAT port adjustment. Thus, the comparison that happens during the entry hashtable lookup fails and we add a new entry while keeping the old one. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/cache.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cache.c b/src/cache.c
index 6106d28..525832b 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -88,7 +88,7 @@ static int compare(const void *data1, const void *data2)
const struct us_conntrack *u1 = data1;
const struct us_conntrack *u2 = data2;
- return nfct_cmp(u1->ct, u2->ct, NFCT_CMP_ORIG | NFCT_CMP_REPL);
+ return nfct_cmp(u1->ct, u2->ct, NFCT_CMP_ORIG);
}
struct cache_feature *cache_feature[CACHE_MAX_FEATURE] = {