diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-12-22 13:03:55 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-12-22 13:03:55 +0100 |
commit | a6281c6f10110bf64e51c04a37c0fe9f9508482e (patch) | |
tree | 6db20e9d06c7f22b50ff43144e67ca5d73ad6d0f | |
parent | f90efb777e087ed2c24af080cb033a256969e766 (diff) | |
download | conntrack-tools-a6281c6f10110bf64e51c04a37c0fe9f9508482e.tar.gz conntrack-tools-a6281c6f10110bf64e51c04a37c0fe9f9508482e.zip |
cache: fix ENOSPC errors due to over-population of inactive entries
This patch fixes a problem that can result in cache over-population
with inactive entries due to mismatching in the comparison. This
may result in lots of ENOSPC errors while trying to add new entries
to the internal cache.
We may have entries in the internal cache that with the same
original tuple, but different reply tuple due to NAT port
adjustment. Thus, the comparison that happens during the entry
hashtable lookup fails and we add a new entry while keeping
the old one.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/cache.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/cache.c b/src/cache.c index 6106d28..525832b 100644 --- a/src/cache.c +++ b/src/cache.c @@ -88,7 +88,7 @@ static int compare(const void *data1, const void *data2) const struct us_conntrack *u1 = data1; const struct us_conntrack *u2 = data2; - return nfct_cmp(u1->ct, u2->ct, NFCT_CMP_ORIG | NFCT_CMP_REPL); + return nfct_cmp(u1->ct, u2->ct, NFCT_CMP_ORIG); } struct cache_feature *cache_feature[CACHE_MAX_FEATURE] = { |