[Devel] [PATCH rh9 11/11] ve/netfilter: ve_printk for "nf_conntrack: table full"

Konstantin Khorenko khorenko at virtuozzo.com
Wed Sep 29 22:24:47 MSK 2021 

From: Vasily Averin <vvs at odin.com>

port of diff-ve-printk-conntrack-tables-full from rh6-based kernels

"nf_conntrack: table full, dropping packet" message
should be visible both in CT and on HN and
should contain CTID for reading simplicity.

https://bugzilla.openvz.org/show_bug.cgi?id=2940

Signed-off-by: Vasily Averin <vvs at openvz.org>

(cherry picked from vz8 commit f365fd69413efb39ae1362e59f8539c65c6f8457)
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
 net/netfilter/nf_conntrack_core.c   | 6 +++++-
 net/netfilter/nf_conntrack_expect.c | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index d31dbccbe7bd..68209532f0be 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -53,6 +53,8 @@
 #include <net/netns/hash.h>
 #include <net/ip.h>
 
+#include <linux/ve.h>
+
 #include "nf_internals.h"
 
 __cacheline_aligned_in_smp spinlock_t nf_conntrack_locks[CONNTRACK_LOCKS];
@@ -1478,7 +1480,9 @@ __nf_conntrack_alloc(struct net *net,
 			if (!conntrack_gc_work.early_drop)
 				conntrack_gc_work.early_drop = true;
 			atomic_dec(&cnet->count);
-			net_warn_ratelimited("nf_conntrack: table full, dropping packet\n");
+			net_veboth_ratelimited(KERN_WARNING "VE%s: "
+						"nf_conntrack table full, dropping packet\n",
+						net->owner_ve->ve_name);
 			return ERR_PTR(-ENOMEM);
 		}
 	}
diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index 13c071fbe2ef..5523aa53492b 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -32,6 +32,8 @@
 #include <net/netfilter/nf_conntrack_tuple.h>
 #include <net/netfilter/nf_conntrack_zones.h>
 
+#include <linux/ve.h>
+
 unsigned int nf_ct_expect_hsize __read_mostly;
 EXPORT_SYMBOL_GPL(nf_ct_expect_hsize);
 
@@ -468,7 +470,9 @@ static inline int __nf_ct_expect_check(struct nf_conntrack_expect *expect,
 
 	cnet = nf_ct_pernet(net);
 	if (cnet->expect_count >= nf_ct_expect_max) {
-		net_warn_ratelimited("nf_conntrack: expectation table full\n");
+		net_veboth_ratelimited(KERN_WARNING "VE%s "
+					"nf_conntrack: expectation table full\n",
+					net->owner_ve->ve_name);
 		ret = -EMFILE;
 	}
 out:
-- 
2.28.0

More information about the Devel mailing list