netfilter: ctnetlink: export nf_conntrack_max

IPCTNL_MSG_CT_GET_STATS netlink command allow to monitor current number of conntrack entries. However, if one wants to compare it with the maximum (and detect exhaustion), the only solution is currently to read sysctl value. This patch add nf_conntrack_max value in netlink message, and simplify monitoring for application built on netlink API. Signed-off-by: Florent Fourcot <florent.fourcot@wifirst.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florent Fourcot <florent.fourcot@wifirst.fr> 2018-05-06 16:30:14 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-05-07 00:04:02 +0200
commit: 538c5672be6d67b7b10c15701588e20617374973 (patch)
tree: 1781bcc0453ea536af4ad4c69e5e7016d631406b /net/netfilter/nf_conntrack_core.c
parent: bfb15f2a95cbbc548b59abf8007d0fdb35fdfee5 (diff)
download: linux-538c5672be6d67b7b10c15701588e20617374973.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 41ff04ee2554a..6054417270084 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -186,6 +186,7 @@ unsigned int nf_conntrack_htable_size __read_mostly;
 EXPORT_SYMBOL_GPL(nf_conntrack_htable_size);
 
 unsigned int nf_conntrack_max __read_mostly;
+EXPORT_SYMBOL_GPL(nf_conntrack_max);
 seqcount_t nf_conntrack_generation __read_mostly;
 static unsigned int nf_conntrack_hash_rnd __read_mostly;
author	Florent Fourcot <florent.fourcot@wifirst.fr>	2018-05-06 16:30:14 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-05-07 00:04:02 +0200
commit	538c5672be6d67b7b10c15701588e20617374973 (patch)
tree	1781bcc0453ea536af4ad4c69e5e7016d631406b /net/netfilter/nf_conntrack_core.c
parent	bfb15f2a95cbbc548b59abf8007d0fdb35fdfee5 (diff)
download	linux-538c5672be6d67b7b10c15701588e20617374973.tar.gz