netfilter: ctnetlink: dump entries from the dying and unconfirmed lists
authorPablo Neira Ayuso <pablo@netfilter.org>
Tue, 27 Nov 2012 13:49:42 +0000 (14:49 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 3 Dec 2012 14:06:52 +0000 (15:06 +0100)
commitd871befe357ccc262edbb0a4f9aeea650012edf5
treea3fd15012d471a83c58b7d1bb76a0839c6869296
parent04dac0111da7e1d284952cd415162451ffaa094d
netfilter: ctnetlink: dump entries from the dying and unconfirmed lists

This patch adds a new operation to dump the content of the dying and
unconfirmed lists.

Under some situations, the global conntrack counter can be inconsistent
with the number of entries that we can dump from the conntrack table.
The way to resolve this is to allow dumping the content of the unconfirmed
and dying lists, so far it was not possible to look at its content.

This provides some extra instrumentation to resolve problematic situations
in which anyone suspects memory leaks.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/uapi/linux/netfilter/nfnetlink_conntrack.h
net/netfilter/nf_conntrack_netlink.c