lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250429132921.GA4721@breakpoint.cc>
Date: Tue, 29 Apr 2025 15:29:21 +0200
From: Florian Westphal <fw@...len.de>
To: avimalin@...il.com
Cc: vimal.agrawal@...hos.com, linux-kernel@...r.kernel.org,
	pablo@...filter.org, netfilter-devel@...r.kernel.org, fw@...len.de,
	anirudh.gupta@...hos.com
Subject: Re: [PATCH v1] nf_conntrack: sysctl: expose gc worker scan interval
 via sysctl

avimalin@...il.com <avimalin@...il.com> wrote:
> diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
> index 2f666751c7e7..480ff9a6f185 100644
> --- a/net/netfilter/nf_conntrack_standalone.c
> +++ b/net/netfilter/nf_conntrack_standalone.c
> @@ -559,6 +559,7 @@ enum nf_ct_sysctl_index {
>  #ifdef CONFIG_NF_CONNTRACK_TIMESTAMP
>  	NF_SYSCTL_CT_TIMESTAMP,
>  #endif
> +	NF_SYSCTL_CT_GC_SCAN_INTERVAL_INIT,
>  	NF_SYSCTL_CT_PROTO_TIMEOUT_GENERIC,
>  	NF_SYSCTL_CT_PROTO_TIMEOUT_TCP_SYN_SENT,
>  	NF_SYSCTL_CT_PROTO_TIMEOUT_TCP_SYN_RECV,
> @@ -691,6 +692,13 @@ static struct ctl_table nf_ct_sysctl_table[] = {
>  		.extra2 	= SYSCTL_ONE,
>  	},
>  #endif
> +	[NF_SYSCTL_CT_GC_SCAN_INTERVAL_INIT] = {
> +		.procname	= "nf_conntrack_gc_scan_interval_init",
> +		.data		= &nf_conntrack_gc_scan_interval_init,
> +		.maxlen		= sizeof(unsigned int),
> +		.mode		= 0644,
> +		.proc_handler	= proc_dointvec_jiffies,
> +	},
>  	[NF_SYSCTL_CT_PROTO_TIMEOUT_GENERIC] = {
>  		.procname	= "nf_conntrack_generic_timeout",
>  		.maxlen		= sizeof(unsigned int),

I think you'll need to add NF_SYSCTL_CT_GC_SCAN_INTERVAL_INIT to
the

 /* Don't allow non-init_net ns to alter global sysctls */
 if (!net_eq(&init_net, net)) {

branch in nf_conntrack_standalone_init_sysctl().

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ