netfilter: ctnetlink: export nf_conntrack_max

IPCTNL_MSG_CT_GET_STATS netlink command allow to monitor current number of conntrack entries. However, if one wants to compare it with the maximum (and detect exhaustion), the only solution is currently to read sysctl value. This patch add nf_conntrack_max value in netlink message, and simplify monitoring for application built on netlink API. Signed-off-by: Florent Fourcot <florent.fourcot@wifirst.fr> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florent Fourcot <florent.fourcot@wifirst.fr> 2018-05-06 16:30:14 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-05-07 00:04:02 +0200
commit: 538c5672be6d67b7b10c15701588e20617374973 (patch)
tree: 1781bcc0453ea536af4ad4c69e5e7016d631406b /include
parent: bfb15f2a95cbbc548b59abf8007d0fdb35fdfee5 (diff)
download: linux-538c5672be6d67b7b10c15701588e20617374973.tar.bz2
1 files changed, 1 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nfnetlink_conntrack.h b/include/uapi/linux/netfilter/nfnetlink_conntrack.h
index 77987111cab0..1d41810d17e2 100644
--- a/include/uapi/linux/netfilter/nfnetlink_conntrack.h
+++ b/include/uapi/linux/netfilter/nfnetlink_conntrack.h
@@ -262,6 +262,7 @@ enum ctattr_stats_cpu {
 enum ctattr_stats_global {
 	CTA_STATS_GLOBAL_UNSPEC,
 	CTA_STATS_GLOBAL_ENTRIES,
+	CTA_STATS_GLOBAL_MAX_ENTRIES,
 	__CTA_STATS_GLOBAL_MAX,
 };
 #define CTA_STATS_GLOBAL_MAX (__CTA_STATS_GLOBAL_MAX - 1)
author	Florent Fourcot <florent.fourcot@wifirst.fr>	2018-05-06 16:30:14 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-05-07 00:04:02 +0200
commit	538c5672be6d67b7b10c15701588e20617374973 (patch)
tree	1781bcc0453ea536af4ad4c69e5e7016d631406b /include
parent	bfb15f2a95cbbc548b59abf8007d0fdb35fdfee5 (diff)
download	linux-538c5672be6d67b7b10c15701588e20617374973.tar.bz2