conntrack-tools-1.4.5-17.el9

- conntrackd: set default hashtable buckets and max entries if not specified

Resolves: rhbz#2126627
This commit is contained in:
Phil Sutter 2022-11-29 22:00:52 +01:00
parent f3deedded7
commit e87baa7117
2 changed files with 43 additions and 1 deletions

View File

@ -0,0 +1,38 @@
From b304d193f869c9ac9526d88dc82f7e94a7cb8cd5 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 8 Mar 2021 16:29:25 +0100
Subject: [PATCH] conntrackd: set default hashtable buckets and max entries if
not specified
Fall back to 65536 buckets and 262144 entries.
It would be probably good to add code to autoadjust by reading
/proc/sys/net/netfilter/nf_conntrack_buckets and
/proc/sys/net/nf_conntrack_max.
Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1491
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit 3276471d23d4d96d55e9a0fb7a10983d8097dc45)
---
src/read_config_yy.y | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/read_config_yy.y b/src/read_config_yy.y
index d208a6a0617cf..dc67d11952901 100644
--- a/src/read_config_yy.y
+++ b/src/read_config_yy.y
@@ -1780,5 +1780,11 @@ init_config(char *filename)
NF_NETLINK_CONNTRACK_DESTROY;
}
+ /* default hashtable buckets and maximum number of entries */
+ if (!CONFIG(hashsize))
+ CONFIG(hashsize) = 65536;
+ if (!CONFIG(limit))
+ CONFIG(limit) = 262144;
+
return 0;
}
--
2.38.0

View File

@ -1,6 +1,6 @@
Name: conntrack-tools Name: conntrack-tools
Version: 1.4.5 Version: 1.4.5
Release: 16%{?dist} Release: 17%{?dist}
Summary: Manipulate netfilter connection tracking table and run High Availability Summary: Manipulate netfilter connection tracking table and run High Availability
License: GPLv2 License: GPLv2
URL: http://conntrack-tools.netfilter.org/ URL: http://conntrack-tools.netfilter.org/
@ -27,6 +27,7 @@ Patch16: 0016-connntrack-Fix-for-memleak-when-parsing-j-arg.patch
Patch17: 0017-src-fix-strncpy-Wstringop-truncation-warnings.patch Patch17: 0017-src-fix-strncpy-Wstringop-truncation-warnings.patch
Patch18: 0018-conntrack-fix-compiler-warnings.patch Patch18: 0018-conntrack-fix-compiler-warnings.patch
Patch19: 0019-local-Avoid-sockaddr_un-sun_path-buffer-overflow.patch Patch19: 0019-local-Avoid-sockaddr_un-sun_path-buffer-overflow.patch
Patch20: 0020-conntrackd-set-default-hashtable-buckets-and-max-ent.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.7 BuildRequires: libnfnetlink-devel >= 1.0.1, libnetfilter_conntrack-devel >= 1.0.7
@ -107,6 +108,9 @@ install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/conntrackd/
%systemd_postun conntrackd.service %systemd_postun conntrackd.service
%changelog %changelog
* Tue Nov 29 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-17
- conntrackd: set default hashtable buckets and max entries if not specified
* Tue Sep 06 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-16 * Tue Sep 06 2022 Phil Sutter <psutter@redhat.com> - 1.4.5-16
- local: Avoid sockaddr_un::sun_path buffer overflow - local: Avoid sockaddr_un::sun_path buffer overflow