summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHarald Welte <laforge@netfilter.org>2004-09-23 00:34:29 -0700
committerDavid S. Miller <davem@kernel.bkbits.net>2004-09-23 00:34:29 -0700
commit6c7dd95fa77ce9545f85d0f708ef6d09f4b55bde (patch)
tree21f7b0eed687f5d1fbba074248d10cd6da992424
parent2cda28821a831dae6d9bd56cc7e8ee95a7fd181a (diff)
[NETFILTER]: add sysctl to read out the number of current connections
Apparently a lot of scripts use a construct like cat /proc/net/ip_conntrack | wc -l which has a negative impact on system performance due to all the locking required. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat
-rw-r--r--include/linux/sysctl.h1
-rw-r--r--net/ipv4/netfilter/ip_conntrack_standalone.c8
2 files changed, 9 insertions, 0 deletions
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index bec509e874de..e55ff44180b8 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -424,6 +424,7 @@ enum
NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_SENT=24,
NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_RECD=25,
NET_IPV4_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_ACK_SENT=26,
+ NET_IPV4_NF_CONNTRACK_COUNT=27,
};
/* /proc/sys/net/ipv6 */
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
index f3aaf0487cc6..195f7b2662e9 100644
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -516,6 +516,14 @@ static ctl_table ip_ct_sysctl_table[] = {
.proc_handler = &proc_dointvec,
},
{
+ .ctl_name = NET_IPV4_NF_CONNTRACK_COUNT,
+ .procname = "ip_conntrack_count",
+ .data = &ip_conntrack_count,
+ .maxlen = sizeof(int),
+ .mode = 0444,
+ .proc_handler = &proc_dointvec,
+ },
+ {
.ctl_name = NET_IPV4_NF_CONNTRACK_BUCKETS,
.procname = "ip_conntrack_buckets",
.data = &ip_conntrack_htable_size,
generated by cgit v1.2.3 (git 2.46.0) at 2026-02-08 00:55:30 +0000