Message ID | 1491643945-8557-1-git-send-email-zlpnobody@163.com |
---|---|
State | Not Applicable |
Delegated to: | Pablo Neira |
Headers | show |
On Sat, Apr 08, 2017 at 05:32:25PM +0800, Liping Zhang wrote: > From: Liping Zhang <zlpnobody@gmail.com> > > It doesn't work when we set a large value to the nf_conntrack_max, as > well as the nf_conntrack_expect_max: > # echo 4294967295 > /proc/sys/net/nf_conntrack_max > bash: echo: write error: Invalid argument > > So convert to use proc_douintvec. Why do you want such an large amount of entries? I'm not applying this. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 2256147..7f131a3 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -479,9 +479,9 @@ static struct ctl_table nf_ct_sysctl_table[] = { { .procname = "nf_conntrack_max", .data = &nf_conntrack_max, - .maxlen = sizeof(int), + .maxlen = sizeof(unsigned int), .mode = 0644, - .proc_handler = proc_dointvec, + .proc_handler = proc_douintvec, }, { .procname = "nf_conntrack_count", @@ -516,9 +516,9 @@ static struct ctl_table nf_ct_sysctl_table[] = { { .procname = "nf_conntrack_expect_max", .data = &nf_ct_expect_max, - .maxlen = sizeof(int), + .maxlen = sizeof(unsigned int), .mode = 0644, - .proc_handler = proc_dointvec, + .proc_handler = proc_douintvec, }, { .procname = "nf_conntrack_default_on", @@ -534,9 +534,9 @@ static struct ctl_table nf_ct_netfilter_table[] = { { .procname = "nf_conntrack_max", .data = &nf_conntrack_max, - .maxlen = sizeof(int), + .maxlen = sizeof(unsigned int), .mode = 0644, - .proc_handler = proc_dointvec, + .proc_handler = proc_douintvec, }, { } };