authorPablo Neira Ayuso <>2008-12-22 13:03:55 +0100
committerPablo Neira Ayuso <>2008-12-22 13:03:55 +0100
cache: fix ENOSPC errors due to over-population of inactive entries
This patch fixes a problem that can result in cache over-population with inactive entries due to mismatching in the comparison. This may result in lots of ENOSPC errors while trying to add new entries to the internal cache. We may have entries in the internal cache that with the same original tuple, but different reply tuple due to NAT port adjustment. Thus, the comparison that happens during the entry hashtable lookup fails and we add a new entry while keeping the old one. Signed-off-by: Pablo Neira Ayuso <>
@@ -88,7 +88,7 @@ static int compare(const void *data1, const void *data2)
const struct us_conntrack *u1 = data1;
const struct us_conntrack *u2 = data2;
- return nfct_cmp(u1->ct, u2->ct, NFCT_CMP_ORIG | NFCT_CMP_REPL);
+ return nfct_cmp(u1->ct, u2->ct, NFCT_CMP_ORIG);
