avimalin@xxxxxxxxx <avimalin@xxxxxxxxx> wrote:
> diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
> index 2f666751c7e7..480ff9a6f185 100644
> --- a/net/netfilter/nf_conntrack_standalone.c
> +++ b/net/netfilter/nf_conntrack_standalone.c
> @@ -559,6 +559,7 @@ enum nf_ct_sysctl_index {
> #ifdef CONFIG_NF_CONNTRACK_TIMESTAMP
> NF_SYSCTL_CT_TIMESTAMP,
> #endif
> + NF_SYSCTL_CT_GC_SCAN_INTERVAL_INIT,
> NF_SYSCTL_CT_PROTO_TIMEOUT_GENERIC,
> NF_SYSCTL_CT_PROTO_TIMEOUT_TCP_SYN_SENT,
> NF_SYSCTL_CT_PROTO_TIMEOUT_TCP_SYN_RECV,
> @@ -691,6 +692,13 @@ static struct ctl_table nf_ct_sysctl_table[] = {
> .extra2 = SYSCTL_ONE,
> },
> #endif
> + [NF_SYSCTL_CT_GC_SCAN_INTERVAL_INIT] = {
> + .procname = "nf_conntrack_gc_scan_interval_init",
> + .data = &nf_conntrack_gc_scan_interval_init,
> + .maxlen = sizeof(unsigned int),
> + .mode = 0644,
> + .proc_handler = proc_dointvec_jiffies,
> + },
> [NF_SYSCTL_CT_PROTO_TIMEOUT_GENERIC] = {
> .procname = "nf_conntrack_generic_timeout",
> .maxlen = sizeof(unsigned int),
I think you'll need to add NF_SYSCTL_CT_GC_SCAN_INTERVAL_INIT to
the
/* Don't allow non-init_net ns to alter global sysctls */
if (!net_eq(&init_net, net)) {
branch in nf_conntrack_standalone_init_sysctl().
