Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > + net_warn_ratelimited("nf_conntrack: table full in netns %u, dropping packet\n",
> > + net->ns.inum);
>
> This is slightly better, but it still does not say what packet has
> been dropped, right?
>
> Probably a similar approach to nf_tcp_log_invalid() would better here.
>
> Thus, nf_log infrastructure could be used as logging hub.
>
> Logging the packet probably provides more context information than
> simply logging the netns inode number.
Hmm, the conntrack table is full, and packet creates a new flow.
What would logging the packet tell us what the printk message doesn't?
