From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
Florian Westphal <fw@strlen.de>,
"David S. Miller" <davem@davemloft.net>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] netfilter: ctnetlink: move CTA_TIMEOUT case to outside
Date: Thu, 29 Jun 2017 18:51:12 +0200 [thread overview]
Message-ID: <20170629165112.GA8551@salvia> (raw)
In-Reply-To: <1496983067-11214-1-git-send-email-yanhaishuang@cmss.chinamobile.com>
On Fri, Jun 09, 2017 at 12:37:47PM +0800, Haishuang Yan wrote:
> When cda[CTA_TIMEOUT] is zero, ctnetlink_new_conntrack will
> free allocated ct and return, so move it to outside to optimize
> this situation.
>
> Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
> ---
> net/netfilter/nf_conntrack_netlink.c | 5 +----
> 1 file changed, 1 insertion(+), 4 deletions(-)
>
> diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
> index a8be9b7..d1e6b1c 100644
> --- a/net/netfilter/nf_conntrack_netlink.c
> +++ b/net/netfilter/nf_conntrack_netlink.c
> @@ -1768,9 +1768,6 @@ static int change_seq_adj(struct nf_ct_seqadj *seq,
> if (IS_ERR(ct))
> return ERR_PTR(-ENOMEM);
>
> - if (!cda[CTA_TIMEOUT])
> - goto err1;
Actually, I think we would make ctnetlink a better place if we just
relax this. I mean, I would like to see how a patch to use the default
timeout based on the protocol state looks like.
ctnetlink is overly pendantic, in asking things that we can probably
infer, just in case the user doesn't specify this.
> -
> ct->timeout = nfct_time_stamp + ntohl(nla_get_be32(cda[CTA_TIMEOUT])) * HZ;
>
> rcu_read_lock();
> @@ -1944,7 +1941,7 @@ static int ctnetlink_new_conntrack(struct net *net, struct sock *ctnl,
> if (nlh->nlmsg_flags & NLM_F_CREATE) {
> enum ip_conntrack_events events;
>
> - if (!cda[CTA_TUPLE_ORIG] || !cda[CTA_TUPLE_REPLY])
> + if (!cda[CTA_TUPLE_ORIG] || !cda[CTA_TUPLE_REPLY] || !cda[CTA_TIMEOUT])
> return -EINVAL;
> if (otuple.dst.protonum != rtuple.dst.protonum)
> return -EINVAL;
> --
> 1.8.3.1
>
>
>
prev parent reply other threads:[~2017-06-29 16:51 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-09 4:37 [PATCH] netfilter: ctnetlink: move CTA_TIMEOUT case to outside Haishuang Yan
2017-06-29 16:51 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170629165112.GA8551@salvia \
--to=pablo@netfilter.org \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=fw@strlen.de \
--cc=kadlec@blackhole.kfki.hu \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=yanhaishuang@cmss.chinamobile.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).