UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

netfilter: conntrack: don't attempt to iterate over empty table 

Once we place all conntracks into same table iteration becomes more
costly because the table contains conntracks that we are not interested
in (belonging to other netns).

So don't bother scanning if the current namespace has no entries.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2016-04-28 19:13:42 +02:00 committed by Pablo Neira Ayuso
parent 5e3c61f981
commit 88b68bc523
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
net/netfilter/nf_conntrack_core.c
View File

@ -1428,6 +1428,9 @@ void nf_ct_iterate_cleanup(struct net *net,
might_sleep();
if (atomic_read(&net->ct.count) == 0)
return;
while ((ct = get_next_corpse(net, iter, data, &bucket)) != NULL) {
/* Time to push up daises... */
if (del_timer(&ct->timeout))