From 41390895e50bc4f28abe384c6b35ac27464a20ec Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Tue, 28 Mar 2017 10:31:20 +0200 Subject: [PATCH 1/3] netfilter: ipvs: don't check for presence of nat extension Check for the NAT status bits, they are set once conntrack needs NAT in source or reply direction, this is slightly faster than nfct_nat() as that has to check the extension area. Signed-off-by: Florian Westphal --- net/netfilter/ipvs/ip_vs_ftp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c index d30c327bb578..2e2bf7428cd1 100644 --- a/net/netfilter/ipvs/ip_vs_ftp.c +++ b/net/netfilter/ipvs/ip_vs_ftp.c @@ -260,7 +260,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, buf_len = strlen(buf); ct = nf_ct_get(skb, &ctinfo); - if (ct && !nf_ct_is_untracked(ct) && nfct_nat(ct)) { + if (ct && !nf_ct_is_untracked(ct) && (ct->status & IPS_NAT_MASK)) { /* If mangling fails this function will return 0 * which will cause the packet to be dropped. * Mangling can only fail under memory pressure, From 848850a3e9161e2cdcbb5cef7edc21ba49252ad1 Mon Sep 17 00:00:00 2001 From: Varsha Rao Date: Tue, 28 Mar 2017 16:06:49 +0530 Subject: [PATCH 2/3] netfilter: ipvs: Replace kzalloc with kcalloc. Replace kzalloc with kcalloc. As kcalloc is preferred for allocating an array instead of kzalloc. This patch fixes the checkpatch issue. Signed-off-by: Varsha Rao --- net/netfilter/ipvs/ip_vs_sync.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c index b03c28084f81..30d6b2cc00a0 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c @@ -1849,7 +1849,7 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *c, if (state == IP_VS_STATE_MASTER) { struct ipvs_master_sync_state *ms; - ipvs->ms = kzalloc(count * sizeof(ipvs->ms[0]), GFP_KERNEL); + ipvs->ms = kcalloc(count, sizeof(ipvs->ms[0]), GFP_KERNEL); if (!ipvs->ms) goto out; ms = ipvs->ms; @@ -1862,7 +1862,7 @@ int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *c, ms->ipvs = ipvs; } } else { - array = kzalloc(count * sizeof(struct task_struct *), + array = kcalloc(count, sizeof(struct task_struct *), GFP_KERNEL); if (!array) goto out; From e24113769960980579610ecfd657bb17f19373a3 Mon Sep 17 00:00:00 2001 From: Arushi Singhal Date: Wed, 29 Mar 2017 20:27:52 +0530 Subject: [PATCH 3/3] ipvs: remove unused variable This patch uses the following coccinelle script to remove a variable that was simply used to store the return value of a function call before returning it: @@ identifier len,f; @@ -int len; ... when != len when strict -len = +return f(...); -return len; Signed-off-by: Arushi Singhal Signed-off-by: Simon Horman --- net/netfilter/ipvs/ip_vs_ftp.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/net/netfilter/ipvs/ip_vs_ftp.c b/net/netfilter/ipvs/ip_vs_ftp.c index 2e2bf7428cd1..6caf4459e981 100644 --- a/net/netfilter/ipvs/ip_vs_ftp.c +++ b/net/netfilter/ipvs/ip_vs_ftp.c @@ -482,11 +482,8 @@ static struct pernet_operations ip_vs_ftp_ops = { static int __init ip_vs_ftp_init(void) { - int rv; - - rv = register_pernet_subsys(&ip_vs_ftp_ops); /* rcu_barrier() is called by netns on error */ - return rv; + return register_pernet_subsys(&ip_vs_ftp_ops); } /*