diff options
author | Florian Westphal <fw@strlen.de> | 2022-04-25 15:15:43 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-05-13 18:56:28 +0200 |
commit | 90d1daa45849f272b701f29d6ca88b24743c7553 (patch) | |
tree | d794a12f356af5a65ff9a49cc964989635570fed /net/netfilter/nf_conntrack_core.c | |
parent | netfilter: conntrack: un-inline nf_ct_ecache_ext_add (diff) | |
download | linux-90d1daa45849f272b701f29d6ca88b24743c7553.tar.gz linux-90d1daa45849f272b701f29d6ca88b24743c7553.tar.bz2 linux-90d1daa45849f272b701f29d6ca88b24743c7553.zip |
netfilter: conntrack: add nf_conntrack_events autodetect mode
This adds the new nf_conntrack_events=2 mode and makes it the
default.
This leverages the earlier flag in struct net to allow to avoid
the event extension as long as no event listener is active in
the namespace.
This avoids, for most cases, allocation of ct->ext area.
A followup patch will take further advantage of this by avoiding
calls down into the event framework if the extension isn't present.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_conntrack_core.c')
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 7b078ec1f923..082a2fd8d85b 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -1736,7 +1736,8 @@ init_conntrack(struct net *net, struct nf_conn *tmpl, #ifdef CONFIG_NF_CONNTRACK_EVENTS ecache = tmpl ? nf_ct_ecache_find(tmpl) : NULL; - if (!nf_ct_ecache_ext_add(ct, ecache ? ecache->ctmask : 0, + if ((ecache || net->ct.sysctl_events) && + !nf_ct_ecache_ext_add(ct, ecache ? ecache->ctmask : 0, ecache ? ecache->expmask : 0, GFP_ATOMIC)) { nf_conntrack_free(ct); |