adobriyan@xxxxxxxxx wrote:
Make untracked conntrack per-netns. Compare conntracks with relevant
untracked one.
The following code you'll start laughing at this code:
if (ct == ct->ct_net->ct.untracked)
...
let me remind you that ->ct_net is set in only one place, and never
overwritten later.
All of this requires some surgery with headers, otherwise horrible circular
dependencies. And we lost nf_ct_is_untracked() as function, it became macro.
I think you could avoid this mess by using a struct nf_conntrack
for the untracked conntrack instead of struct nf_conn. It shouldn't
make any difference since its ignored anyways.
struct netns_ct {
atomic_t count;
@@ -12,5 +13,7 @@ struct netns_ct {
struct hlist_head *expect_hash;
int expect_vmalloc;
struct hlist_head unconfirmed;
+ /* Fake conntrack entry for untracked connections */
+ struct nf_conn untracked;
};
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
