Jan Engelhardt wrote: > On Wednesday 2010-04-14 07:52, Eric Dumazet wrote: >>> +#ifdef WITH_CONNTRACK >>> + /* Avoid counting cloned packets towards the original connection. */ >>> + nf_conntrack_put(skb->nfct); >>> + skb->nfct = &nf_conntrack_untracked.ct_general; >>> + skb->nfctinfo = IP_CT_NEW; >>> + nf_conntrack_get(skb->nfct); >> This atomic increment on a global variable worries me... Would it be >> possible to avoid it (and the associated decrement and test if null) >> >> I would like to use this TEE facility but with xxx kpps for instance ;) > > Correctness before speed. You're free to send patches on top. > Pablo suggest to encode "untracked" in one of the nfctinfo bits a while ago, which would avoid all atomic operations. Anyways, this can be done later. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
