Le mardi 08 juin 2010 à 19:48 +0530, Anand Raj Manickam a écrit :
> This my observation ..
>
> There is a redundant call to nf_ct_tuplehash_to_ctrack() after every
> nf_conntrack_find_get() call .
>
> Why is ct not returned from nf_conntrack_find_get() , since in all the
> occurances of nf_conntrack_find_get() there is immediate call to
> nf_ct_tuplehash_to_ctrack() . Although nf_ct_tuplehash_to_ctrack() is
> invoked to check the ct after we get a valid hash .
>
One random sample :
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
h = nf_conntrack_find_get(net, zone, &innertuple);
if (!h) {
pr_debug("icmp_error_message: no match\n");
return -NF_ACCEPT;
}
if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY)
*ctinfo += IP_CT_IS_REPLY;
As you can see, we need 'h' here (to get NF_CT_DIRECTION(h)), not 'ct'
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
