This speeds up operation when a lot of conntracks exist, but only
a few of them have to be altered.
This change is user-visible because the exit message
("%d flow entries have been updated") will now print the number of entries
that have been altered instead of the total number of conntracks seen.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/conntrack.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/src/conntrack.c b/src/conntrack.c
index fb133f1..3e1cb11 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -1258,6 +1258,12 @@ static int update_cb(enum nf_conntrack_msg_type type,
nfct_copy(tmp, obj, NFCT_CP_META);
copy_mark(tmp, ct, &tmpl.mark);
+ /* do not send NFCT_Q_UPDATE if ct appears unchanged */
+ if (nfct_cmp(tmp, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) {
+ nfct_destroy(tmp);
+ return NFCT_CB_CONTINUE;
+ }
+
res = nfct_query(ith, NFCT_Q_UPDATE, tmp);
if (res < 0) {
nfct_destroy(tmp);
--
1.7.3.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
