Florian Westphal <fw@xxxxxxxxx> wrote on 05/24/2012 03:00:43 PM:
> What about this:
>
> if (queue->queue_total >= queue->queue_maxlen) {
> if (queue->flags & NFQA_CFG_F_FAIL_OPEN) {
> nf_reinject(entry, NF_ACCEPT);
> err = 0;
> goto err_out_free_nskb;
> }
> queue->queue_dropped++;
> net_warn_ratelimited("nf_queue: full at %d entries, dropping packets
(s)\n",
>
> [..]
>
> Do you see any problems with that?
No, I think it should work fine. Do this after dropping the lock?
> It should do the same as the nf_hook_slow/nf_queue ENOSPC changes while
> avoiding modifications outside the queueing backend.
Yes, that will help remove quite some code from front-end.
> > + if (nfqa[NFQA_CFG_FLAGS]) {
> > + __be32 flags, mask;
>
> [..]
>
> > + flags = ntohl(nla_get_be32(nfqa[NFQA_CFG_FLAGS]));
> > + mask = ntohl(nla_get_be32(nfqa[NFQA_CFG_MASK]));
>
> ntohl returns __u32 type.
Maybe just use __u32 type for flags/mask?
Thanks,
- KK
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
