Hi all, I am sorry to send the patch commit again because the last email is not plain text and is rejected by some servers. This is the patch to branch master of kernel. The function get_next_corpse is only invoked by nf_ct_iterate_cleanup in one while loop, and it will check the per cpu unconfirmed conntrack list every time. I think the whole list of unconfirmed conntracks could be accessed by one call, so the others are not necessary. So I move the checks outside the get_next_corpse, and create one new function clean_up_unconfirmed_conntracks. Let the nf_ct_iterate_cleanup invokes the clean_up_unconfirmed_conntracks after the while loop. These codes have already exist for a long time. Firstly I think maybe there is some reason, but I fail to get it. Best Regards Feng
Attachment:
0001-netfilter-Fix-wastful-cleanup-check-for-unconfirmed-.patch
Description: Binary data
