No need to clutter nflog/dmesg ring buffer with the old tracing output when the 'native' nfnetlink interface is used. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- net/netfilter/nf_tables_core.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c index dabf5ed..69bdd9a 100644 --- a/net/netfilter/nf_tables_core.c +++ b/net/netfilter/nf_tables_core.c @@ -55,6 +55,7 @@ static void __nft_trace_packet(const struct nft_pktinfo *pkt, rulenum); } +static bool prefer_native_trace __read_mostly; struct static_key nft_trace_enabled __read_mostly; EXPORT_SYMBOL_GPL(nft_trace_enabled); @@ -69,7 +70,13 @@ static inline void nft_trace_packet(const struct nft_pktinfo *pkt, if (!pkt->skb->nf_trace) return; nf_tables_trace_notify(pkt, chain, rule, verdict, type); - __nft_trace_packet(pkt, chain, rulenum, type); + if (prefer_native_trace) + return; + + if (nfnetlink_has_listeners(pkt->net, NFNLGRP_NFTABLES)) + prefer_native_trace = true; + else + __nft_trace_packet(pkt, chain, rulenum, type); } } -- 2.4.10 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
