On 24.11, Florian Westphal wrote: > No need to clutter nflog/dmesg ring buffer with the old tracing output > when the 'native' nfnetlink interface is used. > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- > net/netfilter/nf_tables_core.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c > index dabf5ed..69bdd9a 100644 > --- a/net/netfilter/nf_tables_core.c > +++ b/net/netfilter/nf_tables_core.c > @@ -55,6 +55,7 @@ static void __nft_trace_packet(const struct nft_pktinfo *pkt, > rulenum); > } > > +static bool prefer_native_trace __read_mostly; > struct static_key nft_trace_enabled __read_mostly; > EXPORT_SYMBOL_GPL(nft_trace_enabled); > > @@ -69,7 +70,13 @@ static inline void nft_trace_packet(const struct nft_pktinfo *pkt, > if (!pkt->skb->nf_trace) > return; > nf_tables_trace_notify(pkt, chain, rule, verdict, type); > - __nft_trace_packet(pkt, chain, rulenum, type); > + if (prefer_native_trace) > + return; > + > + if (nfnetlink_has_listeners(pkt->net, NFNLGRP_NFTABLES)) > + prefer_native_trace = true; This seems to be better placed in a netlink bind callback. > + else > + __nft_trace_packet(pkt, chain, rulenum, type); > } > } -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
