On Tue, Nov 24, 2015 at 11:02:08AM +0100, Florian Westphal wrote: > No need to clutter nflog/dmesg ring buffer with the old tracing output > when the 'native' nfnetlink interface is used. > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- > net/netfilter/nf_tables_core.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c > index dabf5ed..69bdd9a 100644 > --- a/net/netfilter/nf_tables_core.c > +++ b/net/netfilter/nf_tables_core.c > @@ -55,6 +55,7 @@ static void __nft_trace_packet(const struct nft_pktinfo *pkt, > rulenum); > } > > +static bool prefer_native_trace __read_mostly; > struct static_key nft_trace_enabled __read_mostly; > EXPORT_SYMBOL_GPL(nft_trace_enabled); > > @@ -69,7 +70,13 @@ static inline void nft_trace_packet(const struct nft_pktinfo *pkt, > if (!pkt->skb->nf_trace) > return; > nf_tables_trace_notify(pkt, chain, rule, verdict, type); > - __nft_trace_packet(pkt, chain, rulenum, type); > + if (prefer_native_trace) > + return; > + > + if (nfnetlink_has_listeners(pkt->net, NFNLGRP_NFTABLES)) > + prefer_native_trace = true; > + else > + __nft_trace_packet(pkt, chain, rulenum, type); For this very specific case I prefer a sysctl that we can remove moving forward, then remove this code and default to the new tracing infrastructure once we have indications that adoption of this new tracing infrastructure has been massively adopted instead of the existing one. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
