Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c > > index dabf5ed..69bdd9a 100644 > > --- a/net/netfilter/nf_tables_core.c > > +++ b/net/netfilter/nf_tables_core.c > > @@ -55,6 +55,7 @@ static void __nft_trace_packet(const struct nft_pktinfo *pkt, > > rulenum); > > } > > > > +static bool prefer_native_trace __read_mostly; > > struct static_key nft_trace_enabled __read_mostly; > > EXPORT_SYMBOL_GPL(nft_trace_enabled); > > > > @@ -69,7 +70,13 @@ static inline void nft_trace_packet(const struct nft_pktinfo *pkt, > > if (!pkt->skb->nf_trace) > > return; > > nf_tables_trace_notify(pkt, chain, rule, verdict, type); > > - __nft_trace_packet(pkt, chain, rulenum, type); > > + if (prefer_native_trace) > > + return; > > + > > + if (nfnetlink_has_listeners(pkt->net, NFNLGRP_NFTABLES)) > > + prefer_native_trace = true; > > + else > > + __nft_trace_packet(pkt, chain, rulenum, type); > > For this very specific case I prefer a sysctl that we can remove > moving forward, then remove this code and default to the new tracing > infrastructure once we have indications that adoption of this new > tracing infrastructure has been massively adopted instead of the > existing one. So you're saying sysctl nft_old_trace = 1; and then do nf_tables_trace_notify(..) if (nft_old_trace) __nft_trace_packet(); ? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
