On 24.11, Florian Westphal wrote: > No need to clutter nflog/dmesg ring buffer with the old tracing output > when the 'native' nfnetlink interface is used. > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- > net/netfilter/nf_tables_core.c | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c > index dabf5ed..69bdd9a 100644 > --- a/net/netfilter/nf_tables_core.c > +++ b/net/netfilter/nf_tables_core.c > @@ -69,7 +70,13 @@ static inline void nft_trace_packet(const struct nft_pktinfo *pkt, > if (!pkt->skb->nf_trace) > return; > nf_tables_trace_notify(pkt, chain, rule, verdict, type); > - __nft_trace_packet(pkt, chain, rulenum, type); > + if (prefer_native_trace) > + return; > + > + if (nfnetlink_has_listeners(pkt->net, NFNLGRP_NFTABLES)) > + prefer_native_trace = true; > + else > + __nft_trace_packet(pkt, chain, rulenum, type); Not sure how the final solution is going to look, but this inline function was meant to *only* get rid of the repeated nf_trace checks. Anything else should be done out of line IMO since its inlined into the most performance critical function of nftables. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
