Hi pablo,
2016-08-12 18:34 GMT+08:00 Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>:
> On Sat, Jul 30, 2016 at 07:42:53PM +0800, Liping Zhang wrote:
>> From: Liping Zhang <liping.zhang@xxxxxxxxxxxxxx>
>>
>> Since Commit 64b87639c9cb ("netfilter: conntrack: fix race between
>> nf_conntrack proc read and hash resize") introdue the
>> nf_conntrack_get_ht, so there's no need to check nf_conntrack_generation
>> again and again to get the hash table and hash size.
>>
>> But keep ____nf_conntrack_find unchanged, because it is performance
>> critical path, increase the overhead of the function call is not so
>> good.
>
> I'm not very happy with this solution.
Yes.
>
> I think it is a good time to kill compat /proc/net/ip_conntrack*. That
> has been there for so long already. So we can inline this function,
> this is the only one that needs it to export it, right?
If just for the purpose of using nf_conntrack_get_ht to simply the source code,
I'm not sure is it worth to delete the compat /proc/net/ip_conntrack*?
So I'm inclined to keep the original source codes unchanged :)
Thanks
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
