Yi-Hung Wei <yihung.wei@xxxxxxxxx> wrote:
> Thanks for working on this patch.
>
> > --- /dev/null
> > +++ b/include/net/netfilter/nf_conntrack_count.h
> > @@ -0,0 +1,13 @@
> Should it have something like the following in the header file?
>
> #ifdef _NF_CONNTRACK_COUNT_H
> #define _NF_CONNTRACK_COUNT_H
I can add it, sure.
> > --- /dev/null
> > +++ b/net/netfilter/nf_conncount.c
> > +
> > +struct nf_conncount_data *nf_conncount_init(struct net *net, unsigned int family,
> > + unsigned int keylen)
> > +{
> > + struct nf_conncount_data *data;
> > + int ret, i;
> > +
> > + if (keylen % sizeof(u32) ||
> > + keylen / sizeof(u32) > MAX_KEYLEN ||
> > + keylen == 0)
> > + return ERR_PTR(-EINVAL);
> Just wanna to check the case that if users want to count only by zone,
> since zone id is only 2 bytes, the user should claim 4 bytes as the
> keylen right?
Yes, I used jhash2 internally which requires input in u32-sized chunks.
> > + ret = nf_ct_netns_get(net, family);
> > + if (ret < 0)
> > + return ERR_PTR(ret);
> > +
> > + data = kmalloc(sizeof(*data), GFP_KERNEL);
> > + if (!data)
> > + return ERR_PTR(-ENOMEM);
> Should we call nf_ct_netns_put() in the error case?
Indeed, I'll fix this, thanks for the review!
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
