On Wed, Dec 6, 2017 at 4:41 AM, Florian Westphal <fw@xxxxxxxxx> wrote:
> +static int __init nf_conncount_modinit(void)
> +{
> + int ret, i;
> +
> + BUILD_BUG_ON(CONNCOUNT_LOCK_SLOTS > CONNCOUNT_SLOTS);
> + BUILD_BUG_ON((CONNCOUNT_SLOTS % CONNCOUNT_LOCK_SLOTS) != 0);
> +
> + for (i = 0; i < CONNCOUNT_LOCK_SLOTS; ++i)
> + spin_lock_init(&nf_conncount_locks[i]);
> +
> + conncount_conn_cachep = kmem_cache_create("nf_conncount_tuple",
> + sizeof(struct nf_conncount_tuple),
> + 0, 0, NULL);
> + if (!conncount_conn_cachep)
> + return -ENOMEM;
> +
> + conncount_rb_cachep = kmem_cache_create("nf_conncount_rb",
> + sizeof(struct nf_conncount_rb),
> + 0, 0, NULL);
> + if (!conncount_rb_cachep) {
> + kmem_cache_destroy(conncount_conn_cachep);
> + return -ENOMEM;
> + }
> +
> + return ret;
I test it with iptables -m connlimit, and nf_conncount may fail to
load sometimes.
It turns out that it is because ret is not used in this function.
Shall we get rid of ret, and return 0 here?
Thanks,
-Yi-Hung
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
