On 2018-02-25 21:19, Pablo Neira Ayuso wrote:
> On Sun, Feb 25, 2018 at 06:18:49PM +0100, Felix Fietkau wrote:
>> Preparation for sending flows back to the slow path
>>
>> Signed-off-by: Felix Fietkau <nbd@xxxxxxxx>
>> ---
>> net/netfilter/nf_flow_table_core.c | 17 +++++++++++++++--
>> 1 file changed, 15 insertions(+), 2 deletions(-)
>>
>> diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
>> index 5a81e4f771e9..ff5e17a15963 100644
>> --- a/net/netfilter/nf_flow_table_core.c
>> +++ b/net/netfilter/nf_flow_table_core.c
>> @@ -184,8 +184,21 @@ struct flow_offload_tuple_rhash *
>> flow_offload_lookup(struct nf_flowtable *flow_table,
>> struct flow_offload_tuple *tuple)
>> {
>> - return rhashtable_lookup_fast(&flow_table->rhashtable, tuple,
>> - nf_flow_offload_rhash_params);
>> + struct flow_offload_tuple_rhash *tuplehash;
>> + struct flow_offload *flow;
>> + int dir;
>> +
>> + tuplehash = rhashtable_lookup_fast(&flow_table->rhashtable, tuple,
>> + nf_flow_offload_rhash_params);
>> + if (!tuplehash)
>> + return NULL;
>> +
>> + dir = tuplehash->tuple.dir;
>> + flow = container_of(tuplehash, struct flow_offload, tuplehash[dir]);
>> + if (flow->flags & (FLOW_OFFLOAD_DYING | FLOW_OFFLOAD_TEARDOWN))
>> + return NULL;
>
> Why not just check from _hook() function that this flow is in teardown
> mode, so we can just skip this, it will be just a single extra branch
> on that path.
I guess it depends on what potential other users will call this
function. I figured it would be simpler this way, because then I don't
have to duplicate it for ipv4 and ipv6.
- Felix
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
