Yi-Hung Wei <yihung.wei@xxxxxxxxx> wrote:
> This patch contains two parts.
>
> 1. Remove parameter 'family' in nf_conncount_count() and count_tree().
> Before commit 625c556118f3 ("netfilter: connlimit: split xt_connlimit
> into front and backend"), 'family' was used to determine the type
> of nf_inet_addr, but the parameter is not useful after that commit.
Right, its useless now, lets remove it.
> 2. Move nf_ct_netns_get/put() to the user of nf_conncount.
> Since nf_conncount now supports general keys, if the key is not related
> to a particular NFPROTO_*, then it is not necessary to do
> nf_ct_netns_get/put() in nf_conncount.
I wonder if this is correct.
conncount relies on all entries being backed by a conntrack entry so
it can expire those that are no longer around.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
