On Wed, Jun 20, 2018 at 2:32 PM, Florian Westphal <fw@xxxxxxxxx> wrote:
Thanks for v2. It takes care of a corner case so that a duplicated
entry won't be re-added in the second time.
Just some nits in the commit message as below.
Acked-by: Yi-Hung Wei <yihung.wei@xxxxxxxxx>
> When doing list walk, we lookup the tuple in the conntrack table.
> If the lookup fails we we remove this tuple from our list because
s/we we/we
> the conntrack entry is gone.
> The second constaint allows GC to be taken over by other
s/constaint/constraint
> cpu too (e.g. because a cpu was offlined or napi got moved to another
> cpu).
>
> We can't pretend the 'doubtful' entry wasn't in our list.
> Instead, when we don't find an entry indicate via IS_ERR
> that entry was removed ('did not exist' or withheld
> ('might-be-unconfirmed').
>
> This most likely also fixes a xt_connlimit imbalance earlier reported by
> Dmitry Andrianov.
>
> Cc: Dmitry Andrianov <dmitry.andrianov@xxxxxxxxxxx>
> Reported-by: Justin Pettit <jpettit@xxxxxxxxxx>
> Reported-by: Yi-Hung Wei <yihung.wei@xxxxxxxxx>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> ---
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
