* [PATCH] netfilter: conntrack: account packets drop by tcp_packet()
@ 2009-02-23 10:15 Pablo Neira Ayuso
2009-02-23 10:48 ` Jan Engelhardt
2009-02-24 13:49 ` Patrick McHardy
0 siblings, 2 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2009-02-23 10:15 UTC (permalink / raw)
To: netfilter-devel; +Cc: kaber
Since tcp_packet() may return -NF_DROP in two situations, the
packet-drop stats must be increased.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_conntrack_core.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 8b9dbb7..4503727 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -733,6 +733,8 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
nf_conntrack_put(skb->nfct);
skb->nfct = NULL;
NF_CT_STAT_INC_ATOMIC(net, invalid);
+ if (-ret == NF_DROP)
+ NF_CT_STAT_INC_ATOMIC(net, drop);
return -ret;
}
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] netfilter: conntrack: account packets drop by tcp_packet()
2009-02-23 10:15 [PATCH] netfilter: conntrack: account packets drop by tcp_packet() Pablo Neira Ayuso
@ 2009-02-23 10:48 ` Jan Engelhardt
2009-02-23 10:49 ` Patrick McHardy
2009-02-24 13:49 ` Patrick McHardy
1 sibling, 1 reply; 4+ messages in thread
From: Jan Engelhardt @ 2009-02-23 10:48 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel, kaber
On Monday 2009-02-23 11:15, Pablo Neira Ayuso wrote:
>diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
>index 8b9dbb7..4503727 100644
>--- a/net/netfilter/nf_conntrack_core.c
>+++ b/net/netfilter/nf_conntrack_core.c
>@@ -733,6 +733,8 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
> nf_conntrack_put(skb->nfct);
> skb->nfct = NULL;
> NF_CT_STAT_INC_ATOMIC(net, invalid);
>+ if (-ret == NF_DROP)
>+ NF_CT_STAT_INC_ATOMIC(net, drop);
> return -ret;
> }
>
*boggle* Why not just "ret == -NF_DROP"?
The assumption would be near that "-NF_DROP" is a constant just
as "NF_DROP" would be, but "-ret" involves an extra instruction
for negating ret.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] netfilter: conntrack: account packets drop by tcp_packet()
2009-02-23 10:48 ` Jan Engelhardt
@ 2009-02-23 10:49 ` Patrick McHardy
0 siblings, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2009-02-23 10:49 UTC (permalink / raw)
To: Jan Engelhardt; +Cc: Pablo Neira Ayuso, netfilter-devel
Jan Engelhardt wrote:
> On Monday 2009-02-23 11:15, Pablo Neira Ayuso wrote:
>> diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
>> index 8b9dbb7..4503727 100644
>> --- a/net/netfilter/nf_conntrack_core.c
>> +++ b/net/netfilter/nf_conntrack_core.c
>> @@ -733,6 +733,8 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
>> nf_conntrack_put(skb->nfct);
>> skb->nfct = NULL;
>> NF_CT_STAT_INC_ATOMIC(net, invalid);
>> + if (-ret == NF_DROP)
>> + NF_CT_STAT_INC_ATOMIC(net, drop);
>> return -ret;
>> }
>>
>
> *boggle* Why not just "ret == -NF_DROP"?
> The assumption would be near that "-NF_DROP" is a constant just
> as "NF_DROP" would be, but "-ret" involves an extra instruction
> for negating ret.
Indeed. No need to resend though, I'll fix it up.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] netfilter: conntrack: account packets drop by tcp_packet()
2009-02-23 10:15 [PATCH] netfilter: conntrack: account packets drop by tcp_packet() Pablo Neira Ayuso
2009-02-23 10:48 ` Jan Engelhardt
@ 2009-02-24 13:49 ` Patrick McHardy
1 sibling, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2009-02-24 13:49 UTC (permalink / raw)
To: Pablo Neira Ayuso; +Cc: netfilter-devel
Pablo Neira Ayuso wrote:
> Since tcp_packet() may return -NF_DROP in two situations, the
> packet-drop stats must be increased.
Applied, thanks.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-02-24 13:49 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-02-23 10:15 [PATCH] netfilter: conntrack: account packets drop by tcp_packet() Pablo Neira Ayuso
2009-02-23 10:48 ` Jan Engelhardt
2009-02-23 10:49 ` Patrick McHardy
2009-02-24 13:49 ` Patrick McHardy
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.