[netfilter-cvslog] r3717 -
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter
yasuyuki at netfilter.org
yasuyuki at netfilter.org
Wed Feb 16 23:40:27 CET 2005
Author: yasuyuki at netfilter.org
Date: 2005-02-16 23:40:26 +0100 (Wed, 16 Feb 2005)
New Revision: 3717
Modified:
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
Log:
- kill excess debug messages.
- delete double NF_CT_STAT_INC(new);
- destroy_conntrack() doesn't need to check ct->expecting. remove_expectations()
do it.
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c 2005-02-16 13:42:35 UTC (rev 3716)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c 2005-02-16 22:40:26 UTC (rev 3717)
@@ -407,7 +407,7 @@
return NULL;
}
-/* delete all unconfirmed expectations for this conntrack */
+/* delete all expectations for this conntrack */
static void remove_expectations(struct nf_conn *ct)
{
struct nf_conntrack_expect *i, *tmp;
@@ -437,7 +437,7 @@
LIST_DELETE(&nf_conntrack_hash[ho], &ct->tuplehash[NF_CT_DIR_ORIGINAL]);
LIST_DELETE(&nf_conntrack_hash[hr], &ct->tuplehash[NF_CT_DIR_REPLY]);
- /* Destroy all un-established, pending expectations */
+ /* Destroy all pending expectations */
remove_expectations(ct);
}
@@ -472,8 +472,7 @@
* except TFTP can create an expectation on the first packet,
* before connection is in the list, so we need to clean here,
* too. */
- if (ct->expecting)
- remove_expectations(ct);
+ remove_expectations(ct);
/* We overload first tuple to link into unconfirmed list. */
if (!is_confirmed(ct)) {
@@ -496,7 +495,6 @@
{
struct nf_conn *ct = (void *)ul_conntrack;
-
WRITE_LOCK(&nf_conntrack_lock);
/* Inside lock so preempt is disabled on module removal path.
* Otherwise we can get spurious warnings. */
@@ -565,10 +563,8 @@
ICMP/TCP RST packets in other direction. Actual packet
which created connection will be NF_CT_NEW or for an
expected connection, NF_CT_RELATED. */
- if (NFCTINFO2DIR(ctinfo) != NF_CT_DIR_ORIGINAL) {
- DEBUGP("__nf_conntrack_confirm: not original direction\n");
+ if (NFCTINFO2DIR(ctinfo) != NF_CT_DIR_ORIGINAL)
return NF_ACCEPT;
- }
hash = hash_conntrack(&ct->tuplehash[NF_CT_DIR_ORIGINAL].tuple);
repl_hash = hash_conntrack(&ct->tuplehash[NF_CT_DIR_REPLY].tuple);
@@ -617,7 +613,6 @@
NF_CT_STAT_INC(insert_failed);
WRITE_UNLOCK(&nf_conntrack_lock);
- DEBUGP("__nf_conntrack_confirm: duplicated conntrack\n");
return NF_DROP;
}
@@ -743,7 +738,6 @@
conntrack->ct_general.destroy = destroy_conntrack;
conntrack->tuplehash[NF_CT_DIR_ORIGINAL].tuple = *tuple;
conntrack->tuplehash[NF_CT_DIR_REPLY].tuple = repl_tuple;
-
if (!protocol->new(conntrack, skb, dataoff)) {
free_conntrack(conntrack);
DEBUGP("init conntrack: can't track with proto module\n");
@@ -755,7 +749,6 @@
conntrack->timeout.function = death_by_timeout;
WRITE_LOCK(&nf_conntrack_lock);
-
exp = find_expectation(tuple);
if (exp) {
@@ -778,7 +771,6 @@
/* Overload tuple linked list to put us in unconfirmed list. */
list_add(&conntrack->tuplehash[NF_CT_DIR_ORIGINAL].list, &unconfirmed);
- NF_CT_STAT_INC(new);
atomic_inc(&nf_conntrack_count);
WRITE_UNLOCK(&nf_conntrack_lock);
@@ -817,14 +809,10 @@
h = nf_conntrack_find_get(&tuple, NULL);
if (!h) {
h = init_conntrack(&tuple, l3proto, proto, skb, dataoff);
- if (!h) {
- DEBUGP("resolve_normal_ct: can't init conntrack\n");
+ if (!h)
return NULL;
- }
- if (IS_ERR(h)) {
- DEBUGP("resolve_normal_ct: failed to init conntrack: h = %p\n", h);
+ if (IS_ERR(h))
return (void *)h;
- }
}
ct = tuplehash_to_ctrack(h);
@@ -866,20 +854,17 @@
/* Previously seen (loopback or untracked)? Ignore. */
if ((*pskb)->nfct) {
- DEBUGP("loopback or untracked, nfct=0x%p\n", (*pskb)->nfct);
NF_CT_STAT_INC(ignore);
return NF_ACCEPT;
}
l3proto = nf_ct_find_l3proto((u_int16_t)pf);
- DEBUGP("l3proto = %u\n", pf);
if (l3proto->prepare(pskb, hooknum, &dataoff, &protonum, &ret) == 0) {
DEBUGP("not prepared to track yet or error occured\n");
return ret;
}
proto = nf_ct_find_proto((u_int16_t)pf, protonum);
- DEBUGP("protonum = %u\n", protonum);
/* It may be an special packet, error, unclean...
* inverse of the return code tells to the netfilter
@@ -895,14 +880,12 @@
&set_reply, &ctinfo);
if (!ct) {
/* Not valid part of a connection */
- DEBUGP("nf_conntrack_in: Not valid part of a connection\n");
NF_CT_STAT_INC(invalid);
return NF_ACCEPT;
}
if (IS_ERR(ct)) {
/* Too stressed to deal. */
- DEBUGP("nf_conntrack_in: Can't resolve normal connection\n");
NF_CT_STAT_INC(drop);
return NF_DROP;
}
@@ -1237,7 +1220,6 @@
struct nf_conntrack_tuple_hash *h = NULL;
WRITE_LOCK(&nf_conntrack_lock);
-
for (; *bucket < nf_conntrack_htable_size; (*bucket)++) {
h = LIST_FIND_W(&nf_conntrack_hash[*bucket], do_iter,
struct nf_conntrack_tuple_hash *, iter, data);
More information about the netfilter-cvslog
mailing list