[netfilter-cvslog] r3717 - trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter

yasuyuki at netfilter.org yasuyuki at netfilter.org
Wed Feb 16 23:40:27 CET 2005 

Author: yasuyuki at netfilter.org
Date: 2005-02-16 23:40:26 +0100 (Wed, 16 Feb 2005)
New Revision: 3717

Modified:
   trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
Log:
- kill excess debug messages.
- delete double NF_CT_STAT_INC(new);
- destroy_conntrack() doesn't need to check ct->expecting. remove_expectations()
  do it.



Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c	2005-02-16 13:42:35 UTC (rev 3716)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c	2005-02-16 22:40:26 UTC (rev 3717)
@@ -407,7 +407,7 @@
 	return NULL;
 }
 
-/* delete all unconfirmed expectations for this conntrack */
+/* delete all expectations for this conntrack */
 static void remove_expectations(struct nf_conn *ct)
 {
 	struct nf_conntrack_expect *i, *tmp;
@@ -437,7 +437,7 @@
 	LIST_DELETE(&nf_conntrack_hash[ho], &ct->tuplehash[NF_CT_DIR_ORIGINAL]);
 	LIST_DELETE(&nf_conntrack_hash[hr], &ct->tuplehash[NF_CT_DIR_REPLY]);
 
-	/* Destroy all un-established, pending expectations */
+	/* Destroy all pending expectations */
 	remove_expectations(ct);
 }
 
@@ -472,8 +472,7 @@
 	 * except TFTP can create an expectation on the first packet,
 	 * before connection is in the list, so we need to clean here,
 	 * too. */
-	if (ct->expecting)
-		remove_expectations(ct);
+	remove_expectations(ct);
 
 	/* We overload first tuple to link into unconfirmed list. */
 	if (!is_confirmed(ct)) {
@@ -496,7 +495,6 @@
 {
 	struct nf_conn *ct = (void *)ul_conntrack;
 
-
 	WRITE_LOCK(&nf_conntrack_lock);
 	/* Inside lock so preempt is disabled on module removal path.
 	 * Otherwise we can get spurious warnings. */
@@ -565,10 +563,8 @@
 	   ICMP/TCP RST packets in other direction.  Actual packet
 	   which created connection will be NF_CT_NEW or for an
 	   expected connection, NF_CT_RELATED. */
-	if (NFCTINFO2DIR(ctinfo) != NF_CT_DIR_ORIGINAL) {
-		DEBUGP("__nf_conntrack_confirm: not original direction\n");
+	if (NFCTINFO2DIR(ctinfo) != NF_CT_DIR_ORIGINAL)
 		return NF_ACCEPT;
-	}
 
 	hash = hash_conntrack(&ct->tuplehash[NF_CT_DIR_ORIGINAL].tuple);
 	repl_hash = hash_conntrack(&ct->tuplehash[NF_CT_DIR_REPLY].tuple);
@@ -617,7 +613,6 @@
 
 	NF_CT_STAT_INC(insert_failed);
 	WRITE_UNLOCK(&nf_conntrack_lock);
-	DEBUGP("__nf_conntrack_confirm: duplicated conntrack\n");
 	return NF_DROP;
 }
 
@@ -743,7 +738,6 @@
 	conntrack->ct_general.destroy = destroy_conntrack;
 	conntrack->tuplehash[NF_CT_DIR_ORIGINAL].tuple = *tuple;
 	conntrack->tuplehash[NF_CT_DIR_REPLY].tuple = repl_tuple;
-
 	if (!protocol->new(conntrack, skb, dataoff)) {
 		free_conntrack(conntrack);
 		DEBUGP("init conntrack: can't track with proto module\n");
@@ -755,7 +749,6 @@
 	conntrack->timeout.function = death_by_timeout;
 
 	WRITE_LOCK(&nf_conntrack_lock);
-
 	exp = find_expectation(tuple);
 
 	if (exp) {
@@ -778,7 +771,6 @@
 	/* Overload tuple linked list to put us in unconfirmed list. */
 	list_add(&conntrack->tuplehash[NF_CT_DIR_ORIGINAL].list, &unconfirmed);
 
-	NF_CT_STAT_INC(new);
 	atomic_inc(&nf_conntrack_count);
 	WRITE_UNLOCK(&nf_conntrack_lock);
 
@@ -817,14 +809,10 @@
 	h = nf_conntrack_find_get(&tuple, NULL);
 	if (!h) {
 		h = init_conntrack(&tuple, l3proto, proto, skb, dataoff);
-		if (!h) {
-			DEBUGP("resolve_normal_ct: can't init conntrack\n");
+		if (!h)
 			return NULL;
-		}
-		if (IS_ERR(h)) {
-			DEBUGP("resolve_normal_ct: failed to init conntrack: h = %p\n", h);
+		if (IS_ERR(h))
 			return (void *)h;
-		}
 	}
 	ct = tuplehash_to_ctrack(h);
 
@@ -866,20 +854,17 @@
 
 	/* Previously seen (loopback or untracked)?  Ignore. */
 	if ((*pskb)->nfct) {
-		DEBUGP("loopback or untracked, nfct=0x%p\n", (*pskb)->nfct);
 		NF_CT_STAT_INC(ignore);
 		return NF_ACCEPT;
 	}
 
 	l3proto = nf_ct_find_l3proto((u_int16_t)pf);
-	DEBUGP("l3proto = %u\n", pf);
 	if (l3proto->prepare(pskb, hooknum, &dataoff, &protonum, &ret) == 0) {
 		DEBUGP("not prepared to track yet or error occured\n");
 		return ret;
 	}
 
 	proto = nf_ct_find_proto((u_int16_t)pf, protonum);
-	DEBUGP("protonum = %u\n", protonum);
 
 	/* It may be an special packet, error, unclean...
 	 * inverse of the return code tells to the netfilter
@@ -895,14 +880,12 @@
 			       &set_reply, &ctinfo);
 	if (!ct) {
 		/* Not valid part of a connection */
-		DEBUGP("nf_conntrack_in: Not valid part of a connection\n");
 		NF_CT_STAT_INC(invalid);
 		return NF_ACCEPT;
 	}
 
 	if (IS_ERR(ct)) {
 		/* Too stressed to deal. */
-		DEBUGP("nf_conntrack_in: Can't resolve normal connection\n");
 		NF_CT_STAT_INC(drop);
 		return NF_DROP;
 	}
@@ -1237,7 +1220,6 @@
 	struct nf_conntrack_tuple_hash *h = NULL;
 
 	WRITE_LOCK(&nf_conntrack_lock);
-
 	for (; *bucket < nf_conntrack_htable_size; (*bucket)++) {
 		h = LIST_FIND_W(&nf_conntrack_hash[*bucket], do_iter,
 				struct nf_conntrack_tuple_hash *, iter, data);

More information about the netfilter-cvslog mailing list