diff options
| author |   Florian Westphal <fw@strlen.de> | 2022-04-25 15:15:44 +0200 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2022-05-13 18:56:28 +0200 |
| commit | 8edc813111001e9be3cce066d3d4091d2ef04a1d (patch) | |
| tree | 178f82135ed388c543d2853de79635b1eda253ab /include/net/netfilter/nf_conntrack_core.h | |
| parent | netfilter: conntrack: add nf_conntrack_events autodetect mode (diff) | |
| download | linux-dev-8edc813111001e9be3cce066d3d4091d2ef04a1d.tar.xz linux-dev-8edc813111001e9be3cce066d3d4091d2ef04a1d.zip | |
netfilter: prefer extension check to pointer check
The pointer check usually results in a 'false positive': its likely
that the ctnetlink module is loaded but no event monitoring is enabled.
After recent change to autodetect ctnetlink usage and only allocate
the ecache extension if a listener is active, check if the extension
is present on a given conntrack.
If its not there, there is nothing to report and calls to the
notification framework can be elided.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net/netfilter/nf_conntrack_core.h')
| -rw-r--r-- | include/net/netfilter/nf_conntrack_core.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h index 13807ea94cd2..6406cfee34c2 100644 --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h @@ -60,7 +60,7 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb) if (ct) { if (!nf_ct_is_confirmed(ct)) ret = __nf_conntrack_confirm(skb); - if (likely(ret == NF_ACCEPT)) + if (ret == NF_ACCEPT && nf_ct_ecache_exist(ct)) nf_ct_deliver_cached_events(ct); } return ret; |