summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2011-06-15 14:13:40 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2011-06-15 14:46:30 +0200
commit6428f54328a433a86bdc0d7154ff3a7d322e0fb4 (patch)
tree198cd5ddaded8b19c5aef13bb3fd23e6cd6f20a4
parent147ed522f52a62ab0d854ddc443d27d97dbf6cdf (diff)
conntrack: skip sending update message to kernel if conntrack is unchanged
This speeds up operation when a lot of conntracks exist, but only a few of them have to be altered. This change is user-visible because the exit message ("%d flow entries have been updated") will now print the number of entries that have been altered instead of the total number of conntracks seen. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/conntrack.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/conntrack.c b/src/conntrack.c
index fb133f1..3e1cb11 100644
--- a/src/conntrack.c
+++ b/src/conntrack.c
@@ -1258,6 +1258,12 @@ static int update_cb(enum nf_conntrack_msg_type type,
nfct_copy(tmp, obj, NFCT_CP_META);
copy_mark(tmp, ct, &tmpl.mark);
+ /* do not send NFCT_Q_UPDATE if ct appears unchanged */
+ if (nfct_cmp(tmp, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) {
+ nfct_destroy(tmp);
+ return NFCT_CB_CONTINUE;
+ }
+
res = nfct_query(ith, NFCT_Q_UPDATE, tmp);
if (res < 0) {
nfct_destroy(tmp);