diff options
author | Florian Westphal <fw@strlen.de> | 2011-06-15 14:13:40 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-06-15 14:46:30 +0200 |
commit | 6428f54328a433a86bdc0d7154ff3a7d322e0fb4 (patch) | |
tree | 198cd5ddaded8b19c5aef13bb3fd23e6cd6f20a4 /src | |
parent | 147ed522f52a62ab0d854ddc443d27d97dbf6cdf (diff) | |
download | conntrack-tools-6428f54328a433a86bdc0d7154ff3a7d322e0fb4.tar.gz conntrack-tools-6428f54328a433a86bdc0d7154ff3a7d322e0fb4.zip |
conntrack: skip sending update message to kernel if conntrack is unchanged
This speeds up operation when a lot of conntracks exist, but only
a few of them have to be altered.
This change is user-visible because the exit message
("%d flow entries have been updated") will now print the number of entries
that have been altered instead of the total number of conntracks seen.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/conntrack.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/conntrack.c b/src/conntrack.c index fb133f1..3e1cb11 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -1258,6 +1258,12 @@ static int update_cb(enum nf_conntrack_msg_type type, nfct_copy(tmp, obj, NFCT_CP_META); copy_mark(tmp, ct, &tmpl.mark); + /* do not send NFCT_Q_UPDATE if ct appears unchanged */ + if (nfct_cmp(tmp, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) { + nfct_destroy(tmp); + return NFCT_CB_CONTINUE; + } + res = nfct_query(ith, NFCT_Q_UPDATE, tmp); if (res < 0) { nfct_destroy(tmp); |