From 6428f54328a433a86bdc0d7154ff3a7d322e0fb4 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Wed, 15 Jun 2011 14:13:40 +0200 Subject: conntrack: skip sending update message to kernel if conntrack is unchanged This speeds up operation when a lot of conntracks exist, but only a few of them have to be altered. This change is user-visible because the exit message ("%d flow entries have been updated") will now print the number of entries that have been altered instead of the total number of conntracks seen. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- src/conntrack.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src') diff --git a/src/conntrack.c b/src/conntrack.c index fb133f1..3e1cb11 100644 --- a/src/conntrack.c +++ b/src/conntrack.c @@ -1258,6 +1258,12 @@ static int update_cb(enum nf_conntrack_msg_type type, nfct_copy(tmp, obj, NFCT_CP_META); copy_mark(tmp, ct, &tmpl.mark); + /* do not send NFCT_Q_UPDATE if ct appears unchanged */ + if (nfct_cmp(tmp, ct, NFCT_CMP_ALL | NFCT_CMP_MASK)) { + nfct_destroy(tmp); + return NFCT_CB_CONTINUE; + } + res = nfct_query(ith, NFCT_Q_UPDATE, tmp); if (res < 0) { nfct_destroy(tmp); -- cgit v1.2.3