提交 88b68bc5 编写于 作者: F Florian Westphal 提交者: Pablo Neira Ayuso

netfilter: conntrack: don't attempt to iterate over empty table

Once we place all conntracks into same table iteration becomes more
costly because the table contains conntracks that we are not interested
in (belonging to other netns).

So don't bother scanning if the current namespace has no entries.
Signed-off-by: NFlorian Westphal <fw@strlen.de>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
上级 5e3c61f9
......@@ -1428,6 +1428,9 @@ void nf_ct_iterate_cleanup(struct net *net,
might_sleep();
if (atomic_read(&net->ct.count) == 0)
return;
while ((ct = get_next_corpse(net, iter, data, &bucket)) != NULL) {
/* Time to push up daises... */
if (del_timer(&ct->timeout))
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册