diff options
author | David S. Miller <davem@davemloft.net> | 2009-06-11 20:00:44 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2009-06-11 20:00:44 -0700 |
commit | adf76cfe24dab32a54e2dd1f51534cea8277f32a (patch) | |
tree | 6935c74a4b7237bd5f95918b3145ac57e0769fca /net/ipv4/netfilter/nf_conntrack_proto_icmp.c | |
parent | 17d0cdfa8f3c09a110061c67421d662b3e149d0a (diff) | |
parent | 24992eacd8a9f4af286bdaaab627b6802ceb8bce (diff) |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6
Diffstat (limited to 'net/ipv4/netfilter/nf_conntrack_proto_icmp.c')
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_proto_icmp.c | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c index 23b2c2ee869..d71ba767734 100644 --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c @@ -82,18 +82,10 @@ static int icmp_packet(struct nf_conn *ct, u_int8_t pf, unsigned int hooknum) { - /* Try to delete connection immediately after all replies: - won't actually vanish as we still have skb, and del_timer - means this will only run once even if count hits zero twice - (theoretically possible with SMP) */ - if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) { - if (atomic_dec_and_test(&ct->proto.icmp.count)) - nf_ct_kill_acct(ct, ctinfo, skb); - } else { - atomic_inc(&ct->proto.icmp.count); - nf_conntrack_event_cache(IPCT_PROTOINFO_VOLATILE, ct); - nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_icmp_timeout); - } + /* Do not immediately delete the connection after the first + successful reply to avoid excessive conntrackd traffic + and also to handle correctly ICMP echo reply duplicates. */ + nf_ct_refresh_acct(ct, ctinfo, skb, nf_ct_icmp_timeout); return NF_ACCEPT; } @@ -117,7 +109,6 @@ static bool icmp_new(struct nf_conn *ct, const struct sk_buff *skb, nf_ct_dump_tuple_ip(&ct->tuplehash[0].tuple); return false; } - atomic_set(&ct->proto.icmp.count, 0); return true; } |