Re: [PATCH nf-next 5/9] netfilter: conntrack: small refactoring of conntrack seq_printf

2016-05-04 Thread Pablo Neira Ayuso
On Wed, May 04, 2016 at 12:27:36AM +0200, Florian Westphal wrote: > Pablo Neira Ayuso wrote: > > > - if (NF_CT_DIRECTION(hash)) > > > - goto release; > > > - if (nf_ct_l3num(ct) != AF_INET) > > > + /* check if we raced w. object reuse */ > > > + if

Re: [PATCH nf-next 5/9] netfilter: conntrack: small refactoring of conntrack seq_printf

2016-05-04 Thread Florian Westphal
Pablo Neira Ayuso wrote: > > - if (NF_CT_DIRECTION(hash)) > > - goto release; > > - if (nf_ct_l3num(ct) != AF_INET) > > + /* check if we raced w. object reuse */ > > + if (!nf_ct_is_confirmed(ct) || > > This refactoring includes this new check, is this

Re: [PATCH nf-next 5/9] netfilter: conntrack: small refactoring of conntrack seq_printf

2016-05-03 Thread Pablo Neira Ayuso
On Tue, May 03, 2016 at 08:12:50PM +0200, Pablo Neira Ayuso wrote: > On Thu, Apr 28, 2016 at 07:13:44PM +0200, Florian Westphal wrote: > > The iteration process is lockless, so we test if the conntrack object is > > eligible for printing (e.g. is AF_INET) after obtaining the reference > > count. >

Re: [PATCH nf-next 5/9] netfilter: conntrack: small refactoring of conntrack seq_printf

2016-05-03 Thread Pablo Neira Ayuso
On Thu, Apr 28, 2016 at 07:13:44PM +0200, Florian Westphal wrote: > The iteration process is lockless, so we test if the conntrack object is > eligible for printing (e.g. is AF_INET) after obtaining the reference > count. > > Once we put all conntracks into same hash table we might see more >

[PATCH nf-next 5/9] netfilter: conntrack: small refactoring of conntrack seq_printf

2016-04-28 Thread Florian Westphal
The iteration process is lockless, so we test if the conntrack object is eligible for printing (e.g. is AF_INET) after obtaining the reference count. Once we put all conntracks into same hash table we might see more entries that need to be skipped. So add a helper and first perform the test in a