netfilter: ctnetlink: support selective event delivery

[net-next-2.6.git] / net / netfilter / nf_conntrack_core.c

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index b9168c1864ca3cd14ffea33f98aa0b326e313d91..53b8da6ad6b76e070f2f4a46ed3d7e18a45e63e4 100644 (file)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -512,11 +512,17 @@ static noinline int early_drop(struct net *net, unsigned int hash)
                        cnt++;
                }
 
-               if (ct && unlikely(nf_ct_is_dying(ct) ||
-                                  !atomic_inc_not_zero(&ct->ct_general.use)))
-                       ct = NULL;
-               if (ct || cnt >= NF_CT_EVICTION_RANGE)
+               if (ct != NULL) {
+                       if (likely(!nf_ct_is_dying(ct) &&
+                                  atomic_inc_not_zero(&ct->ct_general.use)))
+                               break;
+                       else
+                               ct = NULL;
+               }
+
+               if (cnt >= NF_CT_EVICTION_RANGE)
                        break;
+
                hash = (hash + 1) % nf_conntrack_htable_size;
        }
        rcu_read_unlock();
@@ -642,7 +648,7 @@ init_conntrack(struct net *net,
        }
 
        nf_ct_acct_ext_add(ct, GFP_ATOMIC);
-       nf_ct_ecache_ext_add(ct, GFP_ATOMIC);
+       nf_ct_ecache_ext_add(ct, 0, 0, GFP_ATOMIC);
 
        spin_lock_bh(&nf_conntrack_lock);
        exp = nf_ct_find_expectation(net, tuple);
@@ -819,7 +825,7 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,
        }
 
        if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status))
-               nf_conntrack_event_cache(IPCT_STATUS, ct);
+               nf_conntrack_event_cache(IPCT_REPLY, ct);
 
        return ret;
 }