netfilter: conntrack: don't attempt to iterate over empty table

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Once we place all conntracks into same table iteration becomes more
costly because the table contains conntracks that we are not interested
in (belonging to other netns).

So don't bother scanning if the current namespace has no entries.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 10 years ago 88b68bc5 5e3c61f9

1 changed file

expand all

net

netfilter

nf_conntrack_core.c

net/netfilter/nf_conntrack_core.c

··· 1428 1428 1429 1429 might_sleep(); 1430 1430 1431 + if (atomic_read(&net->ct.count) == 0) 1432 + return; 1433 + 1431 1434 while ((ct = get_next_corpse(net, iter, data, &bucket)) != NULL) { 1432 1435 /* Time to push up daises... */ 1433 1436 if (del_timer(&ct->timeout))