Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5a8145f7 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: labels: don't emit ct event if labels were not changed 



make the replace function only send a ctnetlink event if the contents
of the new set is different.

Otherwise 'ct label set ct label | bar'

will cause netlink event storm since we "replace" labels for each packet.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent b4ef1599

net/netfilter/nf_conntrack_labels.c

+10 −6
Original line number Diff line number Diff line
@@ -33,14 +33,18 @@ int nf_connlabel_set(struct nf_conn *ct, u16 bit) 
}

EXPORT_SYMBOL_GPL(nf_connlabel_set);



static void replace_u32(u32 *address, u32 mask, u32 new)

static int replace_u32(u32 *address, u32 mask, u32 new)

{

	u32 old, tmp;



	do {

		old = *address;

		tmp = (old & mask) ^ new;

		if (old == tmp)

			return 0;

	} while (cmpxchg(address, old, tmp) != old);



	return 1;

}



int nf_connlabels_replace(struct nf_conn *ct,
@@ -49,6 +53,7 @@ int nf_connlabels_replace(struct nf_conn *ct, 
{

	struct nf_conn_labels *labels;

	unsigned int size, i;

	int changed = 0;

	u32 *dst;



	labels = nf_ct_labels_find(ct);
@@ -60,15 +65,14 @@ int nf_connlabels_replace(struct nf_conn *ct, 
		words32 = size / sizeof(u32);



	dst = (u32 *) labels->bits;

	if (words32) {

	for (i = 0; i < words32; i++)

			replace_u32(&dst[i], mask ? ~mask[i] : 0, data[i]);

	}

		changed |= replace_u32(&dst[i], mask ? ~mask[i] : 0, data[i]);



	size /= sizeof(u32);

	for (i = words32; i < size; i++) /* pad */

		replace_u32(&dst[i], 0, 0);



	if (changed)

		nf_conntrack_event_cache(IPCT_LABEL, ct);

	return 0;

}