netfilter: conntrack: simplify early_drop
authorFlorian Westphal <fw@strlen.de>
Sun, 3 Jul 2016 18:44:01 +0000 (20:44 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 11 Jul 2016 09:46:22 +0000 (11:46 +0200)
commit242922a027176cd260c5adce4ba6bbfa3a05190c
treea08105a2e0e42d5fd885cbc5e55bc9b6c86c1aea
parent8786a9716d028083f56f944996883f7d1a05919e
netfilter: conntrack: simplify early_drop

We don't need to acquire the bucket lock during early drop, we can
use lockless traveral just like ____nf_conntrack_find.

The timer deletion serves as synchronization point, if another cpu
attempts to evict same entry, only one will succeed with timer deletion.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_conntrack.h
net/netfilter/nf_conntrack_core.c