diff options
author | Florian Westphal <fw@strlen.de> | 2023-01-02 14:46:12 +0300 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2023-01-18 15:05:24 +0300 |
commit | 4883ec512c1715fc827557f0e2bfce76c6530757 (patch) | |
tree | 221dc4ec549d4725c56d11329ec15bc81b878df8 /net/netfilter/nf_conntrack_core.c | |
parent | 50bfbb8957abebc2359220d7c1e4663994461b36 (diff) | |
download | linux-4883ec512c1715fc827557f0e2bfce76c6530757.tar.xz |
netfilter: conntrack: avoid reload of ct->status
Compiler can't merge the two test_bit() calls, so load ct->status
once and use non-atomic accesses.
This is fine because IPS_EXPECTED or NAT_CLASH are either set at ct
creation time or not at all, but compiler can't know that.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'net/netfilter/nf_conntrack_core.c')
-rw-r--r-- | net/netfilter/nf_conntrack_core.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 81ece117033a..9e12cade4e0f 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -1854,14 +1854,15 @@ resolve_normal_ct(struct nf_conn *tmpl, if (NF_CT_DIRECTION(h) == IP_CT_DIR_REPLY) { ctinfo = IP_CT_ESTABLISHED_REPLY; } else { + unsigned long status = READ_ONCE(ct->status); + /* Once we've had two way comms, always ESTABLISHED. */ - if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) { + if (likely(status & IPS_SEEN_REPLY)) ctinfo = IP_CT_ESTABLISHED; - } else if (test_bit(IPS_EXPECTED_BIT, &ct->status)) { + else if (status & IPS_EXPECTED) ctinfo = IP_CT_RELATED; - } else { + else ctinfo = IP_CT_NEW; - } } nf_ct_set(skb, ct, ctinfo); return 0; |