- 论坛徽章:
- 0
|
本帖最后由 zzappled 于 2011-03-03 09:42 编辑
static inline u_int8_t nf_ct_protonum(const struct nf_conn *ct)
{
return ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum;
}
static inline bool already_closed(const struct nf_conn *conn)
{
if (nf_ct_protonum(conn) == IPPROTO_TCP)
return conn->proto.tcp.state == TCP_CONNTRACK_TIME_WAIT ||
conn->proto.tcp.state == TCP_CONNTRACK_CLOSE;
else
return 0;
}
list_for_each_entry_safe(conn, tmp, hash, list) {
found = nf_conntrack_find_get(&init_net, &conn->tuple);
found_ct = NULL;
if (found != NULL)
found_ct = nf_ct_tuplehash_to_ctrack(found);
if (found_ct != NULL &&
nf_ct_tuple_equal(&conn->tuple, tuple) &&
!already_closed(found_ct))
/*
* Just to be sure we have it only once in the list.
* We should not see tuples twice unless someone hooks
* this into a table without "-p tcp --syn".
*/
addit = false;
if (found == NULL) {
/* this one is gone */
list_del(&conn->list);
kfree(conn);
continue;
}
if (already_closed(found_ct))//为什么这里不判断found_ct是否为NULL,是BUG还是别的 {
/*
* we do not care about connections which are
* closed already -> ditch it
*/
nf_ct_put(found_ct);
list_del(&conn->list);
kfree(conn);
continue;
}
if (same_source_net(addr, mask, &conn->tuple.src.u3, family))
/* same source network -> be counted! */
++matches;
nf_ct_put(found_ct);
} |
|
免费注册
发表于 2011-03-03 09:30
发表于 2011-03-03 10:48