[NETFILTER]: Don't try to do any random dropping since we now use jenkins hash

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>

[NETFILTER]: Don't try to do any random dropping since we now use jenkins hash
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
2cda2882 · Rusty Russell · David S. Miller · 59f9f96e · 2cda2882
Commit 2cda2882 authored Sep 23, 2004 by Rusty Russell Committed by David S. Miller Sep 23, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 10 deletions

net/ipv4/netfilter/ip_conntrack_core.c net/ipv4/netfilter/ip_conntrack_core.c +4 -10

No files found.
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -571,7 +571,6 @@ init_conntrack(const struct ip_conntrack_tuple *tuple,
 	size_t hash;
 	struct ip_conntrack_expect *expected;
 	int i;
-	static unsigned int drop_next;

 	if (!ip_conntrack_hash_rnd_initted) {
 		get_random_bytes(&ip_conntrack_hash_rnd, 4);
@@ -580,15 +579,10 @@ init_conntrack(const struct ip_conntrack_tuple *tuple,

 	hash = hash_conntrack(tuple);

-	if (ip_conntrack_max &&
-	    atomic_read(&ip_conntrack_count) >= ip_conntrack_max) {
-		/* Try dropping from random chain, or else from the
-                   chain about to put into (in case they're trying to
-                   bomb one hash chain). */
-		unsigned int next = (drop_next++)%ip_conntrack_htable_size;
-
-		if (!early_drop(&ip_conntrack_hash[next])
-		    && !early_drop(&ip_conntrack_hash[hash])) {
+	if (ip_conntrack_max
+	    && atomic_read(&ip_conntrack_count) >= ip_conntrack_max) {
+		/* Try dropping from this hash chain. */
+		if (!early_drop(&ip_conntrack_hash[hash])) {
 			if (net_ratelimit())
 				printk(KERN_WARNING
 				       "ip_conntrack: table full, dropping"