[NETFILTER]: move check for already tracked/untracked before fragment check

Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>

[NETFILTER]: move check for already tracked/untracked before fragment check
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
9f3cd7bd · Patrick McHardy · David S. Miller · caff42cd · 9f3cd7bd
Commit 9f3cd7bd authored Sep 28, 2004 by Patrick McHardy Committed by David S. Miller Sep 28, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 6 deletions

net/ipv4/netfilter/ip_conntrack_core.c net/ipv4/netfilter/ip_conntrack_core.c +6 -6

No files found.
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -688,6 +688,12 @@ unsigned int ip_conntrack_in(unsigned int hooknum,
 	int set_reply;
 	int ret;

+	/* Previously seen (loopback or untracked)?  Ignore. */
+	if ((*pskb)->nfct) {
+		CONNTRACK_STAT_INC(ignore);
+		return NF_ACCEPT;
+	}
+
 	/* Never happen */
 	if ((*pskb)->nh.iph->frag_off & htons(IP_OFFSET)) {
 		if (net_ratelimit()) {
@@ -715,12 +721,6 @@ unsigned int ip_conntrack_in(unsigned int hooknum,
 	}
 #endif

-	/* Previously seen (loopback or untracked)?  Ignore. */
-	if ((*pskb)->nfct) {
-		CONNTRACK_STAT_INC(ignore);
-		return NF_ACCEPT;
-	}
-
 	proto = ip_ct_find_proto((*pskb)->nh.iph->protocol);

 	/* It may be an special packet, error, unclean...