diff options
| author | Eric Dumazet <eric.dumazet@gmail.com> | 2010-06-08 10:09:52 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-06-08 10:09:52 -0400 |
| commit | 5bfddbd46a95c978f4d3c992339cbdf4f4b790a3 (patch) | |
| tree | 9291ba4e1e3c7bf7ae8b5dfa8271e7127a6a6958 /include/linux | |
| parent | 339bb99e4a8ba1f8960eed21d50be808b35ad22a (diff) | |
netfilter: nf_conntrack: IPS_UNTRACKED bit
NOTRACK makes all cpus share a cache line on nf_conntrack_untracked
twice per packet. This is bad for performance.
__read_mostly annotation is also a bad choice.
This patch introduces IPS_UNTRACKED bit so that we can use later a
per_cpu untrack structure more easily.
A new helper, nf_ct_untracked_get() returns a pointer to
nf_conntrack_untracked.
Another one, nf_ct_untracked_status_or() is used by nf_nat_init() to add
IPS_NAT_DONE_MASK bits to untracked status.
nf_ct_is_untracked() prototype is changed to work on a nf_conn pointer.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/netfilter/nf_conntrack_common.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h index 14e6d32002c4..1afd18c855ec 100644 --- a/include/linux/netfilter/nf_conntrack_common.h +++ b/include/linux/netfilter/nf_conntrack_common.h | |||
| @@ -76,6 +76,10 @@ enum ip_conntrack_status { | |||
| 76 | /* Conntrack is a template */ | 76 | /* Conntrack is a template */ |
| 77 | IPS_TEMPLATE_BIT = 11, | 77 | IPS_TEMPLATE_BIT = 11, |
| 78 | IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT), | 78 | IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT), |
| 79 | |||
| 80 | /* Conntrack is a fake untracked entry */ | ||
| 81 | IPS_UNTRACKED_BIT = 12, | ||
| 82 | IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT), | ||
| 79 | }; | 83 | }; |
| 80 | 84 | ||
| 81 | /* Connection tracking event types */ | 85 | /* Connection tracking event types */ |