aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-01-31 07:39:23 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-31 22:27:55 -0500
commitba419aff2cda91680e5d4d3eeff95df49bd2edec (patch)
tree6bb05d94dad612ec084ebb1c9089d06357e1e0a6 /net/netfilter
parentf8ba1affa18398610e765736153fff614309ccc8 (diff)
[NETFILTER]: nf_conntrack: optimize __nf_conntrack_find()
Ignoring specific entries in __nf_conntrack_find() is only needed by NAT for nf_conntrack_tuple_taken(). Remove it from __nf_conntrack_find() and make nf_conntrack_tuple_taken() search the hash itself. Saves 54 bytes of text in the hotpath on x86_64: __nf_conntrack_find | -54 # 321 -> 267, # inlines: 3 -> 2, size inlines: 181 -> 127 nf_conntrack_tuple_taken | +305 # 15 -> 320, lexblocks: 0 -> 3, # inlines: 0 -> 3, size inlines: 0 -> 181 nf_conntrack_find_get | -2 # 90 -> 88 3 functions changed, 305 bytes added, 56 bytes removed, diff: +249 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/nf_conntrack_core.c22
-rw-r--r--net/netfilter/nf_conntrack_netlink.c6
-rw-r--r--net/netfilter/xt_connlimit.c2
3 files changed, 19 insertions, 11 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index f284dddfc89..ce4c4ba31cb 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -246,16 +246,14 @@ static void death_by_timeout(unsigned long ul_conntrack)
246} 246}
247 247
248struct nf_conntrack_tuple_hash * 248struct nf_conntrack_tuple_hash *
249__nf_conntrack_find(const struct nf_conntrack_tuple *tuple, 249__nf_conntrack_find(const struct nf_conntrack_tuple *tuple)
250 const struct nf_conn *ignored_conntrack)
251{ 250{
252 struct nf_conntrack_tuple_hash *h; 251 struct nf_conntrack_tuple_hash *h;
253 struct hlist_node *n; 252 struct hlist_node *n;
254 unsigned int hash = hash_conntrack(tuple); 253 unsigned int hash = hash_conntrack(tuple);
255 254
256 hlist_for_each_entry_rcu(h, n, &nf_conntrack_hash[hash], hnode) { 255 hlist_for_each_entry_rcu(h, n, &nf_conntrack_hash[hash], hnode) {
257 if (nf_ct_tuplehash_to_ctrack(h) != ignored_conntrack && 256 if (nf_ct_tuple_equal(tuple, &h->tuple)) {
258 nf_ct_tuple_equal(tuple, &h->tuple)) {
259 NF_CT_STAT_INC(found); 257 NF_CT_STAT_INC(found);
260 return h; 258 return h;
261 } 259 }
@@ -274,7 +272,7 @@ nf_conntrack_find_get(const struct nf_conntrack_tuple *tuple)
274 struct nf_conn *ct; 272 struct nf_conn *ct;
275 273
276 rcu_read_lock(); 274 rcu_read_lock();
277 h = __nf_conntrack_find(tuple, NULL); 275 h = __nf_conntrack_find(tuple);
278 if (h) { 276 if (h) {
279 ct = nf_ct_tuplehash_to_ctrack(h); 277 ct = nf_ct_tuplehash_to_ctrack(h);
280 if (unlikely(!atomic_inc_not_zero(&ct->ct_general.use))) 278 if (unlikely(!atomic_inc_not_zero(&ct->ct_general.use)))
@@ -395,12 +393,22 @@ nf_conntrack_tuple_taken(const struct nf_conntrack_tuple *tuple,
395 const struct nf_conn *ignored_conntrack) 393 const struct nf_conn *ignored_conntrack)
396{ 394{
397 struct nf_conntrack_tuple_hash *h; 395 struct nf_conntrack_tuple_hash *h;
396 struct hlist_node *n;
397 unsigned int hash = hash_conntrack(tuple);
398 398
399 rcu_read_lock(); 399 rcu_read_lock();
400 h = __nf_conntrack_find(tuple, ignored_conntrack); 400 hlist_for_each_entry_rcu(h, n, &nf_conntrack_hash[hash], hnode) {
401 if (nf_ct_tuplehash_to_ctrack(h) != ignored_conntrack &&
402 nf_ct_tuple_equal(tuple, &h->tuple)) {
403 NF_CT_STAT_INC(found);
404 rcu_read_unlock();
405 return 1;
406 }
407 NF_CT_STAT_INC(searched);
408 }
401 rcu_read_unlock(); 409 rcu_read_unlock();
402 410
403 return h != NULL; 411 return 0;
404} 412}
405EXPORT_SYMBOL_GPL(nf_conntrack_tuple_taken); 413EXPORT_SYMBOL_GPL(nf_conntrack_tuple_taken);
406 414
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index b6a8c089a07..bf86fdd89fd 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1222,9 +1222,9 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1222 1222
1223 spin_lock_bh(&nf_conntrack_lock); 1223 spin_lock_bh(&nf_conntrack_lock);
1224 if (cda[CTA_TUPLE_ORIG]) 1224 if (cda[CTA_TUPLE_ORIG])
1225 h = __nf_conntrack_find(&otuple, NULL); 1225 h = __nf_conntrack_find(&otuple);
1226 else if (cda[CTA_TUPLE_REPLY]) 1226 else if (cda[CTA_TUPLE_REPLY])
1227 h = __nf_conntrack_find(&rtuple, NULL); 1227 h = __nf_conntrack_find(&rtuple);
1228 1228
1229 if (h == NULL) { 1229 if (h == NULL) {
1230 struct nf_conntrack_tuple master; 1230 struct nf_conntrack_tuple master;
@@ -1239,7 +1239,7 @@ ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
1239 if (err < 0) 1239 if (err < 0)
1240 goto out_unlock; 1240 goto out_unlock;
1241 1241
1242 master_h = __nf_conntrack_find(&master, NULL); 1242 master_h = __nf_conntrack_find(&master);
1243 if (master_h == NULL) { 1243 if (master_h == NULL) {
1244 err = -ENOENT; 1244 err = -ENOENT;
1245 goto out_unlock; 1245 goto out_unlock;
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c
index f9b59a6753e..3b0111933f6 100644
--- a/net/netfilter/xt_connlimit.c
+++ b/net/netfilter/xt_connlimit.c
@@ -124,7 +124,7 @@ static int count_them(struct xt_connlimit_data *data,
124 124
125 /* check the saved connections */ 125 /* check the saved connections */
126 list_for_each_entry_safe(conn, tmp, hash, list) { 126 list_for_each_entry_safe(conn, tmp, hash, list) {
127 found = __nf_conntrack_find(&conn->tuple, NULL); 127 found = __nf_conntrack_find(&conn->tuple);
128 found_ct = NULL; 128 found_ct = NULL;
129 129
130 if (found != NULL) 130 if (found != NULL)
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-17 20:01:48 -0400