diff options
| author | Harald Welte <laforge@netfilter.org> | 2005-08-09 22:24:19 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2005-08-29 18:31:04 -0400 |
| commit | 6869c4d8e066e21623c812c448a05f1ed931c9c6 (patch) | |
| tree | ce18efc459e121e3a0b1bf5f85615567cdb30f68 /include/linux | |
| parent | bf3a46aa9b96f6eb3a49a568f72a2801c3e830c0 (diff) | |
[NETFILTER]: reduce netfilter sk_buff enlargement
As discussed at netconf'05, we're trying to save every bit in sk_buff.
The patch below makes sk_buff 8 bytes smaller. I did some basic
testing on my notebook and it seems to work.
The only real in-tree user of nfcache was IPVS, who only needs a
single bit. Unfortunately I couldn't find some other free bit in
sk_buff to stuff that bit into, so I introduced a separate field for
them. Maybe the IPVS guys can resolve that to further save space.
Initially I wanted to shrink pkt_type to three bits (PACKET_HOST and
alike are only 6 values defined), but unfortunately the bluetooth code
overloads pkt_type :(
The conntrack-event-api (out-of-tree) uses nfcache, but Rusty just
came up with a way how to do it without any skb fields, so it's safe
to remove it.
- remove all never-implemented 'nfcache' code
- don't have ipvs code abuse 'nfcache' field. currently get's their own
compile-conditional skb->ipvs_property field. IPVS maintainers can
decide to move this bit elswhere, but nfcache needs to die.
- remove skb->nfcache field to save 4 bytes
- move skb->nfctinfo into three unused bits to save further 4 bytes
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/netfilter.h | 3 | ||||
| -rw-r--r-- | include/linux/netfilter_decnet.h | 3 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4.h | 3 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv6.h | 3 | ||||
| -rw-r--r-- | include/linux/skbuff.h | 10 |
5 files changed, 17 insertions, 5 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 2e2045482cb1..ec60856408fd 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h | |||
| @@ -21,10 +21,13 @@ | |||
| 21 | #define NF_STOP 5 | 21 | #define NF_STOP 5 |
| 22 | #define NF_MAX_VERDICT NF_STOP | 22 | #define NF_MAX_VERDICT NF_STOP |
| 23 | 23 | ||
| 24 | /* only for userspace compatibility */ | ||
| 25 | #ifndef __KERNEL__ | ||
| 24 | /* Generic cache responses from hook functions. | 26 | /* Generic cache responses from hook functions. |
| 25 | <= 0x2000 is used for protocol-flags. */ | 27 | <= 0x2000 is used for protocol-flags. */ |
| 26 | #define NFC_UNKNOWN 0x4000 | 28 | #define NFC_UNKNOWN 0x4000 |
| 27 | #define NFC_ALTERED 0x8000 | 29 | #define NFC_ALTERED 0x8000 |
| 30 | #endif | ||
| 28 | 31 | ||
| 29 | #ifdef __KERNEL__ | 32 | #ifdef __KERNEL__ |
| 30 | #include <linux/config.h> | 33 | #include <linux/config.h> |
diff --git a/include/linux/netfilter_decnet.h b/include/linux/netfilter_decnet.h index 3064eec9cb8e..018979484150 100644 --- a/include/linux/netfilter_decnet.h +++ b/include/linux/netfilter_decnet.h | |||
| @@ -9,6 +9,8 @@ | |||
| 9 | 9 | ||
| 10 | #include <linux/netfilter.h> | 10 | #include <linux/netfilter.h> |
| 11 | 11 | ||
| 12 | /* only for userspace compatibility */ | ||
| 13 | #ifndef __KERNEL__ | ||
| 12 | /* IP Cache bits. */ | 14 | /* IP Cache bits. */ |
| 13 | /* Src IP address. */ | 15 | /* Src IP address. */ |
| 14 | #define NFC_DN_SRC 0x0001 | 16 | #define NFC_DN_SRC 0x0001 |
| @@ -18,6 +20,7 @@ | |||
| 18 | #define NFC_DN_IF_IN 0x0004 | 20 | #define NFC_DN_IF_IN 0x0004 |
| 19 | /* Output device. */ | 21 | /* Output device. */ |
| 20 | #define NFC_DN_IF_OUT 0x0008 | 22 | #define NFC_DN_IF_OUT 0x0008 |
| 23 | #endif /* ! __KERNEL__ */ | ||
| 21 | 24 | ||
| 22 | /* DECnet Hooks */ | 25 | /* DECnet Hooks */ |
| 23 | /* After promisc drops, checksum checks. */ | 26 | /* After promisc drops, checksum checks. */ |
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h index 3ebc36afae1a..552815b8193e 100644 --- a/include/linux/netfilter_ipv4.h +++ b/include/linux/netfilter_ipv4.h | |||
| @@ -8,6 +8,8 @@ | |||
| 8 | #include <linux/config.h> | 8 | #include <linux/config.h> |
| 9 | #include <linux/netfilter.h> | 9 | #include <linux/netfilter.h> |
| 10 | 10 | ||
| 11 | /* only for userspace compatibility */ | ||
| 12 | #ifndef __KERNEL__ | ||
| 11 | /* IP Cache bits. */ | 13 | /* IP Cache bits. */ |
| 12 | /* Src IP address. */ | 14 | /* Src IP address. */ |
| 13 | #define NFC_IP_SRC 0x0001 | 15 | #define NFC_IP_SRC 0x0001 |
| @@ -35,6 +37,7 @@ | |||
| 35 | #define NFC_IP_DST_PT 0x0400 | 37 | #define NFC_IP_DST_PT 0x0400 |
| 36 | /* Something else about the proto */ | 38 | /* Something else about the proto */ |
| 37 | #define NFC_IP_PROTO_UNKNOWN 0x2000 | 39 | #define NFC_IP_PROTO_UNKNOWN 0x2000 |
| 40 | #endif /* ! __KERNEL__ */ | ||
| 38 | 41 | ||
| 39 | /* IP Hooks */ | 42 | /* IP Hooks */ |
| 40 | /* After promisc drops, checksum checks. */ | 43 | /* After promisc drops, checksum checks. */ |
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h index bee7a5ec7c66..20c069a5e4ac 100644 --- a/include/linux/netfilter_ipv6.h +++ b/include/linux/netfilter_ipv6.h | |||
| @@ -10,6 +10,8 @@ | |||
| 10 | 10 | ||
| 11 | #include <linux/netfilter.h> | 11 | #include <linux/netfilter.h> |
| 12 | 12 | ||
| 13 | /* only for userspace compatibility */ | ||
| 14 | #ifndef __KERNEL__ | ||
| 13 | /* IP Cache bits. */ | 15 | /* IP Cache bits. */ |
| 14 | /* Src IP address. */ | 16 | /* Src IP address. */ |
| 15 | #define NFC_IP6_SRC 0x0001 | 17 | #define NFC_IP6_SRC 0x0001 |
| @@ -38,6 +40,7 @@ | |||
| 38 | #define NFC_IP6_DST_PT 0x0400 | 40 | #define NFC_IP6_DST_PT 0x0400 |
| 39 | /* Something else about the proto */ | 41 | /* Something else about the proto */ |
| 40 | #define NFC_IP6_PROTO_UNKNOWN 0x2000 | 42 | #define NFC_IP6_PROTO_UNKNOWN 0x2000 |
| 43 | #endif /* ! __KERNEL__ */ | ||
| 41 | 44 | ||
| 42 | 45 | ||
| 43 | /* IP6 Hooks */ | 46 | /* IP6 Hooks */ |
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 2e40f4c9f7a6..4b929c3c1a98 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h | |||
| @@ -190,7 +190,6 @@ struct skb_shared_info { | |||
| 190 | * @end: End pointer | 190 | * @end: End pointer |
| 191 | * @destructor: Destruct function | 191 | * @destructor: Destruct function |
| 192 | * @nfmark: Can be used for communication between hooks | 192 | * @nfmark: Can be used for communication between hooks |
| 193 | * @nfcache: Cache info | ||
| 194 | * @nfct: Associated connection, if any | 193 | * @nfct: Associated connection, if any |
| 195 | * @nfctinfo: Relationship of this skb to the connection | 194 | * @nfctinfo: Relationship of this skb to the connection |
| 196 | * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c | 195 | * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c |
| @@ -252,17 +251,18 @@ struct sk_buff { | |||
| 252 | __u8 local_df:1, | 251 | __u8 local_df:1, |
| 253 | cloned:1, | 252 | cloned:1, |
| 254 | ip_summed:2, | 253 | ip_summed:2, |
| 255 | nohdr:1; | 254 | nohdr:1, |
| 256 | /* 3 bits spare */ | 255 | nfctinfo:3; |
| 257 | __u8 pkt_type; | 256 | __u8 pkt_type; |
| 258 | __be16 protocol; | 257 | __be16 protocol; |
| 259 | 258 | ||
| 260 | void (*destructor)(struct sk_buff *skb); | 259 | void (*destructor)(struct sk_buff *skb); |
| 261 | #ifdef CONFIG_NETFILTER | 260 | #ifdef CONFIG_NETFILTER |
| 262 | __u32 nfmark; | 261 | __u32 nfmark; |
| 263 | __u32 nfcache; | ||
| 264 | __u32 nfctinfo; | ||
| 265 | struct nf_conntrack *nfct; | 262 | struct nf_conntrack *nfct; |
| 263 | #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE) | ||
| 264 | __u8 ipvs_property:1; | ||
| 265 | #endif | ||
| 266 | #ifdef CONFIG_BRIDGE_NETFILTER | 266 | #ifdef CONFIG_BRIDGE_NETFILTER |
| 267 | struct nf_bridge_info *nf_bridge; | 267 | struct nf_bridge_info *nf_bridge; |
| 268 | #endif | 268 | #endif |