aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorEric Dumazet <eric.dumazet@gmail.com>2010-06-08 10:09:52 -0400
committerPatrick McHardy <kaber@trash.net>2010-06-08 10:09:52 -0400
commit5bfddbd46a95c978f4d3c992339cbdf4f4b790a3 (patch)
tree9291ba4e1e3c7bf7ae8b5dfa8271e7127a6a6958 /include/net
parent339bb99e4a8ba1f8960eed21d50be808b35ad22a (diff)
netfilter: nf_conntrack: IPS_UNTRACKED bit
NOTRACK makes all cpus share a cache line on nf_conntrack_untracked twice per packet. This is bad for performance. __read_mostly annotation is also a bad choice. This patch introduces IPS_UNTRACKED bit so that we can use later a per_cpu untrack structure more easily. A new helper, nf_ct_untracked_get() returns a pointer to nf_conntrack_untracked. Another one, nf_ct_untracked_status_or() is used by nf_nat_init() to add IPS_NAT_DONE_MASK bits to untracked status. nf_ct_is_untracked() prototype is changed to work on a nf_conn pointer. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/netfilter/nf_conntrack.h12
-rw-r--r--include/net/netfilter/nf_conntrack_core.h2
2 files changed, 10 insertions, 4 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index bde095f7e845..3bc38c70bbbe 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -261,7 +261,13 @@ extern s16 (*nf_ct_nat_offset)(const struct nf_conn *ct,
261 u32 seq); 261 u32 seq);
262 262
263/* Fake conntrack entry for untracked connections */ 263/* Fake conntrack entry for untracked connections */
264extern struct nf_conn nf_conntrack_untracked; 264static inline struct nf_conn *nf_ct_untracked_get(void)
265{
266 extern struct nf_conn nf_conntrack_untracked;
267
268 return &nf_conntrack_untracked;
269}
270extern void nf_ct_untracked_status_or(unsigned long bits);
265 271
266/* Iterate over all conntracks: if iter returns true, it's deleted. */ 272/* Iterate over all conntracks: if iter returns true, it's deleted. */
267extern void 273extern void
@@ -289,9 +295,9 @@ static inline int nf_ct_is_dying(struct nf_conn *ct)
289 return test_bit(IPS_DYING_BIT, &ct->status); 295 return test_bit(IPS_DYING_BIT, &ct->status);
290} 296}
291 297
292static inline int nf_ct_is_untracked(const struct sk_buff *skb) 298static inline int nf_ct_is_untracked(const struct nf_conn *ct)
293{ 299{
294 return (skb->nfct == &nf_conntrack_untracked.ct_general); 300 return test_bit(IPS_UNTRACKED_BIT, &ct->status);
295} 301}
296 302
297extern int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp); 303extern int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp);
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index 3d7524fba194..aced085132e7 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -60,7 +60,7 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
60 struct nf_conn *ct = (struct nf_conn *)skb->nfct; 60 struct nf_conn *ct = (struct nf_conn *)skb->nfct;
61 int ret = NF_ACCEPT; 61 int ret = NF_ACCEPT;
62 62
63 if (ct && ct != &nf_conntrack_untracked) { 63 if (ct && !nf_ct_is_untracked(ct)) {
64 if (!nf_ct_is_confirmed(ct)) 64 if (!nf_ct_is_confirmed(ct))
65 ret = __nf_conntrack_confirm(skb); 65 ret = __nf_conntrack_confirm(skb);
66 if (likely(ret == NF_ACCEPT)) 66 if (likely(ret == NF_ACCEPT))
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-13 18:11:26 -0500