diff options
| author | Eric Dumazet <dada1@cosmosbay.com> | 2009-03-25 16:05:46 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2009-03-25 16:05:46 -0400 |
| commit | ea781f197d6a835cbb93a0bf88ee1696296ed8aa (patch) | |
| tree | 820fe7df1199d8bb6c793e664e480ea56ecf612e /include/net | |
| parent | 1f9352ae2253a97b07b34dcf16ffa3b4ca12c558 (diff) | |
netfilter: nf_conntrack: use SLAB_DESTROY_BY_RCU and get rid of call_rcu()
Use "hlist_nulls" infrastructure we added in 2.6.29 for RCUification of UDP & TCP.
This permits an easy conversion from call_rcu() based hash lists to a
SLAB_DESTROY_BY_RCU one.
Avoiding call_rcu() delay at nf_conn freeing time has numerous gains.
First, it doesnt fill RCU queues (up to 10000 elements per cpu).
This reduces OOM possibility, if queued elements are not taken into account
This reduces latency problems when RCU queue size hits hilimit and triggers
emergency mode.
- It allows fast reuse of just freed elements, permitting better use of
CPU cache.
- We delete rcu_head from "struct nf_conn", shrinking size of this structure
by 8 or 16 bytes.
This patch only takes care of "struct nf_conn".
call_rcu() is still used for less critical conntrack parts, that may
be converted later if necessary.
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/netfilter/nf_conntrack.h | 14 | ||||
| -rw-r--r-- | include/net/netfilter/nf_conntrack_tuple.h | 6 | ||||
| -rw-r--r-- | include/net/netns/conntrack.h | 5 |
3 files changed, 14 insertions, 11 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 4dfb793c3f15..6c3f964de9e1 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h | |||
| @@ -91,8 +91,7 @@ struct nf_conn_help { | |||
| 91 | #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> | 91 | #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> |
| 92 | #include <net/netfilter/ipv6/nf_conntrack_ipv6.h> | 92 | #include <net/netfilter/ipv6/nf_conntrack_ipv6.h> |
| 93 | 93 | ||
| 94 | struct nf_conn | 94 | struct nf_conn { |
| 95 | { | ||
| 96 | /* Usage count in here is 1 for hash table/destruct timer, 1 per skb, | 95 | /* Usage count in here is 1 for hash table/destruct timer, 1 per skb, |
| 97 | plus 1 for any connection(s) we are `master' for */ | 96 | plus 1 for any connection(s) we are `master' for */ |
| 98 | struct nf_conntrack ct_general; | 97 | struct nf_conntrack ct_general; |
| @@ -126,7 +125,6 @@ struct nf_conn | |||
| 126 | #ifdef CONFIG_NET_NS | 125 | #ifdef CONFIG_NET_NS |
| 127 | struct net *ct_net; | 126 | struct net *ct_net; |
| 128 | #endif | 127 | #endif |
| 129 | struct rcu_head rcu; | ||
| 130 | }; | 128 | }; |
| 131 | 129 | ||
| 132 | static inline struct nf_conn * | 130 | static inline struct nf_conn * |
| @@ -190,9 +188,13 @@ static inline void nf_ct_put(struct nf_conn *ct) | |||
| 190 | extern int nf_ct_l3proto_try_module_get(unsigned short l3proto); | 188 | extern int nf_ct_l3proto_try_module_get(unsigned short l3proto); |
| 191 | extern void nf_ct_l3proto_module_put(unsigned short l3proto); | 189 | extern void nf_ct_l3proto_module_put(unsigned short l3proto); |
| 192 | 190 | ||
| 193 | extern struct hlist_head *nf_ct_alloc_hashtable(unsigned int *sizep, int *vmalloced); | 191 | /* |
| 194 | extern void nf_ct_free_hashtable(struct hlist_head *hash, int vmalloced, | 192 | * Allocate a hashtable of hlist_head (if nulls == 0), |
| 195 | unsigned int size); | 193 | * or hlist_nulls_head (if nulls == 1) |
| 194 | */ | ||
| 195 | extern void *nf_ct_alloc_hashtable(unsigned int *sizep, int *vmalloced, int nulls); | ||
| 196 | |||
| 197 | extern void nf_ct_free_hashtable(void *hash, int vmalloced, unsigned int size); | ||
| 196 | 198 | ||
| 197 | extern struct nf_conntrack_tuple_hash * | 199 | extern struct nf_conntrack_tuple_hash * |
| 198 | __nf_conntrack_find(struct net *net, const struct nf_conntrack_tuple *tuple); | 200 | __nf_conntrack_find(struct net *net, const struct nf_conntrack_tuple *tuple); |
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h index f2f6aa73dc10..2628c154d40e 100644 --- a/include/net/netfilter/nf_conntrack_tuple.h +++ b/include/net/netfilter/nf_conntrack_tuple.h | |||
| @@ -12,6 +12,7 @@ | |||
| 12 | 12 | ||
| 13 | #include <linux/netfilter/x_tables.h> | 13 | #include <linux/netfilter/x_tables.h> |
| 14 | #include <linux/netfilter/nf_conntrack_tuple_common.h> | 14 | #include <linux/netfilter/nf_conntrack_tuple_common.h> |
| 15 | #include <linux/list_nulls.h> | ||
| 15 | 16 | ||
| 16 | /* A `tuple' is a structure containing the information to uniquely | 17 | /* A `tuple' is a structure containing the information to uniquely |
| 17 | identify a connection. ie. if two packets have the same tuple, they | 18 | identify a connection. ie. if two packets have the same tuple, they |
| @@ -146,9 +147,8 @@ static inline void nf_ct_dump_tuple(const struct nf_conntrack_tuple *t) | |||
| 146 | ((enum ip_conntrack_dir)(h)->tuple.dst.dir) | 147 | ((enum ip_conntrack_dir)(h)->tuple.dst.dir) |
| 147 | 148 | ||
| 148 | /* Connections have two entries in the hash table: one for each way */ | 149 | /* Connections have two entries in the hash table: one for each way */ |
| 149 | struct nf_conntrack_tuple_hash | 150 | struct nf_conntrack_tuple_hash { |
| 150 | { | 151 | struct hlist_nulls_node hnnode; |
| 151 | struct hlist_node hnode; | ||
| 152 | struct nf_conntrack_tuple tuple; | 152 | struct nf_conntrack_tuple tuple; |
| 153 | }; | 153 | }; |
| 154 | 154 | ||
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h index f4498a62881b..9dc58402bc09 100644 --- a/include/net/netns/conntrack.h +++ b/include/net/netns/conntrack.h | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | #define __NETNS_CONNTRACK_H | 2 | #define __NETNS_CONNTRACK_H |
| 3 | 3 | ||
| 4 | #include <linux/list.h> | 4 | #include <linux/list.h> |
| 5 | #include <linux/list_nulls.h> | ||
| 5 | #include <asm/atomic.h> | 6 | #include <asm/atomic.h> |
| 6 | 7 | ||
| 7 | struct ctl_table_header; | 8 | struct ctl_table_header; |
| @@ -10,9 +11,9 @@ struct nf_conntrack_ecache; | |||
| 10 | struct netns_ct { | 11 | struct netns_ct { |
| 11 | atomic_t count; | 12 | atomic_t count; |
| 12 | unsigned int expect_count; | 13 | unsigned int expect_count; |
| 13 | struct hlist_head *hash; | 14 | struct hlist_nulls_head *hash; |
| 14 | struct hlist_head *expect_hash; | 15 | struct hlist_head *expect_hash; |
| 15 | struct hlist_head unconfirmed; | 16 | struct hlist_nulls_head unconfirmed; |
| 16 | struct ip_conntrack_stat *stat; | 17 | struct ip_conntrack_stat *stat; |
| 17 | #ifdef CONFIG_NF_CONNTRACK_EVENTS | 18 | #ifdef CONFIG_NF_CONNTRACK_EVENTS |
| 18 | struct nf_conntrack_ecache *ecache; | 19 | struct nf_conntrack_ecache *ecache; |