diff options
author | Harald Welte <laforge@netfilter.org> | 2005-08-09 22:24:19 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2005-08-29 18:31:04 -0400 |
commit | 6869c4d8e066e21623c812c448a05f1ed931c9c6 (patch) | |
tree | ce18efc459e121e3a0b1bf5f85615567cdb30f68 /include | |
parent | bf3a46aa9b96f6eb3a49a568f72a2801c3e830c0 (diff) |
[NETFILTER]: reduce netfilter sk_buff enlargement
As discussed at netconf'05, we're trying to save every bit in sk_buff.
The patch below makes sk_buff 8 bytes smaller. I did some basic
testing on my notebook and it seems to work.
The only real in-tree user of nfcache was IPVS, who only needs a
single bit. Unfortunately I couldn't find some other free bit in
sk_buff to stuff that bit into, so I introduced a separate field for
them. Maybe the IPVS guys can resolve that to further save space.
Initially I wanted to shrink pkt_type to three bits (PACKET_HOST and
alike are only 6 values defined), but unfortunately the bluetooth code
overloads pkt_type :(
The conntrack-event-api (out-of-tree) uses nfcache, but Rusty just
came up with a way how to do it without any skb fields, so it's safe
to remove it.
- remove all never-implemented 'nfcache' code
- don't have ipvs code abuse 'nfcache' field. currently get's their own
compile-conditional skb->ipvs_property field. IPVS maintainers can
decide to move this bit elswhere, but nfcache needs to die.
- remove skb->nfcache field to save 4 bytes
- move skb->nfctinfo into three unused bits to save further 4 bytes
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netfilter.h | 3 | ||||
-rw-r--r-- | include/linux/netfilter_decnet.h | 3 | ||||
-rw-r--r-- | include/linux/netfilter_ipv4.h | 3 | ||||
-rw-r--r-- | include/linux/netfilter_ipv6.h | 3 | ||||
-rw-r--r-- | include/linux/skbuff.h | 10 |
5 files changed, 17 insertions, 5 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 2e2045482cb1..ec60856408fd 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h | |||
@@ -21,10 +21,13 @@ | |||
21 | #define NF_STOP 5 | 21 | #define NF_STOP 5 |
22 | #define NF_MAX_VERDICT NF_STOP | 22 | #define NF_MAX_VERDICT NF_STOP |
23 | 23 | ||
24 | /* only for userspace compatibility */ | ||
25 | #ifndef __KERNEL__ | ||
24 | /* Generic cache responses from hook functions. | 26 | /* Generic cache responses from hook functions. |
25 | <= 0x2000 is used for protocol-flags. */ | 27 | <= 0x2000 is used for protocol-flags. */ |
26 | #define NFC_UNKNOWN 0x4000 | 28 | #define NFC_UNKNOWN 0x4000 |
27 | #define NFC_ALTERED 0x8000 | 29 | #define NFC_ALTERED 0x8000 |
30 | #endif | ||
28 | 31 | ||
29 | #ifdef __KERNEL__ | 32 | #ifdef __KERNEL__ |
30 | #include <linux/config.h> | 33 | #include <linux/config.h> |
diff --git a/include/linux/netfilter_decnet.h b/include/linux/netfilter_decnet.h index 3064eec9cb8e..018979484150 100644 --- a/include/linux/netfilter_decnet.h +++ b/include/linux/netfilter_decnet.h | |||
@@ -9,6 +9,8 @@ | |||
9 | 9 | ||
10 | #include <linux/netfilter.h> | 10 | #include <linux/netfilter.h> |
11 | 11 | ||
12 | /* only for userspace compatibility */ | ||
13 | #ifndef __KERNEL__ | ||
12 | /* IP Cache bits. */ | 14 | /* IP Cache bits. */ |
13 | /* Src IP address. */ | 15 | /* Src IP address. */ |
14 | #define NFC_DN_SRC 0x0001 | 16 | #define NFC_DN_SRC 0x0001 |
@@ -18,6 +20,7 @@ | |||
18 | #define NFC_DN_IF_IN 0x0004 | 20 | #define NFC_DN_IF_IN 0x0004 |
19 | /* Output device. */ | 21 | /* Output device. */ |
20 | #define NFC_DN_IF_OUT 0x0008 | 22 | #define NFC_DN_IF_OUT 0x0008 |
23 | #endif /* ! __KERNEL__ */ | ||
21 | 24 | ||
22 | /* DECnet Hooks */ | 25 | /* DECnet Hooks */ |
23 | /* After promisc drops, checksum checks. */ | 26 | /* After promisc drops, checksum checks. */ |
diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h index 3ebc36afae1a..552815b8193e 100644 --- a/include/linux/netfilter_ipv4.h +++ b/include/linux/netfilter_ipv4.h | |||
@@ -8,6 +8,8 @@ | |||
8 | #include <linux/config.h> | 8 | #include <linux/config.h> |
9 | #include <linux/netfilter.h> | 9 | #include <linux/netfilter.h> |
10 | 10 | ||
11 | /* only for userspace compatibility */ | ||
12 | #ifndef __KERNEL__ | ||
11 | /* IP Cache bits. */ | 13 | /* IP Cache bits. */ |
12 | /* Src IP address. */ | 14 | /* Src IP address. */ |
13 | #define NFC_IP_SRC 0x0001 | 15 | #define NFC_IP_SRC 0x0001 |
@@ -35,6 +37,7 @@ | |||
35 | #define NFC_IP_DST_PT 0x0400 | 37 | #define NFC_IP_DST_PT 0x0400 |
36 | /* Something else about the proto */ | 38 | /* Something else about the proto */ |
37 | #define NFC_IP_PROTO_UNKNOWN 0x2000 | 39 | #define NFC_IP_PROTO_UNKNOWN 0x2000 |
40 | #endif /* ! __KERNEL__ */ | ||
38 | 41 | ||
39 | /* IP Hooks */ | 42 | /* IP Hooks */ |
40 | /* After promisc drops, checksum checks. */ | 43 | /* After promisc drops, checksum checks. */ |
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h index bee7a5ec7c66..20c069a5e4ac 100644 --- a/include/linux/netfilter_ipv6.h +++ b/include/linux/netfilter_ipv6.h | |||
@@ -10,6 +10,8 @@ | |||
10 | 10 | ||
11 | #include <linux/netfilter.h> | 11 | #include <linux/netfilter.h> |
12 | 12 | ||
13 | /* only for userspace compatibility */ | ||
14 | #ifndef __KERNEL__ | ||
13 | /* IP Cache bits. */ | 15 | /* IP Cache bits. */ |
14 | /* Src IP address. */ | 16 | /* Src IP address. */ |
15 | #define NFC_IP6_SRC 0x0001 | 17 | #define NFC_IP6_SRC 0x0001 |
@@ -38,6 +40,7 @@ | |||
38 | #define NFC_IP6_DST_PT 0x0400 | 40 | #define NFC_IP6_DST_PT 0x0400 |
39 | /* Something else about the proto */ | 41 | /* Something else about the proto */ |
40 | #define NFC_IP6_PROTO_UNKNOWN 0x2000 | 42 | #define NFC_IP6_PROTO_UNKNOWN 0x2000 |
43 | #endif /* ! __KERNEL__ */ | ||
41 | 44 | ||
42 | 45 | ||
43 | /* IP6 Hooks */ | 46 | /* IP6 Hooks */ |
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 2e40f4c9f7a6..4b929c3c1a98 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h | |||
@@ -190,7 +190,6 @@ struct skb_shared_info { | |||
190 | * @end: End pointer | 190 | * @end: End pointer |
191 | * @destructor: Destruct function | 191 | * @destructor: Destruct function |
192 | * @nfmark: Can be used for communication between hooks | 192 | * @nfmark: Can be used for communication between hooks |
193 | * @nfcache: Cache info | ||
194 | * @nfct: Associated connection, if any | 193 | * @nfct: Associated connection, if any |
195 | * @nfctinfo: Relationship of this skb to the connection | 194 | * @nfctinfo: Relationship of this skb to the connection |
196 | * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c | 195 | * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c |
@@ -252,17 +251,18 @@ struct sk_buff { | |||
252 | __u8 local_df:1, | 251 | __u8 local_df:1, |
253 | cloned:1, | 252 | cloned:1, |
254 | ip_summed:2, | 253 | ip_summed:2, |
255 | nohdr:1; | 254 | nohdr:1, |
256 | /* 3 bits spare */ | 255 | nfctinfo:3; |
257 | __u8 pkt_type; | 256 | __u8 pkt_type; |
258 | __be16 protocol; | 257 | __be16 protocol; |
259 | 258 | ||
260 | void (*destructor)(struct sk_buff *skb); | 259 | void (*destructor)(struct sk_buff *skb); |
261 | #ifdef CONFIG_NETFILTER | 260 | #ifdef CONFIG_NETFILTER |
262 | __u32 nfmark; | 261 | __u32 nfmark; |
263 | __u32 nfcache; | ||
264 | __u32 nfctinfo; | ||
265 | struct nf_conntrack *nfct; | 262 | struct nf_conntrack *nfct; |
263 | #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE) | ||
264 | __u8 ipvs_property:1; | ||
265 | #endif | ||
266 | #ifdef CONFIG_BRIDGE_NETFILTER | 266 | #ifdef CONFIG_BRIDGE_NETFILTER |
267 | struct nf_bridge_info *nf_bridge; | 267 | struct nf_bridge_info *nf_bridge; |
268 | #endif | 268 | #endif |