aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2008-10-08 05:35:07 -0400
committerPatrick McHardy <kaber@trash.net>2008-10-08 05:35:07 -0400
commit6058fa6bb96a5b6145cba10c5171f09c2783ca69 (patch)
tree634c499aa2ce0a76133d5543eaebcdc73a58f4da /include
parenta71996fccce4b2086a26036aa3c915365ca36926 (diff)
netfilter: netns nf_conntrack: per-netns event cache
Heh, last minute proof-reading of this patch made me think, that this is actually unneeded, simply because "ct" pointers will be different for different conntracks in different netns, just like they are different in one netns. Not so sure anymore. [Patrick: pointers will be different, flushing can only be done while inactive though and thus it needs to be per netns] Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include')
-rw-r--r--include/net/netfilter/nf_conntrack_ecache.h22
-rw-r--r--include/net/netns/conntrack.h5
2 files changed, 21 insertions, 6 deletions
diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h
index c1b406cecf9b..35f814c1e2ca 100644
--- a/include/net/netfilter/nf_conntrack_ecache.h
+++ b/include/net/netfilter/nf_conntrack_ecache.h
@@ -8,6 +8,7 @@
8 8
9#include <linux/notifier.h> 9#include <linux/notifier.h>
10#include <linux/interrupt.h> 10#include <linux/interrupt.h>
11#include <net/net_namespace.h>
11#include <net/netfilter/nf_conntrack_expect.h> 12#include <net/netfilter/nf_conntrack_expect.h>
12 13
13#ifdef CONFIG_NF_CONNTRACK_EVENTS 14#ifdef CONFIG_NF_CONNTRACK_EVENTS
@@ -15,9 +16,6 @@ struct nf_conntrack_ecache {
15 struct nf_conn *ct; 16 struct nf_conn *ct;
16 unsigned int events; 17 unsigned int events;
17}; 18};
18DECLARE_PER_CPU(struct nf_conntrack_ecache, nf_conntrack_ecache);
19
20#define CONNTRACK_ECACHE(x) (__get_cpu_var(nf_conntrack_ecache).x)
21 19
22extern struct atomic_notifier_head nf_conntrack_chain; 20extern struct atomic_notifier_head nf_conntrack_chain;
23extern int nf_conntrack_register_notifier(struct notifier_block *nb); 21extern int nf_conntrack_register_notifier(struct notifier_block *nb);
@@ -25,15 +23,16 @@ extern int nf_conntrack_unregister_notifier(struct notifier_block *nb);
25 23
26extern void nf_ct_deliver_cached_events(const struct nf_conn *ct); 24extern void nf_ct_deliver_cached_events(const struct nf_conn *ct);
27extern void __nf_ct_event_cache_init(struct nf_conn *ct); 25extern void __nf_ct_event_cache_init(struct nf_conn *ct);
28extern void nf_ct_event_cache_flush(void); 26extern void nf_ct_event_cache_flush(struct net *net);
29 27
30static inline void 28static inline void
31nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct) 29nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct)
32{ 30{
31 struct net *net = nf_ct_net(ct);
33 struct nf_conntrack_ecache *ecache; 32 struct nf_conntrack_ecache *ecache;
34 33
35 local_bh_disable(); 34 local_bh_disable();
36 ecache = &__get_cpu_var(nf_conntrack_ecache); 35 ecache = per_cpu_ptr(net->ct.ecache, raw_smp_processor_id());
37 if (ct != ecache->ct) 36 if (ct != ecache->ct)
38 __nf_ct_event_cache_init(ct); 37 __nf_ct_event_cache_init(ct);
39 ecache->events |= event; 38 ecache->events |= event;
@@ -58,6 +57,9 @@ nf_ct_expect_event(enum ip_conntrack_expect_events event,
58 atomic_notifier_call_chain(&nf_ct_expect_chain, event, exp); 57 atomic_notifier_call_chain(&nf_ct_expect_chain, event, exp);
59} 58}
60 59
60extern int nf_conntrack_ecache_init(struct net *net);
61extern void nf_conntrack_ecache_fini(struct net *net);
62
61#else /* CONFIG_NF_CONNTRACK_EVENTS */ 63#else /* CONFIG_NF_CONNTRACK_EVENTS */
62 64
63static inline void nf_conntrack_event_cache(enum ip_conntrack_events event, 65static inline void nf_conntrack_event_cache(enum ip_conntrack_events event,
@@ -67,7 +69,15 @@ static inline void nf_conntrack_event(enum ip_conntrack_events event,
67static inline void nf_ct_deliver_cached_events(const struct nf_conn *ct) {} 69static inline void nf_ct_deliver_cached_events(const struct nf_conn *ct) {}
68static inline void nf_ct_expect_event(enum ip_conntrack_expect_events event, 70static inline void nf_ct_expect_event(enum ip_conntrack_expect_events event,
69 struct nf_conntrack_expect *exp) {} 71 struct nf_conntrack_expect *exp) {}
70static inline void nf_ct_event_cache_flush(void) {} 72static inline void nf_ct_event_cache_flush(struct net *net) {}
73
74static inline int nf_conntrack_ecache_init(struct net *net)
75{
76 return 0;
77
78static inline void nf_conntrack_ecache_fini(struct net *net)
79{
80}
71#endif /* CONFIG_NF_CONNTRACK_EVENTS */ 81#endif /* CONFIG_NF_CONNTRACK_EVENTS */
72 82
73#endif /*_NF_CONNTRACK_ECACHE_H*/ 83#endif /*_NF_CONNTRACK_ECACHE_H*/
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
index 6ddf58e142a9..9d5c1623c51f 100644
--- a/include/net/netns/conntrack.h
+++ b/include/net/netns/conntrack.h
@@ -4,12 +4,17 @@
4#include <linux/list.h> 4#include <linux/list.h>
5#include <asm/atomic.h> 5#include <asm/atomic.h>
6 6
7struct nf_conntrack_ecache;
8
7struct netns_ct { 9struct netns_ct {
8 atomic_t count; 10 atomic_t count;
9 unsigned int expect_count; 11 unsigned int expect_count;
10 struct hlist_head *hash; 12 struct hlist_head *hash;
11 struct hlist_head *expect_hash; 13 struct hlist_head *expect_hash;
12 struct hlist_head unconfirmed; 14 struct hlist_head unconfirmed;
15#ifdef CONFIG_NF_CONNTRACK_EVENTS
16 struct nf_conntrack_ecache *ecache;
17#endif
13 int hash_vmalloc; 18 int hash_vmalloc;
14 int expect_vmalloc; 19 int expect_vmalloc;
15}; 20};