diff options
author | Harald Welte <laforge@netfilter.org> | 2006-03-20 20:56:32 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-03-20 20:56:32 -0500 |
commit | dc808fe28db59fadf4ec32d53f62477fa28f3be8 (patch) | |
tree | 2d7033e5808a63d7fb1bddc452d1ec0b2f3d381a /include | |
parent | 0d36f37bb1e1cbadca6dc90a840bb2bc9ab51c44 (diff) |
[NETFILTER] nf_conntrack: clean up to reduce size of 'struct nf_conn'
This patch moves all helper related data fields of 'struct nf_conn'
into a separate structure 'struct nf_conn_help'. This new structure
is only present in conntrack entries for which we actually have a
helper loaded.
Also, this patch cleans up the nf_conntrack 'features' mechanism to
resemble what the original idea was: Just glue the feature-specific
data structures at the end of 'struct nf_conn', and explicitly
re-calculate the pointer to it when needed rather than keeping
pointers around.
Saves 20 bytes per conntrack on my x86_64 box. A non-helped conntrack
is 276 bytes. We still need to save another 20 bytes in order to fit
into to target of 256bytes.
Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 56 |
1 files changed, 34 insertions, 22 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 6d075ca16e6e..2743c156caa0 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h | |||
@@ -67,6 +67,18 @@ do { \ | |||
67 | 67 | ||
68 | struct nf_conntrack_helper; | 68 | struct nf_conntrack_helper; |
69 | 69 | ||
70 | /* nf_conn feature for connections that have a helper */ | ||
71 | struct nf_conn_help { | ||
72 | /* Helper. if any */ | ||
73 | struct nf_conntrack_helper *helper; | ||
74 | |||
75 | union nf_conntrack_help help; | ||
76 | |||
77 | /* Current number of expected connections */ | ||
78 | unsigned int expecting; | ||
79 | }; | ||
80 | |||
81 | |||
70 | #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> | 82 | #include <net/netfilter/ipv4/nf_conntrack_ipv4.h> |
71 | struct nf_conn | 83 | struct nf_conn |
72 | { | 84 | { |
@@ -81,6 +93,9 @@ struct nf_conn | |||
81 | /* Have we seen traffic both ways yet? (bitset) */ | 93 | /* Have we seen traffic both ways yet? (bitset) */ |
82 | unsigned long status; | 94 | unsigned long status; |
83 | 95 | ||
96 | /* If we were expected by an expectation, this will be it */ | ||
97 | struct nf_conn *master; | ||
98 | |||
84 | /* Timer function; drops refcnt when it goes off. */ | 99 | /* Timer function; drops refcnt when it goes off. */ |
85 | struct timer_list timeout; | 100 | struct timer_list timeout; |
86 | 101 | ||
@@ -88,38 +103,22 @@ struct nf_conn | |||
88 | /* Accounting Information (same cache line as other written members) */ | 103 | /* Accounting Information (same cache line as other written members) */ |
89 | struct ip_conntrack_counter counters[IP_CT_DIR_MAX]; | 104 | struct ip_conntrack_counter counters[IP_CT_DIR_MAX]; |
90 | #endif | 105 | #endif |
91 | /* If we were expected by an expectation, this will be it */ | ||
92 | struct nf_conn *master; | ||
93 | |||
94 | /* Current number of expected connections */ | ||
95 | unsigned int expecting; | ||
96 | 106 | ||
97 | /* Unique ID that identifies this conntrack*/ | 107 | /* Unique ID that identifies this conntrack*/ |
98 | unsigned int id; | 108 | unsigned int id; |
99 | 109 | ||
100 | /* Helper. if any */ | ||
101 | struct nf_conntrack_helper *helper; | ||
102 | |||
103 | /* features - nat, helper, ... used by allocating system */ | 110 | /* features - nat, helper, ... used by allocating system */ |
104 | u_int32_t features; | 111 | u_int32_t features; |
105 | 112 | ||
106 | /* Storage reserved for other modules: */ | ||
107 | |||
108 | union nf_conntrack_proto proto; | ||
109 | |||
110 | #if defined(CONFIG_NF_CONNTRACK_MARK) | 113 | #if defined(CONFIG_NF_CONNTRACK_MARK) |
111 | u_int32_t mark; | 114 | u_int32_t mark; |
112 | #endif | 115 | #endif |
113 | 116 | ||
114 | /* These members are dynamically allocated. */ | 117 | /* Storage reserved for other modules: */ |
115 | 118 | union nf_conntrack_proto proto; | |
116 | union nf_conntrack_help *help; | ||
117 | 119 | ||
118 | /* Layer 3 dependent members. (ex: NAT) */ | 120 | /* features dynamically at the end: helper, nat (both optional) */ |
119 | union { | 121 | char data[0]; |
120 | struct nf_conntrack_ipv4 *ipv4; | ||
121 | } l3proto; | ||
122 | void *data[0]; | ||
123 | }; | 122 | }; |
124 | 123 | ||
125 | struct nf_conntrack_expect | 124 | struct nf_conntrack_expect |
@@ -373,10 +372,23 @@ nf_conntrack_expect_event(enum ip_conntrack_expect_events event, | |||
373 | #define NF_CT_F_NUM 4 | 372 | #define NF_CT_F_NUM 4 |
374 | 373 | ||
375 | extern int | 374 | extern int |
376 | nf_conntrack_register_cache(u_int32_t features, const char *name, size_t size, | 375 | nf_conntrack_register_cache(u_int32_t features, const char *name, size_t size); |
377 | int (*init_conntrack)(struct nf_conn *, u_int32_t)); | ||
378 | extern void | 376 | extern void |
379 | nf_conntrack_unregister_cache(u_int32_t features); | 377 | nf_conntrack_unregister_cache(u_int32_t features); |
380 | 378 | ||
379 | /* valid combinations: | ||
380 | * basic: nf_conn, nf_conn .. nf_conn_help | ||
381 | * nat: nf_conn .. nf_conn_nat, nf_conn .. nf_conn_nat, nf_conn help | ||
382 | */ | ||
383 | static inline struct nf_conn_help *nfct_help(const struct nf_conn *ct) | ||
384 | { | ||
385 | unsigned int offset = sizeof(struct nf_conn); | ||
386 | |||
387 | if (!(ct->features & NF_CT_F_HELP)) | ||
388 | return NULL; | ||
389 | |||
390 | return (struct nf_conn_help *) ((void *)ct + offset); | ||
391 | } | ||
392 | |||
381 | #endif /* __KERNEL__ */ | 393 | #endif /* __KERNEL__ */ |
382 | #endif /* _NF_CONNTRACK_H */ | 394 | #endif /* _NF_CONNTRACK_H */ |