aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-07-08 01:28:14 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-07-11 01:17:40 -0400
commitf205c5e0c28aa7e0fb6eaaa66e97928f9d9e6994 (patch)
tree7ad04d827c5c2d24ac804346d95853ebceab0bfd /include
parent8e5105a0c36a059dfd0f0bb9e73ee7c97d306247 (diff)
[NETFILTER]: nf_conntrack: use hlists for conntrack hash
Convert conntrack hash to hlists to reduce its size and cache footprint. Since the default hashsize to max. entries ratio sucks (1:16), this patch doesn't reduce the amount of memory used for the hash by default, but instead uses a better ratio of 1:8, which results in the same max. entries value. One thing worth noting is early_drop. It really should use LRU, so it now has to iterate over the entire chain to find the last unconfirmed entry. Since chains shouldn't be very long and the entire operation is very rare this shouldn't be a problem. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r--include/net/netfilter/nf_conntrack_core.h4
-rw-r--r--include/net/netfilter/nf_conntrack_tuple.h3
2 files changed, 3 insertions, 4 deletions
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index 3bf7d05ea64d..6351948654b3 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -84,9 +84,9 @@ print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple,
84 struct nf_conntrack_l3proto *l3proto, 84 struct nf_conntrack_l3proto *l3proto,
85 struct nf_conntrack_l4proto *proto); 85 struct nf_conntrack_l4proto *proto);
86 86
87extern struct list_head *nf_conntrack_hash; 87extern struct hlist_head *nf_conntrack_hash;
88extern struct list_head nf_conntrack_expect_list; 88extern struct list_head nf_conntrack_expect_list;
89extern rwlock_t nf_conntrack_lock ; 89extern rwlock_t nf_conntrack_lock ;
90extern struct list_head unconfirmed; 90extern struct hlist_head unconfirmed;
91 91
92#endif /* _NF_CONNTRACK_CORE_H */ 92#endif /* _NF_CONNTRACK_CORE_H */
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index 5d72b16e876f..d02ce876b4ca 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -125,8 +125,7 @@ DEBUGP("tuple %p: %u %u " NIP6_FMT " %hu -> " NIP6_FMT " %hu\n", \
125/* Connections have two entries in the hash table: one for each way */ 125/* Connections have two entries in the hash table: one for each way */
126struct nf_conntrack_tuple_hash 126struct nf_conntrack_tuple_hash
127{ 127{
128 struct list_head list; 128 struct hlist_node hnode;
129
130 struct nf_conntrack_tuple tuple; 129 struct nf_conntrack_tuple tuple;
131}; 130};
132 131