netfilter: nf_conntrack: IPS_UNTRACKED bit

NOTRACK makes all cpus share a cache line on nf_conntrack_untracked twice per packet. This is bad for performance. __read_mostly annotation is also a bad choice. This patch introduces IPS_UNTRACKED bit so that we can use later a per_cpu untrack structure more easily. A new helper, nf_ct_untracked_get() returns a pointer to nf_conntrack_untracked. Another one, nf_ct_untracked_status_or() is used by nf_nat_init() to add IPS_NAT_DONE_MASK bits to untracked status. nf_ct_is_untracked() prototype is changed to work on a nf_conn pointer. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Eric Dumazet <eric.dumazet@gmail.com> 2010-06-08 10:09:52 -0400
committer: Patrick McHardy <kaber@trash.net> 2010-06-08 10:09:52 -0400
commit: 5bfddbd46a95c978f4d3c992339cbdf4f4b790a3 (patch)
tree: 9291ba4e1e3c7bf7ae8b5dfa8271e7127a6a6958 /net/ipv4
parent: 339bb99e4a8ba1f8960eed21d50be808b35ad22a (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 4f8bddb760c9..c7719b283ada 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -742,7 +742,7 @@ static int __init nf_nat_init(void)
        spin_unlock_bh(&nf_nat_lock);
        /* Initialize fake conntrack so that NAT will skip it */
-        nf_conntrack_untracked.status |= IPS_NAT_DONE_MASK;
+        nf_ct_untracked_status_or(IPS_NAT_DONE_MASK);
        l3proto = nf_ct_l3proto_find_get((u_int16_t)AF_INET);
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index beb25819c9c9..6723c682250d 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -98,7 +98,7 @@ nf_nat_fn(unsigned int hooknum,
                return NF_ACCEPT;
        /* Don't try to NAT if this packet is not conntracked */
-        if (ct == &nf_conntrack_untracked)
+        if (nf_ct_is_untracked(ct))
                return NF_ACCEPT;
        nat = nfct_nat(ct);
author	Eric Dumazet <eric.dumazet@gmail.com>	2010-06-08 10:09:52 -0400
committer	Patrick McHardy <kaber@trash.net>	2010-06-08 10:09:52 -0400
commit	5bfddbd46a95c978f4d3c992339cbdf4f4b790a3 (patch)
tree	9291ba4e1e3c7bf7ae8b5dfa8271e7127a6a6958 /net/ipv4
parent	339bb99e4a8ba1f8960eed21d50be808b35ad22a (diff)

diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index 4f8bddb760c9..c7719b283ada 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -742,7 +742,7 @@ static int __init nf_nat_init(void)
742	spin_unlock_bh(&nf_nat_lock);	742	spin_unlock_bh(&nf_nat_lock);
743		743
744	/* Initialize fake conntrack so that NAT will skip it */	744	/* Initialize fake conntrack so that NAT will skip it */
745	nf_conntrack_untracked.status \|= IPS_NAT_DONE_MASK;	745	nf_ct_untracked_status_or(IPS_NAT_DONE_MASK);
746		746
747	l3proto = nf_ct_l3proto_find_get((u_int16_t)AF_INET);	747	l3proto = nf_ct_l3proto_find_get((u_int16_t)AF_INET);
748		748


diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index beb25819c9c9..6723c682250d 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -98,7 +98,7 @@ nf_nat_fn(unsigned int hooknum,
98	return NF_ACCEPT;	98	return NF_ACCEPT;
99		99
100	/* Don't try to NAT if this packet is not conntracked */	100	/* Don't try to NAT if this packet is not conntracked */
101	if (ct == &nf_conntrack_untracked)	101	if (nf_ct_is_untracked(ct))
102	return NF_ACCEPT;	102	return NF_ACCEPT;
103		103
104	nat = nfct_nat(ct);	104	nat = nfct_nat(ct);