[NETFILTER]: reduce netfilter sk_buff enlargement

As discussed at netconf'05, we're trying to save every bit in sk_buff. The patch below makes sk_buff 8 bytes smaller. I did some basic testing on my notebook and it seems to work. The only real in-tree user of nfcache was IPVS, who only needs a single bit. Unfortunately I couldn't find some other free bit in sk_buff to stuff that bit into, so I introduced a separate field for them. Maybe the IPVS guys can resolve that to further save space. Initially I wanted to shrink pkt_type to three bits (PACKET_HOST and alike are only 6 values defined), but unfortunately the bluetooth code overloads pkt_type :( The conntrack-event-api (out-of-tree) uses nfcache, but Rusty just came up with a way how to do it without any skb fields, so it's safe to remove it. - remove all never-implemented 'nfcache' code - don't have ipvs code abuse 'nfcache' field. currently get's their own compile-conditional skb->ipvs_property field. IPVS maintainers can decide to move this bit elswhere, but nfcache needs to die. - remove skb->nfcache field to save 4 bytes - move skb->nfctinfo into three unused bits to save further 4 bytes Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Harald Welte <laforge@netfilter.org> 2005-08-09 22:24:19 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2005-08-29 18:31:04 -0400
commit: 6869c4d8e066e21623c812c448a05f1ed931c9c6 (patch)
tree: ce18efc459e121e3a0b1bf5f85615567cdb30f68 /net/ipv6
parent: bf3a46aa9b96f6eb3a49a568f72a2801c3e830c0 (diff)
4 files changed, 4 insertions, 19 deletions
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index ae652ca14bc9..590d2b797197 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -185,19 +185,6 @@ int ip6_route_me_harder(struct sk_buff *skb)
 }
 #endif
-static inline int ip6_maybe_reroute(struct sk_buff *skb)
-{
-#ifdef CONFIG_NETFILTER
-        if (skb->nfcache & NFC_ALTERED){
-                if (ip6_route_me_harder(skb) != 0){
-                        kfree_skb(skb);
-                        return -EINVAL;
-                }
-        }
-#endif /* CONFIG_NETFILTER */
-        return dst_output(skb);
-}
 /*
 *      xmit an sk_buff (used by TCP)
 */
@@ -266,7 +253,8 @@ int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
        mtu = dst_mtu(dst);
        if ((skb->len <= mtu) || ipfragok) {
                IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
-                return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, ip6_maybe_reroute);
+                return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev,
+                                dst_output);
        }
        if (net_ratelimit())
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index a16df5b27c84..83ccedceed17 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -388,7 +388,6 @@ ipq_mangle_ipv6(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
                return -ENOMEM;
        memcpy(e->skb->data, v->payload, v->data_len);
        e->skb->ip_summed = CHECKSUM_NONE;
-        e->skb->nfcache |= NFC_ALTERED;
        /*
         * Extra routing may needed on local out, as the QUEUE target never
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 73034511c8db..41a67cf6e33a 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -401,7 +401,6 @@ ip6t_do_table(struct sk_buff **pskb,
        do {
                IP_NF_ASSERT(e);
                IP_NF_ASSERT(back);
-                (*pskb)->nfcache |= e->nfcache;
                if (ip6_packet_match(*pskb, indev, outdev, &e->ipv6,
                        &protoff, &offset)) {
                        struct ip6t_entry_target *t;
diff --git a/net/ipv6/netfilter/ip6t_MARK.c b/net/ipv6/netfilter/ip6t_MARK.c
index d09ceb05013a..81924fcc5857 100644
--- a/net/ipv6/netfilter/ip6t_MARK.c
+++ b/net/ipv6/netfilter/ip6t_MARK.c
@@ -28,10 +28,9 @@ target(struct sk_buff **pskb,
 {
        const struct ip6t_mark_target_info *markinfo = targinfo;
-        if((*pskb)->nfmark != markinfo->mark) {
+        if((*pskb)->nfmark != markinfo->mark)
                (*pskb)->nfmark = markinfo->mark;
-                (*pskb)->nfcache |= NFC_ALTERED;
-        }
        return IP6T_CONTINUE;
 }
author	Harald Welte <laforge@netfilter.org>	2005-08-09 22:24:19 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2005-08-29 18:31:04 -0400
commit	6869c4d8e066e21623c812c448a05f1ed931c9c6 (patch)
tree	ce18efc459e121e3a0b1bf5f85615567cdb30f68 /net/ipv6
parent	bf3a46aa9b96f6eb3a49a568f72a2801c3e830c0 (diff)

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index ae652ca14bc9..590d2b797197 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c
@@ -185,19 +185,6 @@ int ip6_route_me_harder(struct sk_buff *skb)
185	}	185	}
186	#endif	186	#endif
187		187
188	static inline int ip6_maybe_reroute(struct sk_buff *skb)
189	{
190	#ifdef CONFIG_NETFILTER
191	if (skb->nfcache & NFC_ALTERED){
192	if (ip6_route_me_harder(skb) != 0){
193	kfree_skb(skb);
194	return -EINVAL;
195	}
196	}
197	#endif /* CONFIG_NETFILTER */
198	return dst_output(skb);
199	}
200
201	/*	188	/*
202	* xmit an sk_buff (used by TCP)	189	* xmit an sk_buff (used by TCP)
203	*/	190	*/
@@ -266,7 +253,8 @@ int ip6_xmit(struct sock sk, struct sk_buff skb, struct flowi *fl,
266	mtu = dst_mtu(dst);	253	mtu = dst_mtu(dst);
267	if ((skb->len <= mtu) \|\| ipfragok) {	254	if ((skb->len <= mtu) \|\| ipfragok) {
268	IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);	255	IP6_INC_STATS(IPSTATS_MIB_OUTREQUESTS);
269	return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, ip6_maybe_reroute);	256	return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev,
		257	dst_output);
270	}	258	}
271		259
272	if (net_ratelimit())	260	if (net_ratelimit())


diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c index a16df5b27c84..83ccedceed17 100644 --- a/net/ipv6/netfilter/ip6_queue.c +++ b/net/ipv6/netfilter/ip6_queue.c
@@ -388,7 +388,6 @@ ipq_mangle_ipv6(ipq_verdict_msg_t v, struct ipq_queue_entry e)
388	return -ENOMEM;	388	return -ENOMEM;
389	memcpy(e->skb->data, v->payload, v->data_len);	389	memcpy(e->skb->data, v->payload, v->data_len);
390	e->skb->ip_summed = CHECKSUM_NONE;	390	e->skb->ip_summed = CHECKSUM_NONE;
391	e->skb->nfcache \|= NFC_ALTERED;
392		391
393	/*	392	/*
394	* Extra routing may needed on local out, as the QUEUE target never	393	* Extra routing may needed on local out, as the QUEUE target never


diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 73034511c8db..41a67cf6e33a 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c
@@ -401,7 +401,6 @@ ip6t_do_table(struct sk_buff **pskb,
401	do {	401	do {
402	IP_NF_ASSERT(e);	402	IP_NF_ASSERT(e);
403	IP_NF_ASSERT(back);	403	IP_NF_ASSERT(back);
404	(*pskb)->nfcache \|= e->nfcache;
405	if (ip6_packet_match(*pskb, indev, outdev, &e->ipv6,	404	if (ip6_packet_match(*pskb, indev, outdev, &e->ipv6,
406	&protoff, &offset)) {	405	&protoff, &offset)) {
407	struct ip6t_entry_target *t;	406	struct ip6t_entry_target *t;


diff --git a/net/ipv6/netfilter/ip6t_MARK.c b/net/ipv6/netfilter/ip6t_MARK.c index d09ceb05013a..81924fcc5857 100644 --- a/net/ipv6/netfilter/ip6t_MARK.c +++ b/net/ipv6/netfilter/ip6t_MARK.c
@@ -28,10 +28,9 @@ target(struct sk_buff **pskb,
28	{	28	{
29	const struct ip6t_mark_target_info *markinfo = targinfo;	29	const struct ip6t_mark_target_info *markinfo = targinfo;
30		30
31	if((*pskb)->nfmark != markinfo->mark) {	31	if((*pskb)->nfmark != markinfo->mark)
32	(*pskb)->nfmark = markinfo->mark;	32	(*pskb)->nfmark = markinfo->mark;
33	(*pskb)->nfcache \|= NFC_ALTERED;	33
34	}
35	return IP6T_CONTINUE;	34	return IP6T_CONTINUE;
36	}	35	}
37		36