aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
Diffstat (limited to 'include/net')
-rw-r--r--include/net/netfilter/nf_conntrack.h11
-rw-r--r--include/net/netfilter/nf_conntrack_core.h2
-rw-r--r--include/net/netfilter/xt_rateest.h10
3 files changed, 16 insertions, 7 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index bbfdd9453087..e624dae54fa4 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -257,7 +257,12 @@ extern s16 (*nf_ct_nat_offset)(const struct nf_conn *ct,
257 u32 seq); 257 u32 seq);
258 258
259/* Fake conntrack entry for untracked connections */ 259/* Fake conntrack entry for untracked connections */
260extern struct nf_conn nf_conntrack_untracked; 260DECLARE_PER_CPU(struct nf_conn, nf_conntrack_untracked);
261static inline struct nf_conn *nf_ct_untracked_get(void)
262{
263 return &__raw_get_cpu_var(nf_conntrack_untracked);
264}
265extern void nf_ct_untracked_status_or(unsigned long bits);
261 266
262/* Iterate over all conntracks: if iter returns true, it's deleted. */ 267/* Iterate over all conntracks: if iter returns true, it's deleted. */
263extern void 268extern void
@@ -285,9 +290,9 @@ static inline int nf_ct_is_dying(struct nf_conn *ct)
285 return test_bit(IPS_DYING_BIT, &ct->status); 290 return test_bit(IPS_DYING_BIT, &ct->status);
286} 291}
287 292
288static inline int nf_ct_is_untracked(const struct sk_buff *skb) 293static inline int nf_ct_is_untracked(const struct nf_conn *ct)
289{ 294{
290 return (skb->nfct == &nf_conntrack_untracked.ct_general); 295 return test_bit(IPS_UNTRACKED_BIT, &ct->status);
291} 296}
292 297
293extern int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp); 298extern int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp);
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index 3d7524fba194..aced085132e7 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -60,7 +60,7 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
60 struct nf_conn *ct = (struct nf_conn *)skb->nfct; 60 struct nf_conn *ct = (struct nf_conn *)skb->nfct;
61 int ret = NF_ACCEPT; 61 int ret = NF_ACCEPT;
62 62
63 if (ct && ct != &nf_conntrack_untracked) { 63 if (ct && !nf_ct_is_untracked(ct)) {
64 if (!nf_ct_is_confirmed(ct)) 64 if (!nf_ct_is_confirmed(ct))
65 ret = __nf_conntrack_confirm(skb); 65 ret = __nf_conntrack_confirm(skb);
66 if (likely(ret == NF_ACCEPT)) 66 if (likely(ret == NF_ACCEPT))
diff --git a/include/net/netfilter/xt_rateest.h b/include/net/netfilter/xt_rateest.h
index 5e1427795928..5a2978d1cb22 100644
--- a/include/net/netfilter/xt_rateest.h
+++ b/include/net/netfilter/xt_rateest.h
@@ -2,13 +2,17 @@
2#define _XT_RATEEST_H 2#define _XT_RATEEST_H
3 3
4struct xt_rateest { 4struct xt_rateest {
5 /* keep lock and bstats on same cache line to speedup xt_rateest_tg() */
6 struct gnet_stats_basic_packed bstats;
7 spinlock_t lock;
8 /* keep rstats and lock on same cache line to speedup xt_rateest_mt() */
9 struct gnet_stats_rate_est rstats;
10
11 /* following fields not accessed in hot path */
5 struct hlist_node list; 12 struct hlist_node list;
6 char name[IFNAMSIZ]; 13 char name[IFNAMSIZ];
7 unsigned int refcnt; 14 unsigned int refcnt;
8 spinlock_t lock;
9 struct gnet_estimator params; 15 struct gnet_estimator params;
10 struct gnet_stats_rate_est rstats;
11 struct gnet_stats_basic_packed bstats;
12 struct rcu_head rcu; 16 struct rcu_head rcu;
13}; 17};
14 18