diff options
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 11 | ||||
-rw-r--r-- | include/net/netfilter/nf_conntrack_core.h | 2 | ||||
-rw-r--r-- | include/net/netfilter/xt_rateest.h | 10 |
3 files changed, 16 insertions, 7 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index bbfdd9453087..e624dae54fa4 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h | |||
@@ -257,7 +257,12 @@ extern s16 (*nf_ct_nat_offset)(const struct nf_conn *ct, | |||
257 | u32 seq); | 257 | u32 seq); |
258 | 258 | ||
259 | /* Fake conntrack entry for untracked connections */ | 259 | /* Fake conntrack entry for untracked connections */ |
260 | extern struct nf_conn nf_conntrack_untracked; | 260 | DECLARE_PER_CPU(struct nf_conn, nf_conntrack_untracked); |
261 | static inline struct nf_conn *nf_ct_untracked_get(void) | ||
262 | { | ||
263 | return &__raw_get_cpu_var(nf_conntrack_untracked); | ||
264 | } | ||
265 | extern void nf_ct_untracked_status_or(unsigned long bits); | ||
261 | 266 | ||
262 | /* Iterate over all conntracks: if iter returns true, it's deleted. */ | 267 | /* Iterate over all conntracks: if iter returns true, it's deleted. */ |
263 | extern void | 268 | extern void |
@@ -285,9 +290,9 @@ static inline int nf_ct_is_dying(struct nf_conn *ct) | |||
285 | return test_bit(IPS_DYING_BIT, &ct->status); | 290 | return test_bit(IPS_DYING_BIT, &ct->status); |
286 | } | 291 | } |
287 | 292 | ||
288 | static inline int nf_ct_is_untracked(const struct sk_buff *skb) | 293 | static inline int nf_ct_is_untracked(const struct nf_conn *ct) |
289 | { | 294 | { |
290 | return (skb->nfct == &nf_conntrack_untracked.ct_general); | 295 | return test_bit(IPS_UNTRACKED_BIT, &ct->status); |
291 | } | 296 | } |
292 | 297 | ||
293 | extern int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp); | 298 | extern int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp); |
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h index 3d7524fba194..aced085132e7 100644 --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h | |||
@@ -60,7 +60,7 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb) | |||
60 | struct nf_conn *ct = (struct nf_conn *)skb->nfct; | 60 | struct nf_conn *ct = (struct nf_conn *)skb->nfct; |
61 | int ret = NF_ACCEPT; | 61 | int ret = NF_ACCEPT; |
62 | 62 | ||
63 | if (ct && ct != &nf_conntrack_untracked) { | 63 | if (ct && !nf_ct_is_untracked(ct)) { |
64 | if (!nf_ct_is_confirmed(ct)) | 64 | if (!nf_ct_is_confirmed(ct)) |
65 | ret = __nf_conntrack_confirm(skb); | 65 | ret = __nf_conntrack_confirm(skb); |
66 | if (likely(ret == NF_ACCEPT)) | 66 | if (likely(ret == NF_ACCEPT)) |
diff --git a/include/net/netfilter/xt_rateest.h b/include/net/netfilter/xt_rateest.h index 5e1427795928..5a2978d1cb22 100644 --- a/include/net/netfilter/xt_rateest.h +++ b/include/net/netfilter/xt_rateest.h | |||
@@ -2,13 +2,17 @@ | |||
2 | #define _XT_RATEEST_H | 2 | #define _XT_RATEEST_H |
3 | 3 | ||
4 | struct xt_rateest { | 4 | struct xt_rateest { |
5 | /* keep lock and bstats on same cache line to speedup xt_rateest_tg() */ | ||
6 | struct gnet_stats_basic_packed bstats; | ||
7 | spinlock_t lock; | ||
8 | /* keep rstats and lock on same cache line to speedup xt_rateest_mt() */ | ||
9 | struct gnet_stats_rate_est rstats; | ||
10 | |||
11 | /* following fields not accessed in hot path */ | ||
5 | struct hlist_node list; | 12 | struct hlist_node list; |
6 | char name[IFNAMSIZ]; | 13 | char name[IFNAMSIZ]; |
7 | unsigned int refcnt; | 14 | unsigned int refcnt; |
8 | spinlock_t lock; | ||
9 | struct gnet_estimator params; | 15 | struct gnet_estimator params; |
10 | struct gnet_stats_rate_est rstats; | ||
11 | struct gnet_stats_basic_packed bstats; | ||
12 | struct rcu_head rcu; | 16 | struct rcu_head rcu; |
13 | }; | 17 | }; |
14 | 18 | ||