diff options
author | Florian Westphal <fw@strlen.de> | 2016-06-11 21:57:35 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-06-23 13:33:12 +0200 |
commit | 6c8dee9842461e6ee6eb46081478999b3d5cb297 (patch) | |
tree | b0af2a1bb788e50d041d300bd14eef78f3429d48 /include/net/netfilter/nf_conntrack.h | |
parent | 7e53e7f8ca24e01292d114373f35b2999301d879 (diff) | |
download | linux-6c8dee9842461e6ee6eb46081478999b3d5cb297.tar.gz linux-6c8dee9842461e6ee6eb46081478999b3d5cb297.tar.bz2 linux-6c8dee9842461e6ee6eb46081478999b3d5cb297.zip |
netfilter: move zone info into struct nf_conn
Curently we store zone information as a conntrack extension.
This has one drawback: for every lookup we need to fetch the zone data
from the extension area.
This change place the zone data directly into the main conntrack object
structure and then removes the zone conntrack extension.
The zone data is just 4 bytes, it fits into a padding hole before
the tuplehash info, so we do not even increase the nf_conn structure size.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net/netfilter/nf_conntrack.h')
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index dd78bea227c8..9c0ed3d7af89 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h @@ -85,6 +85,9 @@ struct nf_conn { spinlock_t lock; u16 cpu; +#ifdef CONFIG_NF_CONNTRACK_ZONES + struct nf_conntrack_zone zone; +#endif /* XXX should I move this to the tail ? - Y.K */ /* These are my tuples; original and reply */ struct nf_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX]; |