diff options
author | Florian Westphal <fw@strlen.de> | 2017-01-23 18:21:59 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-02-02 14:31:56 +0100 |
commit | a9e419dc7be6997409dca6d1b9daf3cc7046902f (patch) | |
tree | ff33b9a6415926bc627d1ad6e49eece8ef417b43 /net/netfilter/xt_CT.c | |
parent | 303223092081963513494b4377fa1ac9e362ed4b (diff) | |
download | linux-a9e419dc7be6997409dca6d1b9daf3cc7046902f.tar.gz linux-a9e419dc7be6997409dca6d1b9daf3cc7046902f.tar.bz2 linux-a9e419dc7be6997409dca6d1b9daf3cc7046902f.zip |
netfilter: merge ctinfo into nfct pointer storage area
After this change conntrack operations (lookup, creation, matching from
ruleset) only access one instead of two sk_buff cache lines.
This works for normal conntracks because those are allocated from a slab
that guarantees hw cacheline or 8byte alignment (whatever is larger)
so the 3 bits needed for ctinfo won't overlap with nf_conn addresses.
Template allocation now does manual address alignment (see previous change)
on arches that don't have sufficent kmalloc min alignment.
Some spots intentionally use skb->_nfct instead of skb_nfct() helpers,
this is to avoid undoing the skb_nfct() use when we remove untracked
conntrack object in the future.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/xt_CT.c')
-rw-r--r-- | net/netfilter/xt_CT.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c index 51f00e1e1208..b008db0184b8 100644 --- a/net/netfilter/xt_CT.c +++ b/net/netfilter/xt_CT.c @@ -23,7 +23,7 @@ static inline int xt_ct_target(struct sk_buff *skb, struct nf_conn *ct) { /* Previously seen (loopback)? Ignore. */ - if (skb->nfct != NULL) + if (skb->_nfct != 0) return XT_CONTINUE; /* special case the untracked ct : we want the percpu object */ @@ -409,7 +409,7 @@ static unsigned int notrack_tg(struct sk_buff *skb, const struct xt_action_param *par) { /* Previously seen (loopback)? Ignore. */ - if (skb->nfct != NULL) + if (skb->_nfct != 0) return XT_CONTINUE; nf_ct_set(skb, nf_ct_untracked_get(), IP_CT_NEW); |