Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 27e7190e authored by Eric Dumazet's avatar Eric Dumazet Committed by Pablo Neira Ayuso
Browse files

netfilter: xt_CT: optimize XT_CT_NOTRACK 



The percpu untracked ct are not currently used for XT_CT_NOTRACK.

xt_ct_tg_check()/xt_ct_target() provides a single ct.

Thats not optimal as the ct->ct_general.use cache line will bounce among
cpus.

Use the intended [1] thing : xt_ct_target() should select the percpu
object.

[1] Refs :
commit 5bfddbd4 ("netfilter: nf_conntrack: IPS_UNTRACKED bit")
commit b3c5163f ("netfilter: nf_conntrack: per_cpu untracking")

Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 88924753

net/netfilter/xt_CT.c

+6 −4
Original line number Diff line number Diff line
@@ -26,6 +26,9 @@ static inline int xt_ct_target(struct sk_buff *skb, struct nf_conn *ct) 
	if (skb->nfct != NULL)

		return XT_CONTINUE;



	/* special case the untracked ct : we want the percpu object */

	if (!ct)

		ct = nf_ct_untracked_get();

	atomic_inc(&ct->ct_general.use);

	skb->nfct = &ct->ct_general;

	skb->nfctinfo = IP_CT_NEW;
@@ -186,8 +189,7 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par, 
	int ret = -EOPNOTSUPP;



	if (info->flags & XT_CT_NOTRACK) {

		ct = nf_ct_untracked_get();

		atomic_inc(&ct->ct_general.use);

		ct = NULL;

		goto out;

	}
@@ -311,7 +313,7 @@ static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par, 
	struct nf_conn *ct = info->ct;

	struct nf_conn_help *help;



	if (!nf_ct_is_untracked(ct)) {

	if (ct && !nf_ct_is_untracked(ct)) {

		help = nfct_help(ct);

		if (help)

			module_put(help->helper->me);
@@ -319,9 +321,9 @@ static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par, 
		nf_ct_l3proto_module_put(par->family);



		xt_ct_destroy_timeout(ct);

	}

		nf_ct_put(info->ct);

	}

}



static void xt_ct_tg_destroy_v0(const struct xt_tgdtor_param *par)

{