From patchwork Thu May 9 20:52:31 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 242847 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id EE83A2C00F4 for ; Fri, 10 May 2013 06:52:36 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753976Ab3EIUwe (ORCPT ); Thu, 9 May 2013 16:52:34 -0400 Received: from mail-da0-f44.google.com ([209.85.210.44]:48405 "EHLO mail-da0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753383Ab3EIUwe (ORCPT ); Thu, 9 May 2013 16:52:34 -0400 Received: by mail-da0-f44.google.com with SMTP id z8so1811780daj.17 for ; Thu, 09 May 2013 13:52:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:message-id:subject:from:to:cc:date:content-type:x-mailer :content-transfer-encoding:mime-version; bh=vr7WbatO5xjxWeBAm7YDqGD9TMfTfEchemypIjLR3J8=; b=q17/e0FwQux8l22SwTyT4swqpiCLG3aW/ZZgqUhDeGr3+38mf4ZkYZWlLMC/zo2wbO ldrVko/BRgAdiXuU0ipedExTl/18SUe2aezOvit80aMYOb3yO6YfsbMphXAh0RGRHX89 zPSJe8AUOiNfWKRISpfJqHjJFkDZWB+V8NOf0VLh4Ae5ZSDoE+NF25ucYZtz9n5rHs+Y F7ZJtpfJDxTjfDDCShVXCAFSPnp7/QjHxFhV4JqsDwJKjEKdTqNNc7ntbbi7abdj9UgE dNcxQmou1bZFIapXV0ClxHueNTwCTAnfRF6JzQdIhmoodDd/YYU/sakSwLniKf7cy1+e visw== X-Received: by 10.66.250.230 with SMTP id zf6mr14990481pac.153.1368132753726; Thu, 09 May 2013 13:52:33 -0700 (PDT) Received: from ?IPv6:2620:0:1000:3304:71f8:1d95:e6a2:48d9? ([2620:0:1000:3304:71f8:1d95:e6a2:48d9]) by mx.google.com with ESMTPSA id qi1sm4883370pac.21.2013.05.09.13.52.32 for (version=SSLv3 cipher=RC4-SHA bits=128/128); Thu, 09 May 2013 13:52:33 -0700 (PDT) Message-ID: <1368132751.13473.113.camel@edumazet-glaptop> Subject: [PATCH nf-next] netfilter: xt_CT: optimize XT_CT_NOTRACK From: Eric Dumazet To: Pablo Neira Ayuso Cc: netdev , netfilter-devel@vger.kernel.org Date: Thu, 09 May 2013 13:52:31 -0700 X-Mailer: Evolution 3.2.3-0ubuntu6 Mime-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: Eric Dumazet The percpu untracked ct are not currently used for XT_CT_NOTRACK. xt_ct_tg_check()/xt_ct_target() provides a single ct. Thats not optimal as the ct->ct_general.use cache line will bounce among cpus. Use the intended [1] thing : xt_ct_target() should select the percpu object. [1] Refs : commit 5bfddbd46a95c97 ("netfilter: nf_conntrack: IPS_UNTRACKED bit") commit b3c5163fe0193a7 ("netfilter: nf_conntrack: per_cpu untracking") Signed-off-by: Eric Dumazet --- net/netfilter/xt_CT.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c index a60261c..da35ac0 100644 --- a/net/netfilter/xt_CT.c +++ b/net/netfilter/xt_CT.c @@ -26,6 +26,9 @@ static inline int xt_ct_target(struct sk_buff *skb, struct nf_conn *ct) if (skb->nfct != NULL) return XT_CONTINUE; + /* special case the untracked ct : we want the percpu object */ + if (!ct) + ct = nf_ct_untracked_get(); atomic_inc(&ct->ct_general.use); skb->nfct = &ct->ct_general; skb->nfctinfo = IP_CT_NEW; @@ -186,8 +189,7 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par, int ret = -EOPNOTSUPP; if (info->flags & XT_CT_NOTRACK) { - ct = nf_ct_untracked_get(); - atomic_inc(&ct->ct_general.use); + ct = NULL; goto out; } @@ -311,7 +313,7 @@ static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par, struct nf_conn *ct = info->ct; struct nf_conn_help *help; - if (!nf_ct_is_untracked(ct)) { + if (ct && !nf_ct_is_untracked(ct)) { help = nfct_help(ct); if (help) module_put(help->helper->me); @@ -319,8 +321,8 @@ static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par, nf_ct_l3proto_module_put(par->family); xt_ct_destroy_timeout(ct); + nf_ct_put(info->ct); } - nf_ct_put(info->ct); } static void xt_ct_tg_destroy_v0(const struct xt_tgdtor_param *par)