From patchwork Wed May 22 21:10:57 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Dumazet <eric.dumazet@gmail.com>
X-Patchwork-Id: 245718
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id A462D2C0089
	for <incoming@patchwork.ozlabs.org>;
	Thu, 23 May 2013 07:11:04 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753338Ab3EVVLB (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Wed, 22 May 2013 17:11:01 -0400
Received: from mail-oa0-f49.google.com ([209.85.219.49]:64793 "EHLO
	mail-oa0-f49.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751457Ab3EVVLA (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Wed, 22 May 2013 17:11:00 -0400
Received: by mail-oa0-f49.google.com with SMTP id k14so3461697oag.36
	for <multiple recipients>; Wed, 22 May 2013 14:11:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=message-id:subject:from:to:cc:date:in-reply-to:references
	:content-type:x-mailer:content-transfer-encoding:mime-version;
	bh=tdcxGL1r2X9siKC9UdynSbae3NB7iSmWiExu1ibrsxQ=;
	b=z3Z/0+FNSC3/WVSjY8svjRTV1Zepmq+3Eh6FXLW7tjHdEsXU6F7rT7uF5tIphcHvDx
	XlFFPSSR5n5kzhmBaZUfM1cBU5GyJyuQrkc+ckXAPm+GCaChJOUNjWOFQKBXcvYXNwZs
	FPuO01Pm5ppJhtpySVmNOk6mYGPbuIV49/I4ygXRYjte2PydnM7bvvQAHqxsd9FBZ9kJ
	ZeVbxCASJ/BPapSWw16RA6NcQkkJLH5jCzr7j1doMOcW0lEDt+KwIsJnWTV+Gpbgu85y
	AlOEBg3XLxME8jC4ddSH1vBUStByIP1WyTSE4zJpcvaFQLSiNTh8V1m3TEp9+2JIgLg3
	y4gg==
X-Received: by 10.60.79.198 with SMTP id l6mr6216018oex.47.1369257059904;
	Wed, 22 May 2013 14:10:59 -0700 (PDT)
Received: from ?IPv6:2620:0:1000:3304:1109:dda6:46f3:f394?
	([2620:0:1000:3304:1109:dda6:46f3:f394])
	by mx.google.com with ESMTPSA id q4sm9327073obl.1.2013.05.22.14.10.58
	for <multiple recipients>
	(version=SSLv3 cipher=RC4-SHA bits=128/128);
	Wed, 22 May 2013 14:10:59 -0700 (PDT)
Message-ID: <1369257057.3301.367.camel@edumazet-glaptop>
Subject: [PATCH resend nf-next] netfilter: xt_CT: optimize XT_CT_NOTRACK
From: Eric Dumazet <eric.dumazet@gmail.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netdev <netdev@vger.kernel.org>, netfilter-devel@vger.kernel.org
Date: Wed, 22 May 2013 14:10:57 -0700
In-Reply-To: <1368132751.13473.113.camel@edumazet-glaptop>
References: <1368132751.13473.113.camel@edumazet-glaptop>
X-Mailer: Evolution 3.2.3-0ubuntu6 
Mime-Version: 1.0
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

From: Eric Dumazet <edumazet@google.com>

The percpu untracked ct are not currently used for XT_CT_NOTRACK.

xt_ct_tg_check()/xt_ct_target() provides a single ct.

Thats not optimal as the ct->ct_general.use cache line will bounce among
cpus.

Use the intended [1] thing : xt_ct_target() should select the percpu
object.

[1] Refs :
commit 5bfddbd46a95c97 ("netfilter: nf_conntrack: IPS_UNTRACKED bit")
commit b3c5163fe0193a7 ("netfilter: nf_conntrack: per_cpu untracking")

Signed-off-by: Eric Dumazet <edumazet@google.com>
---
Sent Thu, 2013-05-09, this is a resend only, no changes

 net/netfilter/xt_CT.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)



--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index a60261c..da35ac0 100644
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -26,6 +26,9 @@ static inline int xt_ct_target(struct sk_buff *skb, struct nf_conn *ct)
 	if (skb->nfct != NULL)
 		return XT_CONTINUE;
 
+	/* special case the untracked ct : we want the percpu object */
+	if (!ct)
+		ct = nf_ct_untracked_get();
 	atomic_inc(&ct->ct_general.use);
 	skb->nfct = &ct->ct_general;
 	skb->nfctinfo = IP_CT_NEW;
@@ -186,8 +189,7 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par,
 	int ret = -EOPNOTSUPP;
 
 	if (info->flags & XT_CT_NOTRACK) {
-		ct = nf_ct_untracked_get();
-		atomic_inc(&ct->ct_general.use);
+		ct = NULL;
 		goto out;
 	}
 
@@ -311,7 +313,7 @@ static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par,
 	struct nf_conn *ct = info->ct;
 	struct nf_conn_help *help;
 
-	if (!nf_ct_is_untracked(ct)) {
+	if (ct && !nf_ct_is_untracked(ct)) {
 		help = nfct_help(ct);
 		if (help)
 			module_put(help->helper->me);
@@ -319,8 +321,8 @@ static void xt_ct_tg_destroy(const struct xt_tgdtor_param *par,
 		nf_ct_l3proto_module_put(par->family);
 
 		xt_ct_destroy_timeout(ct);
+		nf_ct_put(info->ct);
 	}
-	nf_ct_put(info->ct);
 }
 
 static void xt_ct_tg_destroy_v0(const struct xt_tgdtor_param *par)