From patchwork Tue Jul  3 00:33:39 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yi-Hung Wei <yihung.wei@gmail.com>
X-Patchwork-Id: 938289
X-Patchwork-Delegate: pablo@netfilter.org
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netfilter-devel-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="QXUeWn9J"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 41KQDm6Ff0z9s3R
	for <incoming@patchwork.ozlabs.org>;
	Tue,  3 Jul 2018 10:37:12 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752918AbeGCAhM (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Mon, 2 Jul 2018 20:37:12 -0400
Received: from mail-pg0-f67.google.com ([74.125.83.67]:46505 "EHLO
	mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752636AbeGCAhL (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Mon, 2 Jul 2018 20:37:11 -0400
Received: by mail-pg0-f67.google.com with SMTP id q14-v6so103613pgt.13
	for <netfilter-devel@vger.kernel.org>;
	Mon, 02 Jul 2018 17:37:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=+jeNOvsf4bd0eGPO2CllRC2wkukJR4aXBPjBejA01xs=;
	b=QXUeWn9JX6nulRm5vosQojmEKs4yHSzPM2mnqu2CLgm8HLGAbZo+2jfOk88TClwIaB
	/nFAzBwFsZLwFIYMnSGvV5X6fycJeSzGAD93HcgyVN0WIeE/7ay4OyboB8krsRtUFFrn
	nbph1di1g47NL8QtKld5atoOE1icq1oB9hoQkierjrcdmXeU5/GXQF6LqdLYhvNz1HSM
	7yVbhuSRVR6lUSTjIADK6miWc/Anp1C+0IKnXudhpLD9/psSWRrLXvYy6V2LmJutIKlD
	KYbAcB/+RIJDSe9lme4aTauTsfwRQLDQD6ga2t/+Wan0zc5gwaa6+LO9nUMHHAFgZuP8
	j8Sg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=+jeNOvsf4bd0eGPO2CllRC2wkukJR4aXBPjBejA01xs=;
	b=o9gPJyKTIlYyez+N8k3HI47V519n5DEZh5S8qMgYN5NCVFBcIJgY6sB8q84CqmjtmT
	pRlYcczKdj/s5p+VFSAAOpz0dg+9OKTdUC2tkCowKJviFVEKb8wNx/2Yr4XTjHeGLPTX
	hJ95nFHSdnYWHfW6H4Fe8wDFuV+9HmEuzMK81gEciph4eaSv1mrDy6fCOG1Ai3AelD+J
	gioz7tI4A6bRVZIy53jTucCbQmPKmv53XNw825C0qKqe1jUrsHs0U86jAFYIOZjZaYfX
	9OJMtRqBn087adhbZ4Lk8bYEjYGPJ/gs/IlR4OcyNyjxB55PRr8uTF7mpOP1sv7eCU7W
	zOiQ==
X-Gm-Message-State: APt69E1bqcqhU0IK71ahibHZyJU+YZzJYRU6DpNgSJV3kPqGo6PEqqaI
	lwLex7EMz3FwAS/V+9tzct/f38Oq
X-Google-Smtp-Source: 
 AAOMgpeoIEtPN28hrMfLM9JedFtHEKOjHWKCj/hKmcoVUE4hkC9gb4WPxFzMJMVKQm3Pv7xGcAEzPw==
X-Received: by 2002:aa7:8713:: with SMTP id
	b19-v6mr19545208pfo.151.1530578230349;
	Mon, 02 Jul 2018 17:37:10 -0700 (PDT)
Received: from Husky.eng.vmware.com ([66.170.99.1])
	by smtp.gmail.com with ESMTPSA id
	r81-v6sm22537209pfb.104.2018.07.02.17.37.08
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 02 Jul 2018 17:37:08 -0700 (PDT)
From: Yi-Hung Wei <yihung.wei@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: Yi-Hung Wei <yihung.wei@gmail.com>, Florian Westphal <fw@strlen.de>
Subject: [PATCH nf-next 1/6] netfilter: nf_conncount: Early exit for garbage
	collection
Date: Mon,  2 Jul 2018 17:33:39 -0700
Message-Id: <1530578024-6559-2-git-send-email-yihung.wei@gmail.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1530578024-6559-1-git-send-email-yihung.wei@gmail.com>
References: <1530578024-6559-1-git-send-email-yihung.wei@gmail.com>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

This patch is originally from Florian Westphal.

We use an extra function with early exit for garbage collection.
It is not necessary to traverse the full list for every node since
it is enough to zap a couple of entries for garbage collection.

Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/netfilter/nf_conncount.c | 39 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 37 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nf_conncount.c b/net/netfilter/nf_conncount.c
index 510039862aa9..81c02185b2e8 100644
--- a/net/netfilter/nf_conncount.c
+++ b/net/netfilter/nf_conncount.c
@@ -189,6 +189,42 @@ unsigned int nf_conncount_lookup(struct net *net, struct hlist_head *head,
 }
 EXPORT_SYMBOL_GPL(nf_conncount_lookup);
 
+static void nf_conncount_gc_list(struct net *net,
+				 struct nf_conncount_rb *rbconn)
+{
+	const struct nf_conntrack_tuple_hash *found;
+	struct nf_conncount_tuple *conn;
+	struct hlist_node *n;
+	struct nf_conn *found_ct;
+	unsigned int collected = 0;
+
+	hlist_for_each_entry_safe(conn, n, &rbconn->hhead, node) {
+		found = find_or_evict(net, conn);
+		if (IS_ERR(found)) {
+			if (PTR_ERR(found) == -ENOENT)
+				collected++;
+			continue;
+		}
+
+		found_ct = nf_ct_tuplehash_to_ctrack(found);
+		if (already_closed(found_ct)) {
+			/*
+			 * we do not care about connections which are
+			 * closed already -> ditch it
+			 */
+			nf_ct_put(found_ct);
+			hlist_del(&conn->node);
+			kmem_cache_free(conncount_conn_cachep, conn);
+			collected++;
+			continue;
+		}
+
+		nf_ct_put(found_ct);
+		if (collected > CONNCOUNT_GC_MAX_NODES)
+			return;
+	}
+}
+
 static void tree_nodes_free(struct rb_root *root,
 			    struct nf_conncount_rb *gc_nodes[],
 			    unsigned int gc_count)
@@ -251,8 +287,7 @@ count_tree(struct net *net, struct rb_root *root,
 		if (no_gc || gc_count >= ARRAY_SIZE(gc_nodes))
 			continue;
 
-		/* only used for GC on hhead, retval and 'addit' ignored */
-		nf_conncount_lookup(net, &rbconn->hhead, tuple, zone, &addit);
+		nf_conncount_gc_list(net, rbconn);
 		if (hlist_empty(&rbconn->hhead))
 			gc_nodes[gc_count++] = rbconn;
 	}