netfilter: nf_conntrack: IPS_UNTRACKED bit

NOTRACK makes all cpus share a cache line on nf_conntrack_untracked twice per packet. This is bad for performance. __read_mostly annotation is also a bad choice. This patch introduces IPS_UNTRACKED bit so that we can use later a per_cpu untrack structure more easily. A new helper, nf_ct_untracked_get() returns a pointer to nf_conntrack_untracked. Another one, nf_ct_untracked_status_or() is used by nf_nat_init() to add IPS_NAT_DONE_MASK bits to untracked status. nf_ct_is_untracked() prototype is changed to work on a nf_conn pointer. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Eric Dumazet <eric.dumazet@gmail.com> 2010-06-08 16:09:52 +0200
committer: Patrick McHardy <kaber@trash.net> 2010-06-08 16:09:52 +0200
commit: 5bfddbd46a95c978f4d3c992339cbdf4f4b790a3 (patch)
tree: 9291ba4e1e3c7bf7ae8b5dfa8271e7127a6a6958 /net/netfilter/xt_socket.c
parent: 339bb99e4a8ba1f8960eed21d50be808b35ad22a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c
index 3d54c236a1ba..1ca89908cbad 100644
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -127,7 +127,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par,
 	 * reply packet of an established SNAT-ted connection. */
 
 	ct = nf_ct_get(skb, &ctinfo);
-	if (ct && (ct != &nf_conntrack_untracked) &&
+	if (ct && !nf_ct_is_untracked(ct) &&
 	    ((iph->protocol != IPPROTO_ICMP &&
 	      ctinfo == IP_CT_IS_REPLY + IP_CT_ESTABLISHED) ||
 	     (iph->protocol == IPPROTO_ICMP &&
author	Eric Dumazet <eric.dumazet@gmail.com>	2010-06-08 16:09:52 +0200
committer	Patrick McHardy <kaber@trash.net>	2010-06-08 16:09:52 +0200
commit	5bfddbd46a95c978f4d3c992339cbdf4f4b790a3 (patch)
tree	9291ba4e1e3c7bf7ae8b5dfa8271e7127a6a6958 /net/netfilter/xt_socket.c
parent	339bb99e4a8ba1f8960eed21d50be808b35ad22a (diff)