netfilter: merge ctinfo into nfct pointer storage area
After this change conntrack operations (lookup, creation, matching from ruleset) only access one instead of two sk_buff cache lines. This works for normal conntracks because those are allocated from a slab that guarantees hw cacheline or 8byte alignment (whatever is larger) so the 3 bits needed for ctinfo won't overlap with nf_conn addresses. Template allocation now does manual address alignment (see previous change) on arches that don't have sufficent kmalloc min alignment. Some spots intentionally use skb->_nfct instead of skb_nfct() helpers, this is to avoid undoing the skb_nfct() use when we remove untracked conntrack object in the future. Signed-off-by:Florian Westphal <fw@strlen.de> Signed-off-by:
Showing
- include/linux/skbuff.h 9 additions, 12 deletionsinclude/linux/skbuff.h
- include/net/netfilter/nf_conntrack.h 6 additions, 5 deletionsinclude/net/netfilter/nf_conntrack.h
- net/ipv6/netfilter/nf_dup_ipv6.c 1 addition, 1 deletionnet/ipv6/netfilter/nf_dup_ipv6.c
- net/netfilter/core.c 1 addition, 1 deletionnet/netfilter/core.c
- net/netfilter/nf_conntrack_core.c 6 additions, 5 deletionsnet/netfilter/nf_conntrack_core.c
- net/netfilter/nf_conntrack_standalone.c 3 additions, 0 deletionsnet/netfilter/nf_conntrack_standalone.c
- net/netfilter/xt_CT.c 2 additions, 2 deletionsnet/netfilter/xt_CT.c
Loading
Please register or sign in to comment