p71924506
/
linux_old1
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

netfilter: conntrack: use single slab cache 

An earlier patch changed lookup side to also net_eq() namespaces after
obtaining a reference on the conntrack, so a single kmemcache can be used.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2016-05-09 16:24:32 +02:00 committed by Pablo Neira Ayuso
parent a76ae1c855
commit 0c5366b3a8
2 changed files with 14 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/net/netns/conntrack.h
View File

@ -84,7 +84,6 @@ struct netns_ct {
struct ctl_table_header *event_sysctl_header; struct ctl_table_header *event_sysctl_header;
struct ctl_table_header *helper_sysctl_header; struct ctl_table_header *helper_sysctl_header;
#endif #endif
char *slabname;
unsigned int sysctl_log_invalid; /* Log invalid packets */ unsigned int sysctl_log_invalid; /* Log invalid packets */
int sysctl_events; int sysctl_events;
int sysctl_acct; int sysctl_acct;
@ -93,7 +92,6 @@ struct netns_ct {
int sysctl_tstamp; int sysctl_tstamp;
int sysctl_checksum; int sysctl_checksum;
struct kmem_cache *nf_conntrack_cachep;
struct ct_pcpu __percpu *pcpu_lists; struct ct_pcpu __percpu *pcpu_lists;
struct ip_conntrack_stat __percpu *stat; struct ip_conntrack_stat __percpu *stat;
struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb; struct nf_ct_event_notifier __rcu *nf_conntrack_event_cb;

36
net/netfilter/nf_conntrack_core.c
View File

@ -72,6 +72,7 @@ EXPORT_SYMBOL_GPL(nf_conntrack_expect_lock);
struct hlist_nulls_head *nf_conntrack_hash __read_mostly; struct hlist_nulls_head *nf_conntrack_hash __read_mostly;
EXPORT_SYMBOL_GPL(nf_conntrack_hash); EXPORT_SYMBOL_GPL(nf_conntrack_hash);
static __read_mostly struct kmem_cache *nf_conntrack_cachep;
static __read_mostly spinlock_t nf_conntrack_locks_all_lock; static __read_mostly spinlock_t nf_conntrack_locks_all_lock;
static __read_mostly seqcount_t nf_conntrack_generation; static __read_mostly seqcount_t nf_conntrack_generation;
static __read_mostly bool nf_conntrack_locks_all; static __read_mostly bool nf_conntrack_locks_all;
@ -910,7 +911,7 @@ __nf_conntrack_alloc(struct net *net,
* Do not use kmem_cache_zalloc(), as this cache uses * Do not use kmem_cache_zalloc(), as this cache uses
* SLAB_DESTROY_BY_RCU. * SLAB_DESTROY_BY_RCU.
*/ */
ct = kmem_cache_alloc(net->ct.nf_conntrack_cachep, gfp); ct = kmem_cache_alloc(nf_conntrack_cachep, gfp);
if (ct == NULL) if (ct == NULL)
goto out; goto out;
@ -937,7 +938,7 @@ __nf_conntrack_alloc(struct net *net,
atomic_set(&ct->ct_general.use, 0); atomic_set(&ct->ct_general.use, 0);
return ct; return ct;
out_free: out_free:
kmem_cache_free(net->ct.nf_conntrack_cachep, ct); kmem_cache_free(nf_conntrack_cachep, ct);
out: out:
atomic_dec(&net->ct.count); atomic_dec(&net->ct.count);
return ERR_PTR(-ENOMEM); return ERR_PTR(-ENOMEM);
@ -964,7 +965,7 @@ void nf_conntrack_free(struct nf_conn *ct)
nf_ct_ext_destroy(ct); nf_ct_ext_destroy(ct);
nf_ct_ext_free(ct); nf_ct_ext_free(ct);
kmem_cache_free(net->ct.nf_conntrack_cachep, ct); kmem_cache_free(nf_conntrack_cachep, ct);
smp_mb__before_atomic(); smp_mb__before_atomic();
atomic_dec(&net->ct.count); atomic_dec(&net->ct.count);
} }
@ -1587,8 +1588,6 @@ void nf_conntrack_cleanup_net_list(struct list_head *net_exit_list)
nf_conntrack_tstamp_pernet_fini(net); nf_conntrack_tstamp_pernet_fini(net);
nf_conntrack_acct_pernet_fini(net); nf_conntrack_acct_pernet_fini(net);
nf_conntrack_expect_pernet_fini(net); nf_conntrack_expect_pernet_fini(net);
kmem_cache_destroy(net->ct.nf_conntrack_cachep);
kfree(net->ct.slabname);
free_percpu(net->ct.stat); free_percpu(net->ct.stat);
free_percpu(net->ct.pcpu_lists); free_percpu(net->ct.pcpu_lists);
} }
@ -1693,7 +1692,8 @@ EXPORT_SYMBOL_GPL(nf_ct_untracked_status_or);
int nf_conntrack_init_start(void) int nf_conntrack_init_start(void)
{ {
int max_factor = 8; int max_factor = 8;
int i, ret, cpu; int ret = -ENOMEM;
int i, cpu;
seqcount_init(&nf_conntrack_generation); seqcount_init(&nf_conntrack_generation);
@ -1729,6 +1729,12 @@ int nf_conntrack_init_start(void)
nf_conntrack_max = max_factor * nf_conntrack_htable_size; nf_conntrack_max = max_factor * nf_conntrack_htable_size;
nf_conntrack_cachep = kmem_cache_create("nf_conntrack",
sizeof(struct nf_conn), 0,
SLAB_DESTROY_BY_RCU, NULL);
if (!nf_conntrack_cachep)
goto err_cachep;
printk(KERN_INFO "nf_conntrack version %s (%u buckets, %d max)\n", printk(KERN_INFO "nf_conntrack version %s (%u buckets, %d max)\n",
NF_CONNTRACK_VERSION, nf_conntrack_htable_size, NF_CONNTRACK_VERSION, nf_conntrack_htable_size,
nf_conntrack_max); nf_conntrack_max);
@ -1805,6 +1811,8 @@ int nf_conntrack_init_start(void)
err_acct: err_acct:
nf_conntrack_expect_fini(); nf_conntrack_expect_fini();
err_expect: err_expect:
kmem_cache_destroy(nf_conntrack_cachep);
err_cachep:
nf_ct_free_hashtable(nf_conntrack_hash, nf_conntrack_htable_size); nf_ct_free_hashtable(nf_conntrack_hash, nf_conntrack_htable_size);
return ret; return ret;
} }
@ -1846,18 +1854,6 @@ int nf_conntrack_init_net(struct net *net)
if (!net->ct.stat) if (!net->ct.stat)
goto err_pcpu_lists; goto err_pcpu_lists;
net->ct.slabname = kasprintf(GFP_KERNEL, "nf_conntrack_%p", net);
if (!net->ct.slabname)
goto err_slabname;
net->ct.nf_conntrack_cachep = kmem_cache_create(net->ct.slabname,
sizeof(struct nf_conn), 0,
SLAB_DESTROY_BY_RCU, NULL);
if (!net->ct.nf_conntrack_cachep) {
printk(KERN_ERR "Unable to create nf_conn slab cache\n");
goto err_cache;
}
ret = nf_conntrack_expect_pernet_init(net); ret = nf_conntrack_expect_pernet_init(net);
if (ret < 0) if (ret < 0)
goto err_expect; goto err_expect;
@ -1889,10 +1885,6 @@ int nf_conntrack_init_net(struct net *net)
err_acct: err_acct:
nf_conntrack_expect_pernet_fini(net); nf_conntrack_expect_pernet_fini(net);
err_expect: err_expect:
kmem_cache_destroy(net->ct.nf_conntrack_cachep);
err_cache:
kfree(net->ct.slabname);
err_slabname:
free_percpu(net->ct.stat); free_percpu(net->ct.stat);
err_pcpu_lists: err_pcpu_lists:
free_percpu(net->ct.pcpu_lists); free_percpu(net->ct.pcpu_lists);