Re: patch for conntrack expectations

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira <pablo@eurodev.net>
To: Harald Welte <laforge@netfilter.org>,
	netfilter-devel@lists.netfilter.org
Subject: Re: patch for conntrack expectations
Date: Wed, 18 Feb 2004 06:15:10 +0100	[thread overview]
Message-ID: <4032F4DE.3050402@eurodev.net> (raw)
In-Reply-To: <20040217213217.GF30968@obroa-skai.de.gnumonks.org>

Harald Welte wrote:

>This is indeed a true observation and good suggestion. 
>
>Hoever, I'm not sure whether it would make any measurable difference.
>The expect was allocated on the stack [which is cheap], and now we have
>one additional (inter-module) function call instead of the allocation of
>a couple of bytes on the stack.  I'm not sure which one is really worse.
>  
>
well, sorry because I'm going to be a bit repetitive but this way 
everyone's going to understand my patch clearly.

in some steps:

1) helper function is called
2) a pointer to a ip_conntrack_expect structure is allocated on the stack
3) if the pattern which we are looking for is *not* found
    -> return NF_ACCEPT
4) else
    -> a ip_conntrack_expect structure is allocated in memory
5) all the fields of the expectation are fulfilled
6) helper calls ip_conntrack_expect_related to insert the expectation
but it passes a pointer to a structure allocated in memory.

what's the different between this approach and the current one?

If the pattern which we are looking for is not found, nothing will 
change, we just allocated less memory on the stack but of course this 
doesn't improve the performance, so it's the same.

By other hand, in the current approach if the pattern is found, the 
function ip_conntrack_expect_related does a memcpy of a structure of 116 
bytes (expectation) from the stack to memory. This is not needed anymore 
since with the new approach the helper works with the future expectation 
already allocated in memory.

I also think that this will result in a cleaner API to manage the 
expectations. well, maybe you could also use this to allocate an 
expectation for the connection tracking replication (well... i just 
started talking so much).

>Also, 2.4.x kernel series are heading for a freeze pretty soon.
>  
>
yes it's true

>So if at all, such a patch would be accepted for 2.6.x.  But then I
>would like to ask you to change all the helpers (esp. the ones in
>patch-o-matic-ng), too.
>  
>
I had a look at almost all the helpers which are in patch-o-matic-ng 
(even the pptp helper). I have no problem about modifying them. BTW, the 
documentation should be updated as well if this change is applied.

Pablo

next prev parent reply	other threads:[~2004-02-18  5:15 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <403014C5.8080102@eurodev.net>
2004-02-17 21:32 ` patch for conntrack expectations Harald Welte
2004-02-18  5:15   ` Pablo Neira [this message]
2004-02-18 17:25     ` Harald Welte
2004-02-18 17:37       ` Pablo Neira
2004-02-22 13:40       ` Pablo Neira
2004-02-24  9:40         ` Harald Welte
2004-02-24  9:54           ` Patrick McHardy
2004-02-24 10:24             ` Harald Welte
2004-02-24 16:32               ` Patrick McHardy
2004-02-25 16:45                 ` Pablo Neira
2004-02-25 17:27                   ` Patrick McHardy
2004-02-25 17:59                     ` Patrick McHardy
2004-03-03 23:23                   ` Patrick McHardy
2004-03-03 23:38                     ` Pablo Neira
2004-03-03 23:52                       ` Patrick McHardy
2004-03-03 23:50                     ` Patrick McHardy
2004-03-04  0:12                       ` Pablo Neira
2004-03-04  0:10                     ` Pablo Neira
2004-03-06  0:15                     ` Pablo Neira
2004-03-06  1:07                       ` Patrick McHardy
2004-03-06  1:24                         ` Pablo Neira
2004-03-06  1:37                           ` Patrick McHardy
2004-02-25 16:29           ` Pablo Neira
2004-02-28 11:17           ` Pablo Neira
2004-03-09 17:15           ` Pablo Neira

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4032F4DE.3050402@eurodev.net \
    --to=pablo@eurodev.net \
    --cc=laforge@netfilter.org \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.