From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@computergmbh.de>
Cc: Netfilter Developer Mailing List <netfilter-devel@vger.kernel.org>
Subject: Re: xt_conntrack structure size
Date: Mon, 18 Feb 2008 16:13:12 +0100 [thread overview]
Message-ID: <47B9A088.4050501@trash.net> (raw)
In-Reply-To: <Pine.LNX.4.64.0802170208520.25183@fbirervta.pbzchgretzou.qr>
Jan Engelhardt wrote:
> talking with SiegeX6 on IRC we found consensus that the struct
> xt_conntrack_mtinfo1 is just too fat -- 88 bytes if I counted right. 64
> of that go away for supporting IPv6 masking, which is plenty. We could
> use a uint8_t CIDR field instead of 'union nf_inet_addr origsrc_mask',
> and use a lookup table:
> static const struct {
> union nf_inet_addr expanded;
> unsigned char contracted;
> } table[] = {
> {IN6_ADDR(0000,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0), 0},
> {IN6_ADDR(8000,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0), 1},
> {IN6_ADDR(c000,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0), 2},
> {IN6_ADDR(e000,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0), 3},
> {IN6_ADDR(f000,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0), 4},
> {IN6_ADDR(f800,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0), 5},
> /* and so on */
> };
> This would cost us 2048 bytes once. Everything that uses IPv6
> CIDR<->mask transformation could use this.
>
> - xt_conntrack: save 60 bytes per struct
>
> - xt_hashlimit: save on some static computation power
> (currently, xt_hashlimit computes the mask from CIDR during
> rule insertion)
>
> - xt_connlimit: save 15 bytes per struct (realistically: 12, due to
> aligned(8) padding)
>
> - xt_policy: save 30 bytes per struct (realistically 24)
>
> - ipt_entry, ip6t_entry: basically, these too, but it would touch
> a non-revisionable structure - can't break it
>
> - probably tons of other code in non-netfilter areas in net/
>
> Are there any objections to having this big table?
Not against the table itself, but I would like to keep the
different revisions to the necessary minimum.
prev parent reply other threads:[~2008-02-18 15:14 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-17 1:23 xt_conntrack structure size Jan Engelhardt
2008-02-18 15:13 ` Patrick McHardy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47B9A088.4050501@trash.net \
--to=kaber@trash.net \
--cc=jengelh@computergmbh.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.