From: Philip Craig <philipc@snapgear.com>
To: Patrick McHardy <kaber@trash.net>
Cc: davem@davemloft.net, netfilter-devel@vger.kernel.org
Subject: Re: [NETFILTER 42/69]: nf_conntrack: optimize hash_conntrack()
Date: Mon, 28 Apr 2008 18:24:50 +1000 [thread overview]
Message-ID: <481589D2.2050901@snapgear.com> (raw)
In-Reply-To: <20080130201757.29874.54202.sendpatchset@localhost.localdomain>
Patrick McHardy wrote:
> [NETFILTER]: nf_conntrack: optimize hash_conntrack()
>
> Avoid calling jhash three times and hash the entire tuple in one go.
This has broken conntrack on a big endian ARM platform. 'conntrack -L'
shows many unreplied connections all with the same addresses/ports,
instead of just one connection.
It seems the problem is that we are now hashing the padding in struct
nf_conntrack_tuple, which we previously didn't, and this padding isn't
always zeroed, so the hash gives garbage.
Changing NF_CT_TUPLE_U_BLANK() to memset the whole tuple fixes it.
Adding __attribute__ ((packed)) everywhere to remove the padding
didn't seem to fix it, but I don't understand why... maybe I did
something wrong still. This probably isn't a solution anyway since
these structs are used in userspace?
I'm not sure what's special about big-endian or ARM to only affect
this platform. Any ideas?
I can work on this more tomorrow.
Here's the pahole output:
struct nf_conntrack_man {
union nf_inet_addr u3; /* 0 16 */
union nf_conntrack_man_proto u; /* 16 4 */
u_int16_t l3num; /* 20 2 */
/* size: 24, cachelines: 1 */
/* padding: 2 */
/* last cacheline: 24 bytes */
}; /* definitions: 1 */
struct nf_conntrack_tuple {
struct nf_conntrack_man src; /* 0 24 */
/* XXX last struct has 2 bytes of padding */
struct {
union nf_inet_addr u3; /* 24 16 */
union {
__be16 all; /* 2 */
struct {
__be16 port; /* 40 2 */
} tcp; /* 4 */
struct {
__be16 port; /* 40 2 */
} udp; /* 4 */
struct {
u_int8_t type; /* 40 1 */
u_int8_t code; /* 41 1 */
} icmp; /* 4 */
struct {
__be16 port; /* 40 2 */
} sctp; /* 4 */
struct {
__be16 key; /* 40 2 */
} gre; /* 4 */
} u; /* 40 4 */
u_int8_t protonum; /* 44 1 */
u_int8_t dir; /* 45 1 */
} dst; /* 24 24 */
/* XXX last struct has 2 bytes of padding */
/* size: 48, cachelines: 1 */
/* paddings: 2, sum paddings: 4 */
/* last cacheline: 48 bytes */
}; /* definitions: 1 */
>
> __hash_conntrack | -485 # 760 -> 275, # inlines: 3 -> 1, size inlines: 717 -> 252
> 1 function changed, 485 bytes removed
>
> Signed-off-by: Patrick McHardy <kaber@trash.net>
>
> ---
> commit 2f75544ea729329074f86020b4524179cc82c219
> tree e4dc132f189625ad5bd28e043e348f0deb825c47
> parent 18fd2bf273954b4fa527e5d630049f40acc29fca
> author Patrick McHardy <kaber@trash.net> Tue, 29 Jan 2008 16:22:15 +0100
> committer Patrick McHardy <kaber@trash.net> Wed, 30 Jan 2008 21:03:08 +0100
>
> net/netfilter/nf_conntrack_core.c | 18 +++++++++++-------
> 1 files changed, 11 insertions(+), 7 deletions(-)
>
> diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
> index ce4c4ba..24a0863 100644
> --- a/net/netfilter/nf_conntrack_core.c
> +++ b/net/netfilter/nf_conntrack_core.c
> @@ -73,15 +73,19 @@ static unsigned int nf_conntrack_hash_rnd;
> static u_int32_t __hash_conntrack(const struct nf_conntrack_tuple *tuple,
> unsigned int size, unsigned int rnd)
> {
> - unsigned int a, b;
> + unsigned int n;
> + u_int32_t h;
>
> - a = jhash2(tuple->src.u3.all, ARRAY_SIZE(tuple->src.u3.all),
> - (tuple->src.l3num << 16) | tuple->dst.protonum);
> - b = jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all),
> - ((__force __u16)tuple->src.u.all << 16) |
> - (__force __u16)tuple->dst.u.all);
> + /* The direction must be ignored, so we hash everything up to the
> + * destination ports (which is a multiple of 4) and treat the last
> + * three bytes manually.
> + */
> + n = (sizeof(tuple->src) + sizeof(tuple->dst.u3)) / sizeof(u32);
> + h = jhash2((u32 *)tuple, n,
> + rnd ^ (((__force __u16)tuple->dst.u.all << 16) |
> + tuple->dst.protonum));
>
> - return ((u64)jhash_2words(a, b, rnd) * size) >> 32;
> + return ((u64)h * size) >> 32;
> }
>
> static inline u_int32_t hash_conntrack(const struct nf_conntrack_tuple *tuple)
next prev parent reply other threads:[~2008-04-28 8:52 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-30 20:16 [NETFILTER 00/69]: Netfilter Update Patrick McHardy
2008-01-30 20:16 ` [NETFILTER 01/69]: Supress some sparse warnings Patrick McHardy
2008-01-30 20:16 ` [NETFILTER 02/69]: Use const in struct xt_match, xt_target, xt_table Patrick McHardy
2008-01-30 20:16 ` linux/types.h: Use __u64 for aligned_u64 Patrick McHardy
2008-01-30 20:16 ` [NETFILTER 04/69]: nf_nat: remove double bysource hash initialization Patrick McHardy
2008-01-30 20:16 ` [NETFILTER 05/69]: bridge netfilter: remove nf_bridge_info read-only netoutdev member Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 06/69]: nfnetlink_log: fix typo Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 07/69]: xt_conntrack: add port and direction matching Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 08/69]: nf_log: add netfilter gcc printf format checking Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 09/69]: ebtables: remove casts, use consts Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 10/69]: ebtables: Update modules' descriptions Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 11/69]: ebtables: mark matches, targets and watchers __read_mostly Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 12/69]: x_tables: change xt_table_register() return value convention Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 13/69]: x_tables: per-netns xt_tables Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 14/69]: x_tables: return new table from {arp,ip,ip6}t_register_table() Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 15/69]: ip_tables: propagate netns from userspace Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 16/69]: ip_tables: per-netns FILTER, MANGLE, RAW Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 17/69]: ip6_tables: netns preparation Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 18/69]: ip6_tables: per-netns IPv6 FILTER, MANGLE, RAW Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 19/69]: arp_tables: netns preparation Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 20/69]: arp_tables: per-netns arp_tables FILTER Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 21/69]: netns: put table module on netns stop Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 22/69]: xt_TCPMSS: consider reverse route's MTU in clamp-to-pmtu Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 23/69]: xt_owner: allow matching UID/GID ranges Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 24/69]: nf_nat_snmp: sparse warning Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 25/69]: nf_conntrack: sparse warnings Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 26/69]: nfnetlink_log: sparse warning fixes Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 27/69]: conntrack: get rid of sparse warnings Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 28/69]: more sparse fixes Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 29/69]: nf_conntrack_h3223: " Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 30/69]: ipt_recent: fix sparse warnings Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 31/69]: {ip,arp,ip6}_tables: fix sparse warnings in compat code Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 32/69]: nf_conntrack_ipv6: fix sparse warnings Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 33/69]: nf_conntrack_netlink: fix unbalanced locking Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 34/69]: nf_conntrack: fix accounting with fixed timeouts Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 35/69]: nf_conntrack: use RCU for conntrack helpers Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 36/69]: nf_conntrack_core: avoid taking nf_conntrack_lock in nf_conntrack_alter_reply Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 37/69]: nf_conntrack_expect: use RCU for expectation hash Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 38/69]: nf_conntrack: use RCU for conntrack hash Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 39/69]: nf_conntrack: switch rwlock to spinlock Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 40/69]: nf_conntrack: optimize __nf_conntrack_find() Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 41/69]: nf_conntrack: avoid duplicate protocol comparison in nf_ct_tuple_equal() Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 42/69]: nf_conntrack: optimize hash_conntrack() Patrick McHardy
2008-04-28 8:24 ` Philip Craig [this message]
2008-04-28 13:59 ` Patrick McHardy
2008-04-29 4:48 ` Philip Craig
2008-04-29 5:44 ` David Miller
2008-04-29 6:00 ` Philip Craig
2008-04-29 6:14 ` David Miller
2008-04-29 6:50 ` Philip Craig
2008-04-29 6:56 ` David Miller
2008-04-29 7:00 ` Philip Craig
2008-04-29 5:44 ` Philip Craig
2008-04-29 5:54 ` Patrick McHardy
2008-04-29 8:40 ` Philip Craig
2008-04-29 10:20 ` David Miller
2008-04-29 10:22 ` Patrick McHardy
2008-04-29 10:35 ` David Miller
2008-01-30 20:18 ` [NETFILTER 43/69]: nf_conntrack: reorder struct nf_conntrack_l4proto Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 44/69]: nf_conntrack: don't inline early_drop() Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 45/69]: nf_conntrack: naming unification Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 46/69]: nf_nat: use RCU for bysource hash Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 47/69]: nf_nat: switch rwlock to spinlock Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 48/69]: nf_conntrack_h323: clean up code a bit Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 49/69]: nf_conntrack_netlink: transmit mark during all events Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 50/69]: ipt_CLUSTERIP: kill clusterip_config_entry_get Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 51/69]: nf_conntrack: kill unused static inline (do_iter) Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 52/69]: xt_hashlimit match, revision 1 Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 53/69]: x_tables: semi-rewrite of /proc/net/foo_tables_* Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 54/69]: x_tables: netns propagation for /proc/net/*_tables_names Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 55/69]: x_tables: create per-netns /proc/net/*_tables_* Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 56/69]: nf_conntrack_h323: constify and annotate H.323 helper Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 57/69]: nf_{conntrack,nat}_sip: annotate SIP helper with const Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 58/69]: nf_{conntrack,nat}_tftp: annotate TFTP " Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 59/69]: nf_{conntrack,nat}_pptp: annotate PPtP " Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 60/69]: nf_conntrack_sane: annotate SANE " Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 61/69]: nf_{conntrack,nat}_proto_tcp: constify and annotate TCP modules Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 62/69]: nf_{conntrack,nat}_proto_udp{,lite}: annotate with const Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 63/69]: nf_{conntrack,nat}_proto_gre: " Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 64/69]: nf_{conntrack,nat}_icmp: constify and annotate Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 65/69]: nf_conntrack: annotate l3protos with const Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 66/69]: {ip,ip6}_queue: fix build error Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 67/69]: nf_conntrack: fix sparse warning Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 68/69]: nf_nat: " Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 69/69]: xt_iprange: fix sparse warnings Patrick McHardy
2008-01-30 20:20 ` [NETFILTER 00/69]: Netfilter Update Jan Engelhardt
2008-01-30 20:22 ` Patrick McHardy
2008-01-30 20:26 ` Jan Engelhardt
2008-01-30 20:55 ` Jan Engelhardt
2008-01-30 21:27 ` Patrick McHardy
2008-01-30 21:30 ` Jan Engelhardt
2008-01-30 21:31 ` Patrick McHardy
2008-01-30 21:34 ` Patrick McHardy
2008-01-31 0:54 ` David Miller
2008-01-31 12:56 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=481589D2.2050901@snapgear.com \
--to=philipc@snapgear.com \
--cc=davem@davemloft.net \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.