From: KOVACS Krisztian <hidden@sch.bme.hu>
To: Arnaldo Carvalho de Melo <acme@redhat.com>,
KOVACS Krisztian <hidden@sch.bme.hu>,
David Miller <davem@davemloft.net>,
kaber@trash.net, netdev@vger.kernel.org,
netfilter-devel@vger.kernel.org
Subject: Re: [net-next PATCH 10/16] Don't lookup the socket if there's a socket attached to the skb
Date: Fri, 03 Oct 2008 10:57:48 +0200 [thread overview]
Message-ID: <1223024268.8912.2.camel@este> (raw)
In-Reply-To: <20081002170935.GE17843@ghostprotocols.net>
Hi,
On cs, okt 02, 2008 at 02:09:35 -0300, Arnaldo Carvalho de Melo wrote:
> Em Thu, Oct 02, 2008 at 05:43:20PM +0200, KOVACS Krisztian escreveu:
> > Hi,
> >
> > On Wed, 2008-10-01 at 08:51 -0700, David Miller wrote:
> > > From: KOVACS Krisztian <hidden@sch.bme.hu>
> > > Date: Wed, 01 Oct 2008 17:38:20 +0200
> > >
> > > > The problem is that if you include the if() test then you have to
> > > > include the lookup call as well and that's different for TCP/UDP.
> > >
> > > No, I only mean to make a helper for this construct:
> > >
> > > if (unlikely(skb->sk)) {
> > > ...
> > > }
> > >
> > > so, something like:
> > >
> > > static inline struct sock *sock_skb_steal(struct sk_buff *skb)
> > > {
> > > if (unlikely(skb->sk)) {
> > > struct sock *sk = skb->sk;
> > >
> > > skb->destructor = NULL;
> > > skb->sk = NULL;
> > > return sk;
> > > }
> > > return NULL;
> > > }
> > >
> > > and then also get rid of the ifdefs at the place where
> > > these calls are made (TCP and UDP).
> >
> > Something like this?
> >
> > - 8< -
>
> Why don't you add it to __inet6_lookup, __inet6_lookup and the udp_lib
> lookup routines? And please rename it to skb_steal_sock, as it acts on a
> skb, not on a sock.
Those functions don't have access to the skb so unless we change the
signature they won't be able to steal the reference.
The renaming totally makes sense, the current name is misleading.
- 8< -
Use the socket reference cached in the skb if present. The iptables
TPROXY rule for example does a socket lookup early and attaches the
socket reference to the skb. So in the respective TCP/UDP/DCCP rcv()
routine we don't do a lookup but simply steal the socket reference from
the skb.
Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu>
---
include/net/sock.h | 12 ++++++++++++
net/dccp/ipv4.c | 7 ++++---
net/dccp/ipv6.c | 9 +++++----
net/ipv4/tcp_ipv4.c | 6 ++++--
net/ipv4/udp.c | 5 +++--
net/ipv6/tcp_ipv6.c | 9 +++++----
net/ipv6/udp.c | 5 +++--
7 files changed, 36 insertions(+), 17 deletions(-)
diff --git a/include/net/sock.h b/include/net/sock.h
index 75a312d..18f9670 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -1324,6 +1324,18 @@ static inline void sk_change_net(struct sock *sk, struct net *net)
sock_net_set(sk, hold_net(net));
}
+static inline struct sock *skb_steal_sock(struct sk_buff *skb)
+{
+ if (unlikely(skb->sk)) {
+ struct sock *sk = skb->sk;
+
+ skb->destructor = NULL;
+ skb->sk = NULL;
+ return sk;
+ }
+ return NULL;
+}
+
extern void sock_enable_timestamp(struct sock *sk);
extern int sock_get_timestamp(struct sock *, struct timeval __user *);
extern int sock_get_timestampns(struct sock *, struct timespec __user *);
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index 882c5c4..bb329e8 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -811,9 +811,10 @@ static int dccp_v4_rcv(struct sk_buff *skb)
/* Step 2:
* Look up flow ID in table and get corresponding socket */
- sk = __inet_lookup(dev_net(skb->dst->dev), &dccp_hashinfo,
- iph->saddr, dh->dccph_sport,
- iph->daddr, dh->dccph_dport, inet_iif(skb));
+ if (likely((sk = skb_steal_sock(skb)) == NULL))
+ sk = __inet_lookup(dev_net(skb->dst->dev), &dccp_hashinfo,
+ iph->saddr, dh->dccph_sport,
+ iph->daddr, dh->dccph_dport, inet_iif(skb));
/*
* Step 2:
* If no socket ...
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 5e1ee0d..66de2a9 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -805,10 +805,11 @@ static int dccp_v6_rcv(struct sk_buff *skb)
/* Step 2:
* Look up flow ID in table and get corresponding socket */
- sk = __inet6_lookup(dev_net(skb->dst->dev), &dccp_hashinfo,
- &ipv6_hdr(skb)->saddr, dh->dccph_sport,
- &ipv6_hdr(skb)->daddr, ntohs(dh->dccph_dport),
- inet6_iif(skb));
+ if (likely((sk = skb_steal_sock(skb)) == NULL))
+ sk = __inet6_lookup(dev_net(skb->dst->dev), &dccp_hashinfo,
+ &ipv6_hdr(skb)->saddr, dh->dccph_sport,
+ &ipv6_hdr(skb)->daddr, ntohs(dh->dccph_dport),
+ inet6_iif(skb));
/*
* Step 2:
* If no socket ...
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 1ac4d05..397bc1e 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1577,8 +1577,10 @@ int tcp_v4_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->flags = iph->tos;
TCP_SKB_CB(skb)->sacked = 0;
- sk = __inet_lookup(net, &tcp_hashinfo, iph->saddr,
- th->source, iph->daddr, th->dest, inet_iif(skb));
+ if (likely((sk = skb_steal_sock(skb)) == NULL))
+ sk = __inet_lookup(net, &tcp_hashinfo, iph->saddr,
+ th->source, iph->daddr, th->dest, inet_iif(skb));
+
if (!sk)
goto no_tcp_socket;
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 28c3c31..4bdb4f5 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1198,8 +1198,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
return __udp4_lib_mcast_deliver(net, skb, uh,
saddr, daddr, udptable);
- sk = __udp4_lib_lookup(net, saddr, uh->source, daddr,
- uh->dest, inet_iif(skb), udptable);
+ if (likely((sk = skb_steal_sock(skb)) == NULL))
+ sk = __udp4_lib_lookup(net, saddr, uh->source, daddr,
+ uh->dest, inet_iif(skb), udptable);
if (sk != NULL) {
int ret = 0;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index e85f377..f477b1d 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1681,10 +1681,11 @@ static int tcp_v6_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->flags = ipv6_get_dsfield(ipv6_hdr(skb));
TCP_SKB_CB(skb)->sacked = 0;
- sk = __inet6_lookup(net, &tcp_hashinfo,
- &ipv6_hdr(skb)->saddr, th->source,
- &ipv6_hdr(skb)->daddr, ntohs(th->dest),
- inet6_iif(skb));
+ if (likely((sk = skb_steal_sock(skb)) == NULL))
+ sk = __inet6_lookup(net, &tcp_hashinfo,
+ &ipv6_hdr(skb)->saddr, th->source,
+ &ipv6_hdr(skb)->daddr, ntohs(th->dest),
+ inet6_iif(skb));
if (!sk)
goto no_tcp_socket;
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index a6aecf7..659c6a4 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -488,8 +488,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
* check socket cache ... must talk to Alan about his plans
* for sock caches... i'll skip this for now.
*/
- sk = __udp6_lib_lookup(net, saddr, uh->source,
- daddr, uh->dest, inet6_iif(skb), udptable);
+ if (likely((sk = skb_steal_sock(skb)) == NULL))
+ sk = __udp6_lib_lookup(net, saddr, uh->source,
+ daddr, uh->dest, inet6_iif(skb), udptable);
if (sk == NULL) {
if (!xfrm6_policy_check(NULL, XFRM_POLICY_IN, skb))
next prev parent reply other threads:[~2008-10-03 8:58 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-01 14:24 [net-next PATCH 00/16] Transparent proxying patches, take six KOVACS Krisztian
2008-10-01 14:24 ` [net-next PATCH 02/16] Implement IP_TRANSPARENT socket option KOVACS Krisztian
2008-10-01 14:30 ` David Miller
2008-10-01 14:24 ` [net-next PATCH 08/16] Port redirection support for TCP KOVACS Krisztian
2008-10-01 14:47 ` David Miller
2008-10-01 14:24 ` [net-next PATCH 11/16] Don't lookup the socket if there's a socket attached to the skb KOVACS Krisztian
2008-10-01 14:24 ` [net-next PATCH 16/16] Add documentation KOVACS Krisztian
2008-10-01 16:22 ` Randy Dunlap
2008-10-02 9:37 ` [RESEND net-next " KOVACS Krisztian
2008-10-02 9:38 ` Patrick McHardy
2008-10-03 14:01 ` [net-next " Jan Engelhardt
2008-10-07 7:01 ` KOVACS Krisztian
2008-10-07 19:50 ` David Miller
2008-10-07 20:02 ` KOVACS Krisztian
2008-10-07 20:47 ` Patrick McHardy
2008-10-07 20:53 ` David Miller
2008-10-08 0:32 ` Philip Craig
2008-10-01 14:24 ` [net-next PATCH 15/16] iptables TPROXY target KOVACS Krisztian
2008-10-02 9:28 ` Patrick McHardy
2008-10-01 14:24 ` [net-next PATCH 01/16] Loosen source address check on IPv4 output KOVACS Krisztian
2008-10-01 14:28 ` David Miller
2008-10-01 14:24 ` [net-next PATCH 05/16] Conditionally enable transparent flow flag when connecting KOVACS Krisztian
2008-10-01 14:36 ` David Miller
2008-10-01 14:24 ` [net-next PATCH 10/16] Don't lookup the socket if there's a socket attached to the skb KOVACS Krisztian
2008-10-01 14:50 ` David Miller
2008-10-01 15:38 ` KOVACS Krisztian
2008-10-01 15:51 ` David Miller
2008-10-02 15:43 ` KOVACS Krisztian
2008-10-02 17:09 ` Arnaldo Carvalho de Melo
2008-10-02 19:58 ` David Miller
2008-10-03 8:57 ` KOVACS Krisztian [this message]
2008-10-03 13:47 ` Arnaldo Carvalho de Melo
2008-10-07 7:36 ` KOVACS Krisztian
2008-10-07 12:36 ` Arnaldo Carvalho de Melo
2008-10-07 18:42 ` David Miller
2008-10-07 7:42 ` [net-next PATCH] Add udplib_lookup_skb() helpers (was: [net-next PATCH 10/16] Don't lookup the socket if there's a socket attached to the skb) KOVACS Krisztian
2008-10-07 12:34 ` Arnaldo Carvalho de Melo
2008-10-07 19:39 ` [net-next PATCH] Add udplib_lookup_skb() helpers David Miller
2008-10-07 7:59 ` [net-next PATCH] Don't lookup the socket if there's a socket attached to the skb (was: Re: [net-next PATCH 10/16] Don't lookup the socket if there's a socket attached to the skb) KOVACS Krisztian
2008-10-07 12:36 ` Arnaldo Carvalho de Melo
2008-10-07 19:41 ` [net-next PATCH] Don't lookup the socket if there's a socket attached to the skb David Miller
2008-10-01 14:24 ` [net-next PATCH 04/16] Make inet_sock.h independent of route.h KOVACS Krisztian
2008-10-01 14:34 ` David Miller
2008-10-01 14:24 ` [net-next PATCH 06/16] Handle TCP SYN+ACK/ACK/RST transparency KOVACS Krisztian
2008-10-01 14:42 ` David Miller
2008-10-01 14:46 ` KOVACS Krisztian
2008-10-01 14:24 ` [net-next PATCH 07/16] Make Netfilter's ip_route_me_harder() non-local address compatible KOVACS Krisztian
2008-10-01 14:45 ` David Miller
2008-10-01 14:24 ` [net-next PATCH 03/16] Allow binding to non-local addresses if IP_TRANSPARENT is set KOVACS Krisztian
2008-10-01 14:31 ` David Miller
2008-10-01 14:24 ` [net-next PATCH 13/16] iptables tproxy core KOVACS Krisztian
2008-10-02 9:19 ` Patrick McHardy
2008-10-01 14:24 ` [net-next PATCH 09/16] Export UDP socket lookup function KOVACS Krisztian
2008-10-01 14:48 ` David Miller
2008-10-01 14:24 ` [net-next PATCH 14/16] iptables socket match KOVACS Krisztian
2008-10-02 9:26 ` Patrick McHardy
2008-10-02 10:26 ` KOVACS Krisztian
2008-10-02 10:35 ` Patrick McHardy
2008-10-03 14:04 ` Jan Engelhardt
2008-10-01 14:24 ` [net-next PATCH 12/16] Split Netfilter IPv4 defragmentation into a separate module KOVACS Krisztian
2008-10-02 9:18 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1223024268.8912.2.camel@este \
--to=hidden@sch.bme.hu \
--cc=acme@redhat.com \
--cc=davem@davemloft.net \
--cc=kaber@trash.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).