From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 31/39] netfilter: ipset: Optimize hash creation routine
Date: Sun, 13 Nov 2016 23:25:25 +0100 [thread overview]
Message-ID: <1479075933-4491-32-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1479075933-4491-1-git-send-email-pablo@netfilter.org>
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Exit as easly as possible on error and use RCU_INIT_POINTER()
as set is not seen at creation time.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
---
net/netfilter/ipset/ip_set_hash_gen.h | 63 ++++++++++++++++-------------------
1 file changed, 29 insertions(+), 34 deletions(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 34f115f874ab..de1d16fd4121 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -1241,41 +1241,35 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
struct htype *h;
struct htable *t;
+ pr_debug("Create set %s with family %s\n",
+ set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6");
+
#ifndef IP_SET_PROTO_UNDEF
if (!(set->family == NFPROTO_IPV4 || set->family == NFPROTO_IPV6))
return -IPSET_ERR_INVALID_FAMILY;
#endif
-#ifdef IP_SET_HASH_WITH_MARKMASK
- markmask = 0xffffffff;
-#endif
-#ifdef IP_SET_HASH_WITH_NETMASK
- netmask = set->family == NFPROTO_IPV4 ? 32 : 128;
- pr_debug("Create set %s with family %s\n",
- set->name, set->family == NFPROTO_IPV4 ? "inet" : "inet6");
-#endif
-
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_HASHSIZE) ||
!ip_set_optattr_netorder(tb, IPSET_ATTR_MAXELEM) ||
!ip_set_optattr_netorder(tb, IPSET_ATTR_TIMEOUT) ||
!ip_set_optattr_netorder(tb, IPSET_ATTR_CADT_FLAGS)))
return -IPSET_ERR_PROTOCOL;
+
#ifdef IP_SET_HASH_WITH_MARKMASK
/* Separated condition in order to avoid directive in argument list */
if (unlikely(!ip_set_optattr_netorder(tb, IPSET_ATTR_MARKMASK)))
return -IPSET_ERR_PROTOCOL;
-#endif
- if (tb[IPSET_ATTR_HASHSIZE]) {
- hashsize = ip_set_get_h32(tb[IPSET_ATTR_HASHSIZE]);
- if (hashsize < IPSET_MIMINAL_HASHSIZE)
- hashsize = IPSET_MIMINAL_HASHSIZE;
+ markmask = 0xffffffff;
+ if (tb[IPSET_ATTR_MARKMASK]) {
+ markmask = ntohl(nla_get_be32(tb[IPSET_ATTR_MARKMASK]));
+ if (markmask == 0)
+ return -IPSET_ERR_INVALID_MARKMASK;
}
-
- if (tb[IPSET_ATTR_MAXELEM])
- maxelem = ip_set_get_h32(tb[IPSET_ATTR_MAXELEM]);
+#endif
#ifdef IP_SET_HASH_WITH_NETMASK
+ netmask = set->family == NFPROTO_IPV4 ? 32 : 128;
if (tb[IPSET_ATTR_NETMASK]) {
netmask = nla_get_u8(tb[IPSET_ATTR_NETMASK]);
@@ -1285,14 +1279,15 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
return -IPSET_ERR_INVALID_NETMASK;
}
#endif
-#ifdef IP_SET_HASH_WITH_MARKMASK
- if (tb[IPSET_ATTR_MARKMASK]) {
- markmask = ntohl(nla_get_be32(tb[IPSET_ATTR_MARKMASK]));
- if (markmask == 0)
- return -IPSET_ERR_INVALID_MARKMASK;
+ if (tb[IPSET_ATTR_HASHSIZE]) {
+ hashsize = ip_set_get_h32(tb[IPSET_ATTR_HASHSIZE]);
+ if (hashsize < IPSET_MIMINAL_HASHSIZE)
+ hashsize = IPSET_MIMINAL_HASHSIZE;
}
-#endif
+
+ if (tb[IPSET_ATTR_MAXELEM])
+ maxelem = ip_set_get_h32(tb[IPSET_ATTR_MAXELEM]);
hsize = sizeof(*h);
#ifdef IP_SET_HASH_WITH_NETS
@@ -1302,16 +1297,6 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
if (!h)
return -ENOMEM;
- h->maxelem = maxelem;
-#ifdef IP_SET_HASH_WITH_NETMASK
- h->netmask = netmask;
-#endif
-#ifdef IP_SET_HASH_WITH_MARKMASK
- h->markmask = markmask;
-#endif
- get_random_bytes(&h->initval, sizeof(h->initval));
- set->timeout = IPSET_NO_TIMEOUT;
-
hbits = htable_bits(hashsize);
hsize = htable_size(hbits);
if (hsize == 0) {
@@ -1323,8 +1308,17 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
kfree(h);
return -ENOMEM;
}
+ h->maxelem = maxelem;
+#ifdef IP_SET_HASH_WITH_NETMASK
+ h->netmask = netmask;
+#endif
+#ifdef IP_SET_HASH_WITH_MARKMASK
+ h->markmask = markmask;
+#endif
+ get_random_bytes(&h->initval, sizeof(h->initval));
+
t->htable_bits = hbits;
- rcu_assign_pointer(h->table, t);
+ RCU_INIT_POINTER(h->table, t);
set->data = h;
#ifndef IP_SET_PROTO_UNDEF
@@ -1342,6 +1336,7 @@ IPSET_TOKEN(HTYPE, _create)(struct net *net, struct ip_set *set,
__alignof__(struct IPSET_TOKEN(HTYPE, 6_elem)));
}
#endif
+ set->timeout = IPSET_NO_TIMEOUT;
if (tb[IPSET_ATTR_TIMEOUT]) {
set->timeout = ip_set_timeout_uget(tb[IPSET_ATTR_TIMEOUT]);
#ifndef IP_SET_PROTO_UNDEF
--
2.1.4
next prev parent reply other threads:[~2016-11-13 22:25 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-13 22:24 [PATCH 00/39] Netfilter updates for net-next Pablo Neira Ayuso
2016-11-13 22:24 ` [PATCH 01/39] netfilter: get rid of useless debugging from core Pablo Neira Ayuso
2016-11-13 22:24 ` [PATCH 02/39] netfilter: remove comments that predate rcu days Pablo Neira Ayuso
2016-11-13 22:24 ` [PATCH 03/39] netfilter: kill NF_HOOK_THRESH() and state->tresh Pablo Neira Ayuso
2016-11-13 22:24 ` [PATCH 04/39] netfilter: deprecate NF_STOP Pablo Neira Ayuso
2016-11-13 22:24 ` [PATCH 05/39] netfilter: x_tables: move hook state into xt_action_param structure Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 06/39] netfilter: nf_tables: use hook state from " Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 07/39] netfilter: use switch() to handle verdict cases from nf_hook_slow() Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 08/39] netfilter: remove hook_entries field from nf_hook_state Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 09/39] netfilter: merge nf_iterate() into nf_hook_slow() Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 10/39] netfilter: handle NF_REPEAT from nf_conntrack_in() Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 11/39] netfilter: nft_hash: get random bytes if seed is not specified Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 12/39] netfilter: nf_tables: simplify the basic expressions' init routine Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 13/39] netfilter: conntrack: simplify init/uninit of L4 protocol trackers Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 14/39] udp: provide udp{4,6}_lib_lookup for nf_socket_ipv{4,6} Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 15/39] netfilter: conntrack: fix NF_REPEAT handling Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 16/39] netfilter: ipset: Remove extra whitespaces in ip_set.h Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 17/39] netfilter: ipset: Mark some helper args as const Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 18/39] netfilter: ipset: Headers file cleanup Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 19/39] netfilter: ipset: Improve skbinfo get/init helpers Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 20/39] netfilter: ipset: Use kmalloc() in comment extension helper Pablo Neira Ayuso
2016-11-15 10:48 ` David Laight
2016-11-13 22:25 ` [PATCH 21/39] netfilter: ipset: Split extensions into separate files Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 22/39] netfilter: ipset: Separate memsize calculation code into dedicated function Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 23/39] netfilter: ipset: Regroup ip_set_put_extensions and add extern Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 24/39] netfilter: ipset: Add element count to hash headers Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 25/39] netfilter: ipset: Add element count to all set types header Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 26/39] netfilter: ipset: Count non-static extension memory for userspace Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 27/39] netfilter: ipset: Remove redundant mtype_expire() arguments Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 28/39] netfilter: ipset: Simplify mtype_expire() for hash types Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 29/39] netfilter: ipset: Make NLEN compile time constant " Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 30/39] netfilter: ipset: Make sure element data size is a multiple of u32 Pablo Neira Ayuso
2016-11-13 22:25 ` Pablo Neira Ayuso [this message]
2016-11-13 22:25 ` [PATCH 32/39] netfilter: ipset: Make struct htype per ipset family Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 33/39] netfilter: ipset: Collapse same condition body to a single one Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 34/39] netfilter: ipset: Fix reported memory size for hash:* types Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 35/39] netfilter: ipset: hash:ipmac type support added to ipset Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 36/39] netfilter: ipset: use setup_timer() and mod_timer() Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 37/39] netfilter: ipset: hash: fix boolreturn.cocci warnings Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 38/39] netfilter: conntrack: remove unused netns_ct member Pablo Neira Ayuso
2016-11-13 22:25 ` [PATCH 39/39] netfilter: x_tables: simplify IS_ERR_OR_NULL to NULL test Pablo Neira Ayuso
2016-11-14 4:25 ` [PATCH 00/39] Netfilter updates for net-next David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1479075933-4491-32-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).