[PATCH nf-next 0/4] netfilter: skbuff: merge nfctinfo bits and nfct pointer

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: netdev@vger.kernel.org
Subject: [PATCH nf-next 0/4] netfilter: skbuff: merge nfctinfo bits and nfct pointer
Date: Wed,  4 Jan 2017 16:35:46 +0100	[thread overview]
Message-ID: <1483544150-10686-1-git-send-email-fw@strlen.de> (raw)

[ CC netdev, touches sk_buff in patch #4.
  Does anyone know if there are arches where alignof(u64) < 8?
  If so, this series would require more work ]

Whenever we fetch skb conntrack info, we need to access two
distinct cache lines in sk_buff, #2 (nfct pointer) and #3
(nfctinfo bits).  This series removes nfctinfo and joins it
with the data pointer in a single ulong.

We have 3 nfctinfo bits, the slab cache used for nf_conn objects
guarantees at least 8 byte alignment so there is no overlap.

For the conntrack templates the situaton isn't obvious to me,
these get allocated via kmalloc which guarantees ARCH_KMALLOC_MINALIGN
(alignof(unsigned long long) so that begs the question if that is >= 8
on all arches or not.  I added a BUILD_BUG_ON test to catch
ARCH_KMALLOC_MINALIGN < 8, just in case.

If that triggers we'd need to align by hand in nf_ct_tmpl_alloc()
and store the padding in the conntrack somewhere.

But as its ugly I did not do this.

A followup series to this one will resurrect an old patch from
Pablo that adds an 'untracked' ctinfo status, this then allows
to get rid of the conntrack template object (which in turn avoids
get/put atomic ops for untracked skbs).

 include/linux/skbuff.h                         |   30 +++++++++++--------
 include/net/ip_vs.h                            |   11 ++++---
 include/net/netfilter/nf_conntrack.h           |   10 ++++--
 include/net/netfilter/nf_conntrack_core.h      |    2 -
 include/net/netfilter/nf_conntrack_l4proto.h   |    2 -
 net/core/skbuff.c                              |    2 -
 net/ipv4/netfilter/ipt_SYNPROXY.c              |    7 +---
 net/ipv4/netfilter/nf_conntrack_proto_icmp.c   |   16 +++++-----
 net/ipv4/netfilter/nf_defrag_ipv4.c            |    4 +-
 net/ipv4/netfilter/nf_dup_ipv4.c               |    9 +++--
 net/ipv6/netfilter/ip6t_SYNPROXY.c             |    7 +---
 net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c |   22 +++++++-------
 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c      |    4 +-
 net/ipv6/netfilter/nf_dup_ipv6.c               |   10 +++---
 net/netfilter/core.c                           |    2 -
 net/netfilter/nf_conntrack_core.c              |   38 ++++++++++++-------------
 net/netfilter/nf_conntrack_proto_dccp.c        |    1 
 net/netfilter/nf_conntrack_proto_tcp.c         |    1 
 net/netfilter/nf_conntrack_proto_udp.c         |    3 -
 net/netfilter/nf_conntrack_standalone.c        |    3 +
 net/netfilter/nf_nat_helper.c                  |    2 -
 net/netfilter/nft_ct.c                         |    3 -
 net/netfilter/xt_CT.c                          |   13 +++-----
 net/openvswitch/conntrack.c                    |   22 ++++++--------
 net/sched/cls_flow.c                           |    2 -
 25 files changed, 118 insertions(+), 108 deletions(-)

next             reply	other threads:[~2017-01-04 15:35 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-01-04 15:35 Florian Westphal [this message]
2017-01-04 15:35 ` [PATCH nf-next 1/4] netfilter: conntrack: no need to pass ctinfo to error handler Florian Westphal
2017-01-04 15:35 ` [PATCH nf-next 2/4] netfilter: reset netfilter state when duplicating packet Florian Westphal
2017-01-04 15:35 ` [PATCH nf-next 3/4] netfilter: reduce direct skb->nfct usage Florian Westphal
2017-01-04 15:35 ` [PATCH nf-next 4/4] netfilter: merge ctinfo into nfct pointer storage area Florian Westphal
2017-01-05  6:03   ` kbuild test robot
2017-01-05  8:31   ` kbuild test robot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1483544150-10686-1-git-send-email-fw@strlen.de \
    --to=fw@strlen.de \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).