[patch 0/1] ctnetlink: allocation improvements

[patch 0/1] ctnetlink: allocation improvements

[Holger Eitzenberger]

Hi Patrick,

the following patch against latest nf-net-next-2.6 tries to address
the concerns raised by Pablo about the inacurate computation of the
ctnetlink skb.  I simply try to properly #ifdef the NLAs where
possible.

Please check.

Thanks.  /holger

Ah, I still owe you a performance comparison! ;)

[patch 1/1] ctnetlink: compute generic part of event more acurately

[Holger Eitzenberger]

[-- Attachment #1: ctnetlink-alloc-generic-event-more-acurately.diff --]
[-- Type: text/plain, Size: 1891 bytes --]

On a box with most of the optional Netfilter switches turned off some
of the NLAs are never send, e. g. secmark, mark or the conntrack
byte/packet counters.  As a worst case scenario this may possibly
still lead to ctnetlink skbs being reallocated in netlink_trim()
later, loosing all the nice effects from the previous patches.

I try to solve that (at least partly) by correctly #ifdef'ing the
NLAs in the computation.

Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>

Index: nf-next-2.6/net/netfilter/nf_conntrack_netlink.c
===================================================================
--- nf-next-2.6.orig/net/netfilter/nf_conntrack_netlink.c
+++ nf-next-2.6/net/netfilter/nf_conntrack_netlink.c
@@ -440,19 +440,28 @@ ctnetlink_alloc_skb(const struct nf_conn
 		+ 3 * NLA_TYPE_SIZE(u_int8_t)	/* CTA_PROTO_NUM */
 		+ NLA_TYPE_SIZE(u_int32_t)	/* CTA_ID */
 		+ NLA_TYPE_SIZE(u_int32_t)	/* CTA_STATUS */
+#ifdef CONFIG_NF_CT_ACCT
 		+ 2 * nla_total_size(0)		/* CTA_COUNTERS_ORIG|REPL */
 		+ 2 * NLA_TYPE_SIZE(uint64_t)	/* CTA_COUNTERS_PACKETS */
 		+ 2 * NLA_TYPE_SIZE(uint64_t)	/* CTA_COUNTERS_BYTES */
+#endif
 		+ NLA_TYPE_SIZE(u_int32_t)	/* CTA_TIMEOUT */
 		+ nla_total_size(0)		/* CTA_PROTOINFO */
 		+ nla_total_size(0)		/* CTA_HELP */
 		+ nla_total_size(NF_CT_HELPER_NAME_LEN)	/* CTA_HELP_NAME */
+#ifdef CONFIG_NF_CONNTRACK_SECMARK
 		+ NLA_TYPE_SIZE(u_int32_t)	/* CTA_SECMARK */
+#endif
+#ifdef CONFIG_NF_NAT_NEEDED
 		+ 2 * nla_total_size(0)		/* CTA_NAT_SEQ_ADJ_ORIG|REPL */
 		+ 2 * NLA_TYPE_SIZE(u_int32_t)	/* CTA_NAT_SEQ_CORRECTION_POS */
 		+ 2 * NLA_TYPE_SIZE(u_int32_t)	/* CTA_NAT_SEQ_CORRECTION_BEFORE */
 		+ 2 * NLA_TYPE_SIZE(u_int32_t)	/* CTA_NAT_SEQ_CORRECTION_AFTER */
-		+ NLA_TYPE_SIZE(u_int32_t);	/* CTA_MARK */
+#endif
+#ifdef CONFIG_NF_CONNTRACK_MARK
+		+ NLA_TYPE_SIZE(u_int32_t)	/* CTA_MARK */
+#endif
+		;
 
 #undef NLA_TYPE_SIZE
 

-- 

Re: [patch 1/1] ctnetlink: compute generic part of event more acurately

[Patrick McHardy]

Holger Eitzenberger wrote:
> On a box with most of the optional Netfilter switches turned off some
> of the NLAs are never send, e. g. secmark, mark or the conntrack
> byte/packet counters.  As a worst case scenario this may possibly
> still lead to ctnetlink skbs being reallocated in netlink_trim()
> later, loosing all the nice effects from the previous patches.
> 
> I try to solve that (at least partly) by correctly #ifdef'ing the
> NLAs in the computation.

Applied, thanks Holger.