[NETFILTER]: nf_conntrack_helper: use hashtable for conntrack helpers
Eliminate the last global list searched for every new connection.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index 66c209d..b1179dd 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -28,23 +28,41 @@
#include <net/netfilter/nf_conntrack_core.h>
#include <net/netfilter/nf_conntrack_extend.h>
-static __read_mostly LIST_HEAD(helpers);
+static struct hlist_head *nf_ct_helper_hash __read_mostly;
+static unsigned int nf_ct_helper_hsize __read_mostly;
+static unsigned int nf_ct_helper_count __read_mostly;
+static int nf_ct_helper_vmalloc;
+
+
+/* Stupid hash, but collision free for the default registrations of the
+ * helpers currently in the kernel. */
+static unsigned int helper_hash(const struct nf_conntrack_tuple *tuple)
+{
+ return (((tuple->src.l3num << 8) | tuple->dst.protonum) ^
+ tuple->src.u.all) % nf_ct_helper_hsize;
+}
struct nf_conntrack_helper *
__nf_ct_helper_find(const struct nf_conntrack_tuple *tuple)
{
- struct nf_conntrack_helper *h;
+ struct nf_conntrack_helper *helper;
struct nf_conntrack_tuple_mask mask = { .src.u.all = htons(0xFFFF) };
+ struct hlist_node *n;
+ unsigned int h;
- list_for_each_entry(h, &helpers, list) {
- if (nf_ct_tuple_src_mask_cmp(tuple, &h->tuple, &mask))
- return h;
+ if (!nf_ct_helper_count)
+ return NULL;
+
+ h = helper_hash(tuple);
+ hlist_for_each_entry(helper, n, &nf_ct_helper_hash[h], hnode) {
+ if (nf_ct_tuple_src_mask_cmp(tuple, &helper->tuple, &mask))
+ return helper;
}
return NULL;
}
struct nf_conntrack_helper *
-nf_ct_helper_find_get( const struct nf_conntrack_tuple *tuple)
+nf_ct_helper_find_get(const struct nf_conntrack_tuple *tuple)
{
struct nf_conntrack_helper *helper;
@@ -77,12 +95,15 @@
__nf_conntrack_helper_find_byname(const char *name)
{
struct nf_conntrack_helper *h;
+ struct hlist_node *n;
+ unsigned int i;
- list_for_each_entry(h, &helpers, list) {
- if (!strcmp(h->name, name))
- return h;
+ for (i = 0; i < nf_ct_helper_hsize; i++) {
+ hlist_for_each_entry(h, n, &nf_ct_helper_hash[i], hnode) {
+ if (!strcmp(h->name, name))
+ return h;
+ }
}
-
return NULL;
}
EXPORT_SYMBOL_GPL(__nf_conntrack_helper_find_byname);
@@ -115,10 +136,13 @@
int nf_conntrack_helper_register(struct nf_conntrack_helper *me)
{
+ unsigned int h = helper_hash(&me->tuple);
+
BUG_ON(me->timeout == 0);
write_lock_bh(&nf_conntrack_lock);
- list_add(&me->list, &helpers);
+ hlist_add_head(&me->hnode, &nf_ct_helper_hash[h]);
+ nf_ct_helper_count++;
write_unlock_bh(&nf_conntrack_lock);
return 0;
@@ -134,7 +158,8 @@
/* Need write lock here, to delete helper. */
write_lock_bh(&nf_conntrack_lock);
- list_del(&me->list);
+ hlist_del(&me->hnode);
+ nf_ct_helper_count--;
/* Get rid of expectations */
for (i = 0; i < nf_ct_expect_hsize; i++) {
@@ -171,10 +196,29 @@
int nf_conntrack_helper_init()
{
- return nf_ct_extend_register(&helper_extend);
+ int err;
+
+ nf_ct_helper_hsize = 1; /* gets rounded up to use one page */
+ nf_ct_helper_hash = nf_ct_alloc_hashtable(&nf_ct_helper_hsize,
+ &nf_ct_helper_vmalloc);
+ if (!nf_ct_helper_hash)
+ return -ENOMEM;
+
+ err = nf_ct_extend_register(&helper_extend);
+ if (err < 0)
+ goto err1;
+
+ return 0;
+
+err1:
+ nf_ct_free_hashtable(nf_ct_helper_hash, nf_ct_helper_vmalloc,
+ nf_ct_helper_hsize);
+ return err;
}
void nf_conntrack_helper_fini()
{
nf_ct_extend_unregister(&helper_extend);
+ nf_ct_free_hashtable(nf_ct_helper_hash, nf_ct_helper_vmalloc,
+ nf_ct_helper_hsize);
}