netfilter: nf_conntrack: IPS_UNTRACKED bit NOTRACK makes all cpus share a cache line on nf_conntrack_untracked twice per packet. This is bad for performance. __read_mostly annotation is also a bad choice. This patch introduces IPS_UNTRACKED bit so that we can use later a per_cpu untrack structure more easily. A new helper, nf_ct_untracked_get() returns a pointer to nf_conntrack_untracked. Another one, nf_ct_untracked_status_or() is used by nf_nat_init() to add IPS_NAT_DONE_MASK bits to untracked status. nf_ct_is_untracked() prototype is changed to work on a nf_conn pointer. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>

commit: 5bfddbd46a95c978f4d3c992339cbdf4f4b790a3 [log] [tgz]
author: Eric Dumazet <eric.dumazet@gmail.com> Tue Jun 08 16:09:52 2010 +0200
committer: Patrick McHardy <kaber@trash.net> Tue Jun 08 16:09:52 2010 +0200
tree: 9291ba4e1e3c7bf7ae8b5dfa8271e7127a6a6958
parent: 339bb99e4a8ba1f8960eed21d50be808b35ad22a [diff] [blame]
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c
index 39681f1..e536710 100644
--- a/net/netfilter/xt_conntrack.c
+++ b/net/netfilter/xt_conntrack.c

@@ -123,11 +123,12 @@
 
 	ct = nf_ct_get(skb, &ctinfo);
 
-	if (ct == &nf_conntrack_untracked)
-		statebit = XT_CONNTRACK_STATE_UNTRACKED;
-	else if (ct != NULL)
-		statebit = XT_CONNTRACK_STATE_BIT(ctinfo);
-	else
+	if (ct) {
+		if (nf_ct_is_untracked(ct))
+			statebit = XT_CONNTRACK_STATE_UNTRACKED;
+		else
+			statebit = XT_CONNTRACK_STATE_BIT(ctinfo);
+	} else
 		statebit = XT_CONNTRACK_STATE_INVALID;
 
 	if (info->match_flags & XT_CONNTRACK_STATE) {
commit	5bfddbd46a95c978f4d3c992339cbdf4f4b790a3	[log] [tgz]
author	Eric Dumazet <eric.dumazet@gmail.com>	Tue Jun 08 16:09:52 2010 +0200
committer	Patrick McHardy <kaber@trash.net>	Tue Jun 08 16:09:52 2010 +0200
tree	9291ba4e1e3c7bf7ae8b5dfa8271e7127a6a6958
parent	339bb99e4a8ba1f8960eed21d50be808b35ad22a [diff] [blame]