diff options
| author | Patrick McHardy <kaber@coreworks.de> | 2004-09-23 00:40:01 -0700 |
|---|---|---|
| committer | David S. Miller <davem@kernel.bkbits.net> | 2004-09-23 00:40:01 -0700 |
| commit | a25a7f563343915aca3514019e9a4bd45f04a997 (patch) | |
| tree | 732e144bae288fa2be7b45975ab39b4b4f0fbdff /include/linux | |
| parent | 6220ce1e19ccea43b2ea1dd6a7c3af959bec4a8a (diff) | |
[NETFILTER]: kill struct nf_ct_info, saves five pointers per conntrack
The relationship of the skb to the conntrack is stored in a new field
in the skb.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/netfilter.h | 2 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4/ip_conntrack.h | 13 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4/ip_conntrack_core.h | 6 | ||||
| -rw-r--r-- | include/linux/skbuff.h | 18 |
4 files changed, 18 insertions, 21 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 83f9668653ca..a9357be1ae41 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -178,7 +178,7 @@ extern inline struct ip6t_target * ip6t_find_target_lock(const char *name, int *error, struct semaphore *mutex); extern inline struct arpt_target * arpt_find_target_lock(const char *name, int *error, struct semaphore *mutex); -extern void (*ip_ct_attach)(struct sk_buff *, struct nf_ct_info *); +extern void (*ip_ct_attach)(struct sk_buff *, struct sk_buff *); #ifdef CONFIG_NETFILTER_DEBUG extern void nf_dump_skb(int pf, struct sk_buff *skb); diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h index 6c115127e799..ccd0cf6e894e 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/include/linux/netfilter_ipv4/ip_conntrack.h @@ -196,12 +196,7 @@ struct ip_conntrack /* Helper, if any. */ struct ip_conntrack_helper *helper; - /* Our various nf_ct_info structs specify *what* relation this - packet has to the conntrack */ - struct nf_ct_info infos[IP_CT_NUMBER]; - /* Storage reserved for other modules: */ - union ip_conntrack_proto proto; union ip_conntrack_help help; @@ -238,8 +233,12 @@ ip_conntrack_tuple_taken(const struct ip_conntrack_tuple *tuple, const struct ip_conntrack *ignored_conntrack); /* Return conntrack_info and tuple hash for given skb. */ -extern struct ip_conntrack * -ip_conntrack_get(struct sk_buff *skb, enum ip_conntrack_info *ctinfo); +static inline struct ip_conntrack * +ip_conntrack_get(const struct sk_buff *skb, enum ip_conntrack_info *ctinfo) +{ + *ctinfo = skb->nfctinfo; + return (struct ip_conntrack *)skb->nfct; +} /* decrement reference count on a conntrack */ extern inline void ip_conntrack_put(struct ip_conntrack *ct); diff --git a/include/linux/netfilter_ipv4/ip_conntrack_core.h b/include/linux/netfilter_ipv4/ip_conntrack_core.h index 9a31e96b7ab7..0acb025c5422 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack_core.h +++ b/include/linux/netfilter_ipv4/ip_conntrack_core.h @@ -38,14 +38,14 @@ struct ip_conntrack_tuple_hash * ip_conntrack_find_get(const struct ip_conntrack_tuple *tuple, const struct ip_conntrack *ignored_conntrack); -extern int __ip_conntrack_confirm(struct nf_ct_info *nfct); +extern int __ip_conntrack_confirm(struct sk_buff *skb); /* Confirm a connection: returns NF_DROP if packet must be dropped. */ static inline int ip_conntrack_confirm(struct sk_buff *skb) { if (skb->nfct - && !is_confirmed((struct ip_conntrack *)skb->nfct->master)) - return __ip_conntrack_confirm(skb->nfct); + && !is_confirmed((struct ip_conntrack *)skb->nfct)) + return __ip_conntrack_confirm(skb); return NF_ACCEPT; } diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index e689c26b1ada..dcf9c1b6e981 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -97,10 +97,6 @@ struct nf_conntrack { void (*destroy)(struct nf_conntrack *); }; -struct nf_ct_info { - struct nf_conntrack *master; -}; - #ifdef CONFIG_BRIDGE_NETFILTER struct nf_bridge_info { atomic_t use; @@ -186,6 +182,7 @@ struct skb_shared_info { * @nfmark: Can be used for communication between hooks * @nfcache: Cache info * @nfct: Associated connection, if any + * @nfctinfo: Relationship of this skb to the connection * @nf_debug: Netfilter debugging * @nf_bridge: Saved data about a bridged frame - see br_netfilter.c * @private: Data which is private to the HIPPI implementation @@ -253,7 +250,8 @@ struct sk_buff { #ifdef CONFIG_NETFILTER unsigned long nfmark; __u32 nfcache; - struct nf_ct_info *nfct; + struct nf_conntrack *nfct; + __u32 nfctinfo; #ifdef CONFIG_NETFILTER_DEBUG unsigned int nf_debug; #endif @@ -1141,15 +1139,15 @@ extern int skb_iter_next(const struct sk_buff *skb, struct skb_iter *i); extern void skb_iter_abort(const struct sk_buff *skb, struct skb_iter *i); #ifdef CONFIG_NETFILTER -static inline void nf_conntrack_put(struct nf_ct_info *nfct) +static inline void nf_conntrack_put(struct nf_conntrack *nfct) { - if (nfct && atomic_dec_and_test(&nfct->master->use)) - nfct->master->destroy(nfct->master); + if (nfct && atomic_dec_and_test(&nfct->use)) + nfct->destroy(nfct); } -static inline void nf_conntrack_get(struct nf_ct_info *nfct) +static inline void nf_conntrack_get(struct nf_conntrack *nfct) { if (nfct) - atomic_inc(&nfct->master->use); + atomic_inc(&nfct->use); } static inline void nf_reset(struct sk_buff *skb) { |