netfilter: merge ctinfo into nfct pointer storage area
authorFlorian Westphal <fw@strlen.de>
Mon, 23 Jan 2017 17:21:59 +0000 (18:21 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 2 Feb 2017 13:31:56 +0000 (14:31 +0100)
commita9e419dc7be6997409dca6d1b9daf3cc7046902f
treeff33b9a6415926bc627d1ad6e49eece8ef417b43
parent303223092081963513494b4377fa1ac9e362ed4b
netfilter: merge ctinfo into nfct pointer storage area

After this change conntrack operations (lookup, creation, matching from
ruleset) only access one instead of two sk_buff cache lines.

This works for normal conntracks because those are allocated from a slab
that guarantees hw cacheline or 8byte alignment (whatever is larger)
so the 3 bits needed for ctinfo won't overlap with nf_conn addresses.

Template allocation now does manual address alignment (see previous change)
on arches that don't have sufficent kmalloc min alignment.

Some spots intentionally use skb->_nfct instead of skb_nfct() helpers,
this is to avoid undoing the skb_nfct() use when we remove untracked
conntrack object in the future.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/linux/skbuff.h
include/net/netfilter/nf_conntrack.h
net/ipv6/netfilter/nf_dup_ipv6.c
net/netfilter/core.c
net/netfilter/nf_conntrack_core.c
net/netfilter/nf_conntrack_standalone.c
net/netfilter/xt_CT.c