netfilter: conntrack: avoid same-timeout update
authorFlorian Westphal <fw@strlen.de>
Thu, 21 Feb 2019 14:38:29 +0000 (15:38 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 27 Feb 2019 09:58:21 +0000 (10:58 +0100)
No need to dirty a cache line if timeout is unchanged.
Also, WARN() is useless here: we crash on 'skb->len' access
if skb is NULL.

Last, ct->timeout is u32, not 'unsigned long' so adapt the
function prototype accordingly.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_conntrack.h
net/netfilter/nf_conntrack_core.c

index b5aac5a..5ee7b30 100644 (file)
@@ -190,23 +190,23 @@ bool nf_ct_get_tuplepr(const struct sk_buff *skb, unsigned int nhoff,
 
 void __nf_ct_refresh_acct(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
                          const struct sk_buff *skb,
-                         unsigned long extra_jiffies, int do_acct);
+                         u32 extra_jiffies, bool do_acct);
 
 /* Refresh conntrack for this many jiffies and do accounting */
 static inline void nf_ct_refresh_acct(struct nf_conn *ct,
                                      enum ip_conntrack_info ctinfo,
                                      const struct sk_buff *skb,
-                                     unsigned long extra_jiffies)
+                                     u32 extra_jiffies)
 {
-       __nf_ct_refresh_acct(ct, ctinfo, skb, extra_jiffies, 1);
+       __nf_ct_refresh_acct(ct, ctinfo, skb, extra_jiffies, true);
 }
 
 /* Refresh conntrack for this many jiffies */
 static inline void nf_ct_refresh(struct nf_conn *ct,
                                 const struct sk_buff *skb,
-                                unsigned long extra_jiffies)
+                                u32 extra_jiffies)
 {
-       __nf_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0);
+       __nf_ct_refresh_acct(ct, 0, skb, extra_jiffies, false);
 }
 
 /* kill conntrack and do accounting */
index 4a9107e..ff9313c 100644 (file)
@@ -1751,11 +1751,9 @@ EXPORT_SYMBOL_GPL(nf_conntrack_alter_reply);
 void __nf_ct_refresh_acct(struct nf_conn *ct,
                          enum ip_conntrack_info ctinfo,
                          const struct sk_buff *skb,
-                         unsigned long extra_jiffies,
-                         int do_acct)
+                         u32 extra_jiffies,
+                         bool do_acct)
 {
-       WARN_ON(!skb);
-
        /* Only update if this is not a fixed timeout */
        if (test_bit(IPS_FIXED_TIMEOUT_BIT, &ct->status))
                goto acct;
@@ -1764,7 +1762,8 @@ void __nf_ct_refresh_acct(struct nf_conn *ct,
        if (nf_ct_is_confirmed(ct))
                extra_jiffies += nfct_time_stamp;
 
-       ct->timeout = extra_jiffies;
+       if (ct->timeout != extra_jiffies)
+               ct->timeout = extra_jiffies;
 acct:
        if (do_acct)
                nf_ct_acct_update(ct, ctinfo, skb->len);