From be00c8e48993368663e2714bd1e7c886b7736406 Mon Sep 17 00:00:00 2001 From: Martin Josefsson Date: Wed, 29 Nov 2006 02:35:12 +0100 Subject: [PATCH] [NETFILTER]: nf_conntrack: reduce timer updates in __nf_ct_refresh_acct() Only update the conntrack timer if there's been at least HZ jiffies since the last update. Reduces the number of del_timer/add_timer cycles from one per packet to one per connection per second (plus once for each state change of a connection) Should handle timer wraparounds and connection timeout changes. Signed-off-by: Martin Josefsson Signed-off-by: Patrick McHardy --- net/netfilter/nf_conntrack_core.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index 355b330..3e7c0a9 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -864,9 +864,14 @@ void __nf_ct_refresh_acct(struct nf_conn *ct, ct->timeout.expires = extra_jiffies; event = IPCT_REFRESH; } else { - /* Need del_timer for race avoidance (may already be dying). */ - if (del_timer(&ct->timeout)) { - ct->timeout.expires = jiffies + extra_jiffies; + unsigned long newtime = jiffies + extra_jiffies; + + /* Only update the timeout if the new timeout is at least + HZ jiffies from the old timeout. Need del_timer for race + avoidance (may already be dying). */ + if (newtime - ct->timeout.expires >= HZ + && del_timer(&ct->timeout)) { + ct->timeout.expires = newtime; add_timer(&ct->timeout); event = IPCT_REFRESH; } -- 2.7.4