linux/include/net/netfilter, branch v2.6.25

[NETFILTER]: nf_conntrack: replace horrible hack with ksize()

2008-03-10T23:43:41Z

There's a horrible slab abuse in net/netfilter/nf_conntrack_extend.c that can be replaced with a call to ksize(). Cc: Christoph Lameter Signed-off-by: Pekka Enberg Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_conntrack: fix ct_extend ->move operation

2008-02-08T01:56:34Z

The ->move operation has two bugs: - It is called with the same extension as source and destination, so it doesn't update the new extension. - The address of the old extension is calculated incorrectly, instead of (void *)ct->ext + ct->ext->offset[i] it uses ct->ext + ct->ext->offset[i]. Fixes a crash on x86_64 reported by Chuck Ebbert and Thomas Woerner . Tested-by: Thomas Woerner Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_conntrack: annotate l3protos with const

2008-02-01T03:28:13Z

Signed-off-by: Jan Engelhardt Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_{conntrack,nat}_proto_tcp: constify and annotate TCP modules

2008-02-01T03:28:10Z

Constify a few data tables use const qualifiers on variables where possible in the nf_*_proto_tcp sources. Signed-off-by: Jan Engelhardt Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_conntrack: naming unification

2008-02-01T03:27:59Z

Rename all "conntrack" variables to "ct" for more consistency and avoiding some overly long lines. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_conntrack: reorder struct nf_conntrack_l4proto

2008-02-01T03:27:57Z

Reorder struct nf_conntrack_l4proto so all members used during packet processing are in the same cacheline. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_conntrack: avoid duplicate protocol comparison in nf_ct_tuple_equal()

2008-02-01T03:27:56Z

nf_ct_tuple_src_equal() and nf_ct_tuple_dst_equal() both compare the protocol numbers. Unfortunately gcc doesn't optimize out the second comparison, so remove it and prefix both functions with __ to indicate that they should not be used directly. Saves another 16 byte of text in __nf_conntrack_find() on x86_64: nf_conntrack_tuple_taken | -20 # 320 -> 300, size inlines: 181 -> 161 __nf_conntrack_find | -16 # 267 -> 251, size inlines: 127 -> 115 __nf_conntrack_confirm | -40 # 875 -> 835, size inlines: 570 -> 537 3 functions changed, 76 bytes removed Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_conntrack: optimize __nf_conntrack_find()

2008-02-01T03:27:55Z

Ignoring specific entries in __nf_conntrack_find() is only needed by NAT for nf_conntrack_tuple_taken(). Remove it from __nf_conntrack_find() and make nf_conntrack_tuple_taken() search the hash itself. Saves 54 bytes of text in the hotpath on x86_64: __nf_conntrack_find | -54 # 321 -> 267, # inlines: 3 -> 2, size inlines: 181 -> 127 nf_conntrack_tuple_taken | +305 # 15 -> 320, lexblocks: 0 -> 3, # inlines: 0 -> 3, size inlines: 0 -> 181 nf_conntrack_find_get | -2 # 90 -> 88 3 functions changed, 305 bytes added, 56 bytes removed, diff: +249 Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_conntrack: switch rwlock to spinlock

2008-02-01T03:27:54Z

With the RCU conversion only write_lock usages of nf_conntrack_lock are left (except one read_lock that should actually use write_lock in the H.323 helper). Switch to a spinlock. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller

[NETFILTER]: nf_conntrack: use RCU for conntrack hash

2008-02-01T03:27:54Z

Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller