lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Tue,  6 Dec 2011 20:35:07 +0800
From:	Feng King <kinwin2008@...il.com>
To:	netfilter-devel@...r.kernel.org
Cc:	kaber@...sh.net, netdev@...r.kernel.org, davem@...emloft.net,
	Feng King <kinwin2008@...il.com>,
	Feng Jin <ronyjin@...cent.com>
Subject: [PATCH] conntrack: avoid unnecessary lock in tcp_packet

    when IPS_SEQ_ADJUST_BIT is not set, there are no need to obtain
net_offset in tcp_in_window from tcp_packet.
    nat_offset will acquire global nf_nat_seqofs_lock spinlock,
and on heavy load, there will be big contention. After 30 secs webbench
stress testing, we can see from lockstat:
                    nf_nat_seqofs_lock:        798200         798213
		    1.01          57.37      216229.42        9943722
		    10055712           0.61          60.70
		    1909636.49
 and from perf report, nf_nat_get_offset contributes 18.49% of our
 overall spin_lock_bh cost, It's unnecessary.

Signed-off-by: Feng Jin <ronyjin@...cent.com>
---
 net/netfilter/nf_conntrack_proto_tcp.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
index 8235b86..88c70f1 100644
--- a/net/netfilter/nf_conntrack_proto_tcp.c
+++ b/net/netfilter/nf_conntrack_proto_tcp.c
@@ -502,7 +502,8 @@ static inline s16 nat_offset(const struct nf_conn *ct,
 	return get_offset != NULL ? get_offset(ct, dir, seq) : 0;
 }
 #define NAT_OFFSET(pf, ct, dir, seq) \
-	(pf == NFPROTO_IPV4 ? nat_offset(ct, dir, seq) : 0)
+	((pf == NFPROTO_IPV4) && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status) \
+	    ? nat_offset(ct, dir, seq) : 0)
 #else
 #define NAT_OFFSET(pf, ct, dir, seq)	0
 #endif
-- 
1.7.7.3

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ