[netfilter-cvslog] r3703 - trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter

laforge at netfilter.org laforge at netfilter.org
Tue Feb 15 02:58:13 CET 2005


Author: laforge at netfilter.org
Date: 2005-02-15 02:58:13 +0100 (Tue, 15 Feb 2005)
New Revision: 3703

Modified:
   trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
Log:
Conntrack Hash Allocation using __get_free_pages


Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c	2005-02-15 01:54:10 UTC (rev 3702)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_core.c	2005-02-15 01:58:13 UTC (rev 3703)
@@ -80,6 +80,7 @@
 struct nf_conn nf_conntrack_untracked;
 unsigned int nf_ct_log_invalid;
 static LIST_HEAD(unconfirmed);
+static nf_conntrack_vmalloc;
 
 DEFINE_PER_CPU(struct nf_conntrack_stat, nf_conntrack_stat);
 EXPORT_PER_CPU_SYMBOL(nf_conntrack_stat);
@@ -1296,7 +1297,7 @@
 }
 
 /* Alter reply tuple (maybe alter helper).  This is for NAT, and is
-   implicitly racy: see __ip_conntrack_confirm */
+   implicitly racy: see __nf_conntrack_confirm */
 void nf_conntrack_alter_reply(struct nf_conn *conntrack,
 			      const struct nf_conntrack_tuple *newreply)
 {
@@ -1475,6 +1476,16 @@
 	return 1;
 }
 
+static void free_conntrack_hash(void)
+{
+	if (nf_conntrack_vmalloc)
+		vfree(nf_conntrack_hash);
+	else
+		free_pages((unsigned long)nf_conntrack_hash, 
+			   get_order(sizeof(struct list_head)
+				     * nf_conntrack_htable_size));
+}
+
 /* Mishearing the voices in his head, our hero wonders how he's
    supposed to kill the mall. */
 void nf_conntrack_cleanup(void)
@@ -1502,7 +1513,7 @@
 		nf_conntrack_unregister_cache(i);
 	}
 	kmem_cache_destroy(nf_conntrack_expect_cachep);
-	vfree(nf_conntrack_hash);
+	free_conntrack_hash();
 }
 
 static int hashsize;
@@ -1532,8 +1543,20 @@
 	       NF_CONNTRACK_VERSION, nf_conntrack_htable_size,
 	       nf_conntrack_max);
 
-	nf_conntrack_hash = vmalloc(sizeof(struct list_head)
-				    * nf_conntrack_htable_size);
+	/* AK: the hash table is twice as big than needed because it
+	   uses list_head.  it would be much nicer to caches to use a
+	   single pointer list head here. */
+	nf_conntrack_vmalloc = 0; 
+	nf_conntrack_hash 
+		=(void*)__get_free_pages(GFP_KERNEL, 
+					 get_order(sizeof(struct list_head)
+						   *nf_conntrack_htable_size));
+	if (!nf_conntrack_hash) { 
+		nf_conntrack_vmalloc = 1;
+		printk(KERN_WARNING "nf_conntrack: falling back to vmalloc.\n");
+		nf_conntrack_hash = vmalloc(sizeof(struct list_head)
+					    * nf_conntrack_htable_size);
+	}
 	if (!nf_conntrack_hash) {
 		printk(KERN_ERR "Unable to create nf_conntrack_hash\n");
 		goto err_unreg_sockopt;




More information about the netfilter-cvslog mailing list