diff options
| author | Felix Fietkau <nbd@openwrt.org> | 2014-08-07 18:59:18 +0000 |
|---|---|---|
| committer | Felix Fietkau <nbd@openwrt.org> | 2014-08-07 18:59:18 +0000 |
| commit | 3e64341eacf17a0552e83bf4e34f2c3d4f049921 (patch) | |
| tree | 2d443a8ad970067b9eb5b1de0e7a603332206dea /target/linux/generic/patches-3.10 | |
| parent | ad876993d3ddfe5b4e916bf2e7af9b8e3e9e1a4e (diff) | |
| download | upstream-3e64341eacf17a0552e83bf4e34f2c3d4f049921.tar.gz upstream-3e64341eacf17a0552e83bf4e34f2c3d4f049921.tar.bz2 upstream-3e64341eacf17a0552e83bf4e34f2c3d4f049921.zip | |
kernel: improve ipv4 netfilter optimization patch
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 42045
Diffstat (limited to 'target/linux/generic/patches-3.10')
| -rw-r--r-- | target/linux/generic/patches-3.10/611-netfilter_match_bypass_default_table.patch | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/target/linux/generic/patches-3.10/611-netfilter_match_bypass_default_table.patch b/target/linux/generic/patches-3.10/611-netfilter_match_bypass_default_table.patch index 3cf0e5a32d..2e0324345b 100644 --- a/target/linux/generic/patches-3.10/611-netfilter_match_bypass_default_table.patch +++ b/target/linux/generic/patches-3.10/611-netfilter_match_bypass_default_table.patch @@ -34,33 +34,35 @@ /* Returns one of the generic firewall policies, like NF_ACCEPT. */ unsigned int ipt_do_table(struct sk_buff *skb, -@@ -334,6 +361,25 @@ ipt_do_table(struct sk_buff *skb, - ip = ip_hdr(skb); - indev = in ? in->name : nulldevname; - outdev = out ? out->name : nulldevname; -+ +@@ -331,9 +358,27 @@ ipt_do_table(struct sk_buff *skb, + unsigned int addend; + + /* Initialization */ + IP_NF_ASSERT(table->valid_hooks & (1 << hook)); + local_bh_disable(); -+ addend = xt_write_recseq_begin(); + private = table->private; + cpu = smp_processor_id(); + table_base = private->entries[cpu]; -+ jumpstack = (struct ipt_entry **)private->jumpstack[cpu]; -+ stackptr = per_cpu_ptr(private->stackptr, cpu); -+ origptr = *stackptr; -+ + e = get_entry(table_base, private->hook_entry[hook]); + if (ipt_handle_default_rule(e, &verdict)) { + ADD_COUNTER(e->counters, skb->len, 1); -+ xt_write_recseq_end(addend); + local_bh_enable(); + return verdict; + } + + ip = ip_hdr(skb); + indev = in ? in->name : nulldevname; + outdev = out ? out->name : nulldevname; ++ ++ addend = xt_write_recseq_begin(); ++ jumpstack = (struct ipt_entry **)private->jumpstack[cpu]; ++ stackptr = per_cpu_ptr(private->stackptr, cpu); ++ origptr = *stackptr; ++ /* We handle fragments by dealing with the first fragment as * if it was a normal packet. All other fragments are treated * normally, except that they will NEVER match rules that ask -@@ -348,18 +394,6 @@ ipt_do_table(struct sk_buff *skb, +@@ -348,18 +393,6 @@ ipt_do_table(struct sk_buff *skb, acpar.family = NFPROTO_IPV4; acpar.hooknum = hook; |