[NET]: Avoid unnecessary cloning for ingress filtering
As it is we always invoke pt_prev before ing_filter, even if there are no ingress filters attached. This can cause unnecessary cloning in pt_prev. This patch changes it so that we only invoke pt_prev if there are ingress filters attached. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Herbert Xu
David S. Miller
parent
776c729e8d
commit
f697c3e8b3
1 changed files with 43 additions and 31 deletions
|
|
@ -1949,28 +1949,52 @@ static int ing_filter(struct sk_buff *skb)
|
||||||
struct Qdisc *q;
|
struct Qdisc *q;
|
||||||
struct net_device *dev = skb->dev;
|
struct net_device *dev = skb->dev;
|
||||||
int result = TC_ACT_OK;
|
int result = TC_ACT_OK;
|
||||||
|
u32 ttl = G_TC_RTTL(skb->tc_verd);
|
||||||
|
|
||||||
if (dev->qdisc_ingress) {
|
if (MAX_RED_LOOP < ttl++) {
|
||||||
__u32 ttl = (__u32) G_TC_RTTL(skb->tc_verd);
|
printk(KERN_WARNING
|
||||||
if (MAX_RED_LOOP < ttl++) {
|
"Redir loop detected Dropping packet (%d->%d)\n",
|
||||||
printk(KERN_WARNING "Redir loop detected Dropping packet (%d->%d)\n",
|
skb->iif, dev->ifindex);
|
||||||
skb->iif, skb->dev->ifindex);
|
return TC_ACT_SHOT;
|
||||||
return TC_ACT_SHOT;
|
|
||||||
}
|
|
||||||
|
|
||||||
skb->tc_verd = SET_TC_RTTL(skb->tc_verd,ttl);
|
|
||||||
|
|
||||||
skb->tc_verd = SET_TC_AT(skb->tc_verd,AT_INGRESS);
|
|
||||||
|
|
||||||
spin_lock(&dev->ingress_lock);
|
|
||||||
if ((q = dev->qdisc_ingress) != NULL)
|
|
||||||
result = q->enqueue(skb, q);
|
|
||||||
spin_unlock(&dev->ingress_lock);
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
skb->tc_verd = SET_TC_RTTL(skb->tc_verd, ttl);
|
||||||
|
skb->tc_verd = SET_TC_AT(skb->tc_verd, AT_INGRESS);
|
||||||
|
|
||||||
|
spin_lock(&dev->ingress_lock);
|
||||||
|
if ((q = dev->qdisc_ingress) != NULL)
|
||||||
|
result = q->enqueue(skb, q);
|
||||||
|
spin_unlock(&dev->ingress_lock);
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static inline struct sk_buff *handle_ing(struct sk_buff *skb,
|
||||||
|
struct packet_type **pt_prev,
|
||||||
|
int *ret, struct net_device *orig_dev)
|
||||||
|
{
|
||||||
|
if (!skb->dev->qdisc_ingress)
|
||||||
|
goto out;
|
||||||
|
|
||||||
|
if (*pt_prev) {
|
||||||
|
*ret = deliver_skb(skb, *pt_prev, orig_dev);
|
||||||
|
*pt_prev = NULL;
|
||||||
|
} else {
|
||||||
|
/* Huh? Why does turning on AF_PACKET affect this? */
|
||||||
|
skb->tc_verd = SET_TC_OK2MUNGE(skb->tc_verd);
|
||||||
|
}
|
||||||
|
|
||||||
|
switch (ing_filter(skb)) {
|
||||||
|
case TC_ACT_SHOT:
|
||||||
|
case TC_ACT_STOLEN:
|
||||||
|
kfree_skb(skb);
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
out:
|
||||||
|
skb->tc_verd = 0;
|
||||||
|
return skb;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
int netif_receive_skb(struct sk_buff *skb)
|
int netif_receive_skb(struct sk_buff *skb)
|
||||||
|
|
@ -2021,21 +2045,9 @@ int netif_receive_skb(struct sk_buff *skb)
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_NET_CLS_ACT
|
#ifdef CONFIG_NET_CLS_ACT
|
||||||
if (pt_prev) {
|
skb = handle_ing(skb, &pt_prev, &ret, orig_dev);
|
||||||
ret = deliver_skb(skb, pt_prev, orig_dev);
|
if (!skb)
|
||||||
pt_prev = NULL; /* noone else should process this after*/
|
|
||||||
} else {
|
|
||||||
skb->tc_verd = SET_TC_OK2MUNGE(skb->tc_verd);
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = ing_filter(skb);
|
|
||||||
|
|
||||||
if (ret == TC_ACT_SHOT || (ret == TC_ACT_STOLEN)) {
|
|
||||||
kfree_skb(skb);
|
|
||||||
goto out;
|
goto out;
|
||||||
}
|
|
||||||
|
|
||||||
skb->tc_verd = 0;
|
|
||||||
ncls:
|
ncls:
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue