Hi netfilter-devel & netdev,
I have pulled my recent ip_conntrack patches up to 2.4.19, and have
that merge running now on my shiny new dual P-MMX 200. No surprises.
It's already up 40 minutes with hundreds of connections tracked!
Patch appended for curious people and would-be testers. All comments welcome.
This is not meant for inclusion anywhere, right now, just looking for some
eyeballs.
have a nice weekend
Patrick
Short Changelog, in order of probable importance:
- netfilter hook statistics, /proc/net/nf_hook_stat*, as a compile option
found under "Networking Options". Per-hook-function rdtscll() based
timing and occurrence counting. See netfilter in action for yourself!
- remove unneccessary add_timer() calls from per-packet processing.
Introduces new ip_conntrack->timeout_target, 4 byte in size.
The running timer is never disturbed when increasing monotonically.
That covers the normal ESTABLISHED case. When the timer runs out,
it possibly restarts itself to the then-current timeout_target.
- prefer to allocate the ip_conntrack hash using get_free_pages()
- use a single linked list to hash them. BTW, with bucket count
autoselection, this change doubles the number of available buckets.
Saves four byte per ip_conntrack_hash_tuple, 8 byte per ip_conntrack.
- in include/linux/skbuff.h, introduce nf_skb_forget(), and use that to
cleanup several of places in ipv4/ core stack code.
- make init_conntrack() a bit more sane, removes unneccessary hash
computations.
bof-ct-merged-20020803.Changelog
Description: Text document
bof-ct-merged-20020803.patch
Description: Text document
|