On Feb 21 2008 16:38, Jan Engelhardt wrote: > >this is now the proposed memory reduction of xt_conntrack as previously >mentioned in http://marc.info/?l=netfilter-devel&m=120334779109237&w=2 . > >Since xt_conntrack r1 is new, we can still modify it. > >=== >commit 84622a5c5190ea1bf0a37695961714a04a99a9c0 >Author: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> >Date: Thu Feb 21 16:33:32 2008 +0100 > > [NETFILTER]: Deploy a prefix length to network mask mapping table > > Userspace utilities commonly transform a prefix length (CIDR notation > like 192.168.222.1/32) into a full netmask before submitting it to > the kernel. > > The size of struct xt_conntrack_mtinfo1 is currently 152 bytes, of > which 64 bytes are for masks. By submitting prefix lengths to the > kernel, we can save 60 bytes (almost 40%) as prefix lengths can fit > into one uint8_t. Since we do not want to recompute the mask for each > invocation of the match function, a static translation table will be > used (net/core/pfxlen.c). > > The patch also removes xt_hashlimit's obsolete mask computation. Can we merge this while r1 is not yet used by userspace? If not, that's fine too, will queue it for 2.6.26. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
