Eric Dumazet wrote: > Le mardi 01 juin 2010 à 12:41 +0200, Patrick McHardy a écrit : > >>> BTW, I notice nf_conntrack_untracked is incorrectly annotated >>> '__read_mostly'. >>> >>> It can be written very often :( >>> >>> Should'nt we special case it and let be really const ? >> That would need quite a bit of special-casing to avoid touching >> the reference counts. So far this is completely hidden, so I'd >> say it just shouldn't be marked __read_mostly. Alternatively we >> can make "untracked" a nfctinfo state. > > I tried this suggestion, (a new IP_CT_UNTRACKED ctinfo), over a per_cpu > untracked ct, but its a bit hard. > > For example, I cannot find a way to change ctnetlink_conntrack_event() : > > if (ct == &nf_conntrack_untracked) > return 0; > > Maybe this piece of code is not necessary, we should not come here > anyway, or it means several packets could store events for this (shared) > ct ? We probably shouldn't be reaching that code since that would mean that we previously did modifications to the untracked conntrack. But a quick audit shows that f.i. xt_connmark will do just that. > Obviously, an IPS_UNTRACKED bit would be much easier to implement. > Would it be acceptable ? That also would be fine. However the main idea behind using a nfctinfo bit was that we wouldn't need the untracked conntrack anymore at all. But I guess a per-cpu untrack conntrack would already be an improvement over the current situation. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
