Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > > index 21f887c5058c..274f9370c56a 100644
> > > --- a/include/net/netfilter/nf_conntrack_extend.h
> > > +++ b/include/net/netfilter/nf_conntrack_extend.h
> > > @@ -28,6 +28,7 @@ enum nf_ct_ext_id {
> > > #if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)
> > > NF_CT_EXT_SYNPROXY,
> > > #endif
> > > + NF_CT_EXT_ID,
> >
> > I think, if we decide that this new id is needed,
> > we might as well place this directly in the extension
> > struct itself rather than an id.
> >
> > AFAIU this id is always active/set so we never have a
> > conntrack without this.
>
> I understand your goal would be to make this run faster for the first
> packet that is part of the connection. This would fit into the 128 bytes
> that we preallocate, so you're just trying to remove one level of
> indirection, right?
Yes, and save the space in the len/data array for the new extension id.
There is nothing else to it.
We currently do not have an "always on" extension, this would be the
first.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
