This patch series changes ecache infra to no longer allocate the extension by default. After this series, the default behaviour is to allocate the extension if either a conntrack template has been set to configure event masks via nft/iptables ruleset, the syctl 'nf_conntrack_events' is set to 1, or if a userspace program has subscribed to one of the ctnetlink event groups. This has advantages in case the events are not used: 1. Conntrack allocation/free avoids extra kmalloc/kfree call. 2. nf_confirm hook doesn't perform an indirect call into ctnetlink only to discover that there is nothing to do. Florian Westphal (4): netfilter: nfnetlink: allow to detect if ctnetlink listeners exist netfilter: conntrack: un-inline nf_ct_ecache_ext_add netfilter: conntrack: add nf_conntrack_events autodetect mode netfilter: prefer extension check to pointer check .../networking/nf_conntrack-sysctl.rst | 5 +- include/net/netfilter/nf_conntrack_core.h | 2 +- include/net/netfilter/nf_conntrack_ecache.h | 49 ++++++------------- include/net/netns/conntrack.h | 1 + net/netfilter/nf_conntrack_core.c | 15 ++++-- net/netfilter/nf_conntrack_ecache.c | 39 ++++++++++++++- net/netfilter/nf_conntrack_standalone.c | 2 +- net/netfilter/nfnetlink.c | 40 +++++++++++++-- 8 files changed, 108 insertions(+), 45 deletions(-) -- 2.35.1
