netfilter: nf_conntrack: avoid additional compare.

[karo-tx-linux.git] / net / netfilter / nf_conntrack_core.c

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index b5869b9574b08a52c4c16f04cdb3f17336f9d762..8e572d7c08c57e37d4c46f4efbad6afd8d332685 100644 (file)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -47,7 +47,7 @@
 
 int (*nfnetlink_parse_nat_setup_hook)(struct nf_conn *ct,
                                      enum nf_nat_manip_type manip,
-                                     struct nlattr *attr) __read_mostly;
+                                     const struct nlattr *attr) __read_mostly;
 EXPORT_SYMBOL_GPL(nfnetlink_parse_nat_setup_hook);
 
 DEFINE_SPINLOCK(nf_conntrack_lock);
@@ -511,11 +511,17 @@ static noinline int early_drop(struct net *net, unsigned int hash)
                        cnt++;
                }
 
-               if (ct && unlikely(nf_ct_is_dying(ct) ||
-                                  !atomic_inc_not_zero(&ct->ct_general.use)))
-                       ct = NULL;
-               if (ct || cnt >= NF_CT_EVICTION_RANGE)
+               if (ct != NULL) {
+                       if (likely(!nf_ct_is_dying(ct) &&
+                                  atomic_inc_not_zero(&ct->ct_general.use)))
+                               break;
+                       else
+                               ct = NULL;
+               }
+
+               if (cnt >= NF_CT_EVICTION_RANGE)
                        break;
+
                hash = (hash + 1) % nf_conntrack_htable_size;
        }
        rcu_read_unlock();
@@ -1089,14 +1095,14 @@ void nf_conntrack_flush_report(struct net *net, u32 pid, int report)
 }
 EXPORT_SYMBOL_GPL(nf_conntrack_flush_report);
 
-static void nf_ct_release_dying_list(void)
+static void nf_ct_release_dying_list(struct net *net)
 {
        struct nf_conntrack_tuple_hash *h;
        struct nf_conn *ct;
        struct hlist_nulls_node *n;
 
        spin_lock_bh(&nf_conntrack_lock);
-       hlist_nulls_for_each_entry(h, n, &init_net.ct.dying, hnnode) {
+       hlist_nulls_for_each_entry(h, n, &net->ct.dying, hnnode) {
                ct = nf_ct_tuplehash_to_ctrack(h);
                /* never fails to remove them, no listeners at this point */
                nf_ct_kill(ct);
@@ -1115,7 +1121,7 @@ static void nf_conntrack_cleanup_net(struct net *net)
 {
  i_see_dead_people:
        nf_ct_iterate_cleanup(net, kill_all, NULL);
-       nf_ct_release_dying_list();
+       nf_ct_release_dying_list(net);
        if (atomic_read(&net->ct.count) != 0) {
                schedule();
                goto i_see_dead_people;
@@ -1245,9 +1251,9 @@ static int nf_conntrack_init_init_net(void)
         * machine has 512 buckets. >= 1GB machines have 16384 buckets. */
        if (!nf_conntrack_htable_size) {
                nf_conntrack_htable_size
-                       = (((num_physpages << PAGE_SHIFT) / 16384)
+                       = (((totalram_pages << PAGE_SHIFT) / 16384)
                           / sizeof(struct hlist_head));
-               if (num_physpages > (1024 * 1024 * 1024 / PAGE_SIZE))
+               if (totalram_pages > (1024 * 1024 * 1024 / PAGE_SIZE))
                        nf_conntrack_htable_size = 16384;
                if (nf_conntrack_htable_size < 32)
                        nf_conntrack_htable_size = 32;