[Devel] [PATCH rh7 0/4] Create conntrack structures only if they are really needed
Kirill Tkhai
ktkhai at virtuozzo.com
Mon Sep 5 23:31:15 PDT 2016
Allocate conntracks only there is a rule, which uses them.
https://jira.sw.ru/browse/PSBM-51050
---
Kirill Tkhai (4):
net: Primitives to account conntrack users
net: Skip allocation of conntrack if there are no rules
net: Mark conntrack users in xtables
net: Mark conntrack users in nftables
include/net/net_namespace.h | 14 ++++++++++++++
include/net/netns/conntrack.h | 1 +
net/ipv4/netfilter/ipt_CLUSTERIP.c | 4 ++++
net/ipv4/netfilter/ipt_MASQUERADE.c | 7 +++++++
net/ipv4/netfilter/ipt_SYNPROXY.c | 7 ++++++-
net/ipv6/netfilter/ip6t_MASQUERADE.c | 7 +++++++
net/ipv6/netfilter/ip6t_SYNPROXY.c | 7 ++++++-
net/netfilter/nf_conntrack_core.c | 8 +++++++-
net/netfilter/nf_conntrack_netlink.c | 2 ++
net/netfilter/nf_synproxy_core.c | 2 ++
net/netfilter/nft_ct.c | 3 +++
net/netfilter/nft_nat.c | 9 +++++++++
net/netfilter/xt_CONNSECMARK.c | 3 +++
net/netfilter/xt_HMARK.c | 8 ++++++++
net/netfilter/xt_NETMAP.c | 8 ++++++++
net/netfilter/xt_REDIRECT.c | 9 +++++++++
net/netfilter/xt_cluster.c | 7 +++++++
net/netfilter/xt_connbytes.c | 3 +++
net/netfilter/xt_connlabel.c | 4 +++-
net/netfilter/xt_connlimit.c | 3 +++
net/netfilter/xt_connmark.c | 4 ++++
net/netfilter/xt_conntrack.c | 3 +++
net/netfilter/xt_helper.c | 2 ++
net/netfilter/xt_ipvs.c | 7 +++++++
net/netfilter/xt_nat.c | 18 ++++++++++++++++++
net/netfilter/xt_socket.c | 19 +++++++++++++++++++
net/netfilter/xt_state.c | 3 +++
27 files changed, 168 insertions(+), 4 deletions(-)
--
Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
More information about the Devel
mailing list