netfilter: conntrack: move ct counter to net_generic data

Its only needed from slowpath (sysctl, ctnetlink, gc worker) and when a new conntrack object is allocated. Furthermore, each write dirties the otherwise read-mostly pernet data in struct net.ct, which are accessed from packet path. Move it to the net_generic data. This makes struct netns_ct read-mostly. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2021-04-12 21:55:43 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2021-04-13 13:10:39 +0200
commit: c53bd0e96662c2f77109e08a9889c9e1ee86c52d (patch)
tree: e465cc24808ff62968cc474dcb8d2f8b33db6768 /include/net/netfilter
parent: f6f2e580d5f7152fb5ab11232edecb7fbeca3759 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 0578a905b1df..06dc6db70d18 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -45,6 +45,7 @@ union nf_conntrack_expect_proto {
 
 struct nf_conntrack_net {
 	/* only used when new connection is allocated: */
+	atomic_t count;
 	unsigned int expect_count;
 	u8 sysctl_auto_assign_helper;
 	bool auto_assign_helper_warned;
@@ -337,6 +338,7 @@ struct nf_conn *nf_ct_tmpl_alloc(struct net *net,
 void nf_ct_tmpl_free(struct nf_conn *tmpl);
 
 u32 nf_ct_get_id(const struct nf_conn *ct);
+u32 nf_conntrack_count(const struct net *net);
 
 static inline void
 nf_ct_set(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info info)
author	Florian Westphal <fw@strlen.de>	2021-04-12 21:55:43 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2021-04-13 13:10:39 +0200
commit	c53bd0e96662c2f77109e08a9889c9e1ee86c52d (patch)
tree	e465cc24808ff62968cc474dcb8d2f8b33db6768 /include/net/netfilter
parent	f6f2e580d5f7152fb5ab11232edecb7fbeca3759 (diff)