From patchwork Sat Jan 15 11:28:50 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Changli Gao X-Patchwork-Id: 79050 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 98B20B6EE8 for ; Sat, 15 Jan 2011 22:29:46 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752594Ab1AOL3j (ORCPT ); Sat, 15 Jan 2011 06:29:39 -0500 Received: from mail-iy0-f174.google.com ([209.85.210.174]:54930 "EHLO mail-iy0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752275Ab1AOL3h (ORCPT ); Sat, 15 Jan 2011 06:29:37 -0500 Received: by mail-iy0-f174.google.com with SMTP id 18so3258405iyj.19 for ; Sat, 15 Jan 2011 03:29:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:from:to:cc:subject:date:message-id:x-mailer :in-reply-to:references; bh=86sLAxq4+6AknfH4NZ5tbROYNwohlvAZVSKyf8qVKG0=; b=ETydotQS3zW7RQ+BtXF3h0Hu+3tZtSUg39Mfpg97vft3pUB8aSNwDcqgPN8/3jAjfR mG4/IlJ2DjtYDglvGLaR0ldt7laXUi1DpeFELBOEU47md9FTi8+2Bwru3F7EJxMQoKab qXHj7dvAQXxkVQsmVxdrktURPoJAvW7RsvzaA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer:in-reply-to:references; b=xCtzxHlV52JTilZVJSTqXyL+HDmxeR5xIiloiDkFqy0m6fMiRecNuvuUamBb1rrmtq ydRJ/+gH9Bi/oAoFbmcsYEC4zt+Gd86OGNcAhyLwnv6WYSjMR4weCE3/goN42rgW7YVq j4NSWGZptFzL35tKTKvaPZgMCtK0dG1+iHIyM= Received: by 10.231.39.133 with SMTP id g5mr1939451ibe.28.1295090977390; Sat, 15 Jan 2011 03:29:37 -0800 (PST) Received: from localhost.localdomain ([221.239.34.230]) by mx.google.com with ESMTPS id 8sm1884124iba.4.2011.01.15.03.29.27 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sat, 15 Jan 2011 03:29:36 -0800 (PST) From: Changli Gao To: Patrick McHardy Cc: "David S. Miller" , netfilter-devel@vger.kernel.org, netdev@vger.kernel.org, Changli Gao Subject: [PATCH resend] netfilter: make rcu read section smaller Date: Sat, 15 Jan 2011 19:28:50 +0800 Message-Id: <1295090930-16671-2-git-send-email-xiaosuo@gmail.com> X-Mailer: git-send-email 1.7.1 In-Reply-To: <1295090930-16671-1-git-send-email-xiaosuo@gmail.com> References: <1295090930-16671-1-git-send-email-xiaosuo@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Signed-off-by: Changli Gao --- net/ipv4/netfilter/nf_nat_core.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index c04787c..7300611 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c @@ -85,7 +85,7 @@ in_range(const struct nf_conntrack_tuple *tuple, const struct nf_nat_range *range) { const struct nf_nat_protocol *proto; - int ret = 0; + int ret = 1; /* If we are supposed to map IPs, then we must be in the range specified, otherwise let this drag us onto a new src IP. */ @@ -95,13 +95,14 @@ in_range(const struct nf_conntrack_tuple *tuple, return 0; } - rcu_read_lock(); - proto = __nf_nat_proto_find(tuple->dst.protonum); - if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) || - proto->in_range(tuple, IP_NAT_MANIP_SRC, - &range->min, &range->max)) - ret = 1; - rcu_read_unlock(); + if (range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { + rcu_read_lock(); + proto = __nf_nat_proto_find(tuple->dst.protonum); + if (!proto->in_range(tuple, IP_NAT_MANIP_SRC, &range->min, + &range->max)) + ret = 0; + rcu_read_unlock(); + } return ret; } @@ -235,22 +236,21 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple, /* 3) The per-protocol part of the manip is made to map into the range to make a unique tuple. */ + if (!(range->flags & (IP_NAT_RANGE_PROTO_RANDOM | + IP_NAT_RANGE_PROTO_SPECIFIED)) && + !nf_nat_used_tuple(tuple, ct)) + return; rcu_read_lock(); proto = __nf_nat_proto_find(orig_tuple->dst.protonum); /* Only bother mapping if it's not already in range and unique */ - if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) { - if (range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) { - if (proto->in_range(tuple, maniptype, &range->min, - &range->max) && - (range->min.all == range->max.all || - !nf_nat_used_tuple(tuple, ct))) - goto out; - } else if (!nf_nat_used_tuple(tuple, ct)) { - goto out; - } - } + if ((range->flags & (IP_NAT_RANGE_PROTO_RANDOM | + IP_NAT_RANGE_PROTO_SPECIFIED)) == + IP_NAT_RANGE_PROTO_SPECIFIED && + proto->in_range(tuple, maniptype, &range->min, &range->max) && + (range->min.all == range->max.all || !nf_nat_used_tuple(tuple, ct))) + goto out; /* Last change: get protocol to try to obtain unique tuple. */ proto->unique_tuple(tuple, range, maniptype, ct);