summaryrefslogtreecommitdiff
path: root/include/net/netns/nftables.h
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2020-08-27 20:28:42 +0300
committerPablo Neira Ayuso <pablo@netfilter.org>2020-09-08 14:02:44 +0300
commit67cc570edaa02016a8685a06a0ee91f05a6277d9 (patch)
treeb63abd09d1a7c144ddd786f29bec05365fb276f2 /include/net/netns/nftables.h
parent1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6 (diff)
downloadlinux-67cc570edaa02016a8685a06a0ee91f05a6277d9.tar.xz
netfilter: nf_tables: coalesce multiple notifications into one skbuff
On x86_64, each notification results in one skbuff allocation which consumes at least 768 bytes due to the skbuff overhead. This patch coalesces several notifications into one single skbuff, so each notification consumes at least ~211 bytes, that ~3.5 times less memory consumption. As a result, this is reducing the chances to exhaust the netlink socket receive buffer. Rule of thumb is that each notification batch only contains netlink messages whose report flag is the same, nfnetlink_send() requires this to do appropriate delivery to userspace, either via unicast (echo mode) or multicast (monitor mode). The skbuff control buffer is used to annotate the report flag for later handling at the new coalescing routine. The batch skbuff notification size is NLMSG_GOODSIZE, using a larger skbuff would allow for more socket receiver buffer savings (to amortize the cost of the skbuff even more), however, going over that size might break userspace applications, so let's be conservative and stick to NLMSG_GOODSIZE. Reported-by: Phil Sutter <phil@nwl.cc> Acked-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net/netns/nftables.h')
-rw-r--r--include/net/netns/nftables.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/netns/nftables.h b/include/net/netns/nftables.h
index a1a8d45adb42..6c0806bd8d1e 100644
--- a/include/net/netns/nftables.h
+++ b/include/net/netns/nftables.h
@@ -8,6 +8,7 @@ struct netns_nftables {
struct list_head tables;
struct list_head commit_list;
struct list_head module_list;
+ struct list_head notify_list;
struct mutex commit_mutex;
unsigned int base_seq;
u8 gencursor;