ipv4: Elide fib_validate_source() completely when possible.
If rpfilter is off (or the SKB has an IPSEC path) and there are not tclassid users, we don't have to do anything at all when fib_validate_source() is invoked besides setting the itag to zero. We monitor tclassid uses with a counter (modified only under RTNL and marked __read_mostly) and we protect the fib_validate_source() real work with a test against this counter and whether rpfilter is to be done. Having a way to know whether we need no tclassid processing or not also opens the door for future optimized rpfilter algorithms that do not perform full FIB lookups. Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
parent
b8c8430726
commit
7a9bc9b81a
6 changed files with 59 additions and 9 deletions
|
|
@ -151,6 +151,8 @@ static void fib_rules_cleanup_ops(struct fib_rules_ops *ops)
|
|||
|
||||
list_for_each_entry_safe(rule, tmp, &ops->rules_list, list) {
|
||||
list_del_rcu(&rule->list);
|
||||
if (ops->delete)
|
||||
ops->delete(rule);
|
||||
fib_rule_put(rule);
|
||||
}
|
||||
}
|
||||
|
|
@ -499,6 +501,8 @@ static int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg)
|
|||
|
||||
notify_rule_change(RTM_DELRULE, rule, ops, nlh,
|
||||
NETLINK_CB(skb).pid);
|
||||
if (ops->delete)
|
||||
ops->delete(rule);
|
||||
fib_rule_put(rule);
|
||||
flush_route_cache(ops);
|
||||
rules_ops_put(ops);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue