linux/net
Daniel Borkmann d64d80a2cd netfilter: x_tables: don't extract flow keys on early demuxed sks in socket match
Currently in xt_socket, we take advantage of early demuxed sockets
since commit 00028aa370 ("netfilter: xt_socket: use IP early demux")
in order to avoid a second socket lookup in the fast path, but we
only make partial use of this:

We still unnecessarily parse headers, extract proto, {s,d}addr and
{s,d}ports from the skb data, accessing possible conntrack information,
etc even though we were not even calling into the socket lookup via
xt_socket_get_sock_{v4,v6}() due to skb->sk hit, meaning those cycles
can be spared.

After this patch, we only proceed the slower, manual lookup path
when we have a skb->sk miss, thus time to match verdict for early
demuxed sockets will improve further, which might be i.e. interesting
for use cases such as mentioned in 681f130f39 ("netfilter: xt_socket:
add XT_SOCKET_NOWILDCARD flag").

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-04-08 16:47:49 +02:00
..
6lowpan 6lowpan: nhc: add other known rfc6282 compressions 2015-02-14 23:08:44 +01:00
9p Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
802 net: Kill dev_rebuild_header 2015-03-02 16:43:41 -05:00
8021q vlan: Add features for stacked vlan device 2015-03-29 13:33:21 -07:00
appletalk appletalk: Use eth_<foo>_addr instead of memset 2015-03-03 17:01:37 -05:00
atm atm: Use eth_<foo>_addr instead of memset 2015-03-03 17:01:37 -05:00
ax25 ax25: Fix the build when CONFIG_INET is disabled 2015-03-05 13:17:39 -05:00
batman-adv batman-adv: Fix use of seq_has_overflowed() 2015-02-22 17:00:08 -05:00
bluetooth Bluetooth: Unify advertising data code paths 2015-03-26 03:30:29 +01:00
bridge netfilter: bridge: really save frag_max_size between PRE and POST_ROUTING 2015-04-02 10:41:14 +02:00
caif Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
can Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-09 23:38:02 -04:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2015-02-19 14:14:42 -08:00
core net: rename dev to orig_dev in deliver_ptype_list_skb 2015-03-31 16:37:43 -04:00
dcb net/dcb: Add IEEE QCN attribute 2015-03-06 21:50:02 -05:00
dccp inet: fix double request socket freeing 2015-03-23 21:40:48 -04:00
decnet net: Remove protocol from struct dst_ops 2015-03-09 16:06:10 -04:00
dns_resolver
dsa net: dsa: Add basic framework to support ndo_fdb functions 2015-03-29 13:23:54 -07:00
ethernet ethernet: Use eth_<foo>_addr instead of memset 2015-03-03 17:01:38 -05:00
hsr net/hsr: Fix NULL pointer dereference and refcnt bugs when deleting a HSR interface. 2015-03-01 13:40:23 -05:00
ieee802154 ieee802154: don't export static symbol 2015-03-14 17:11:31 +01:00
ipv4 netlink: implement nla_get_in_addr and nla_get_in6_addr 2015-03-31 13:58:35 -04:00
ipv6 netlink: implement nla_get_in_addr and nla_get_in6_addr 2015-03-31 13:58:35 -04:00
ipx net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
irda Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-09 23:38:02 -04:00
iucv net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
key xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
l2tp netlink: implement nla_get_in_addr and nla_get_in6_addr 2015-03-31 13:58:35 -04:00
lapb
llc net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
mac80211 Lots of updates for net-next; along with the usual flurry 2015-03-31 16:39:04 -04:00
mac802154 mac802154: cleanup concurrent check 2015-03-27 19:18:50 +01:00
mpls mpls: In mpls_egress verify the packet length. 2015-03-12 23:05:04 -04:00
netfilter netfilter: x_tables: don't extract flow keys on early demuxed sks in socket match 2015-04-08 16:47:49 +02:00
netlabel netlink: implement nla_put_in_addr and nla_put_in6_addr 2015-03-31 13:58:35 -04:00
netlink rhashtable: provide len to obj_hashfn 2015-03-25 17:18:33 +01:00
netrom net: Kill dev_rebuild_header 2015-03-02 16:43:41 -05:00
nfc net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
openvswitch netlink: implement nla_get_in_addr and nla_get_in6_addr 2015-03-31 13:58:35 -04:00
packet af_packet: pass checksum validation status to the user 2015-03-23 22:01:28 -04:00
phonet net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
rfkill Last round of updates for net-next: 2015-02-04 14:57:45 -08:00
rose net: Kill dev_rebuild_header 2015-03-02 16:43:41 -05:00
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-03-20 18:51:09 -04:00
sched act_bpf: add initial eBPF support for actions 2015-03-20 19:10:44 -04:00
sctp sctp: avoid to repeatedly declare external variables 2015-03-25 11:40:16 -04:00
sunrpc sunrpc: fix braino in ->poll() 2015-03-08 12:53:46 -07:00
switchdev switchdev: fix stp update API to work with layered netdevices 2015-03-23 16:44:56 -04:00
tipc tipc: fix two bugs in secondary destination lookup 2015-03-29 13:47:36 -07:00
unix net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
vmw_vsock net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
wimax
wireless Lots of updates for net-next; along with the usual flurry 2015-03-31 16:39:04 -04:00
x25 net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
xfrm xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
compat.c net: socket: add support for async operations 2015-03-23 16:41:36 -04:00
Kconfig kconfig: use bool instead of boolean for type definition attributes 2015-01-07 13:08:04 +01:00
Makefile mpls: Refactor how the mpls module is built 2015-03-04 00:26:06 -05:00
socket.c net: socket: add support for async operations 2015-03-23 16:41:36 -04:00
sysctl_net.c