summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLi RongQing <lirongqing@baidu.com>2019-02-26 10:20:52 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2019-03-01 14:36:46 +0100
commit2e7b162c5e911050be84c86c6226a5e21bba5771 (patch)
tree52d6651b215a8a12ccb3dda7d93c3f8c6a1e20fa
parentnetfilter: nf_tables: check the result of dereferencing base_chain->stats (diff)
downloadlinux-2e7b162c5e911050be84c86c6226a5e21bba5771.tar.xz
linux-2e7b162c5e911050be84c86c6226a5e21bba5771.zip
netfilter: nf_conntrack: ensure that CONNTRACK_LOCKS is power of 2
CONNTRACK_LOCKS is divisor when computer array index, if it is power of 2, compiler will optimize modulo operation as bitwise AND, or else modulo will lower performance. Suggested-by: Florian Westphal <fw@strlen.de> Signed-off-by: Li RongQing <lirongqing@baidu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/netfilter/nf_conntrack_core.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index ff9313c579b4..82bfbeef46af 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -2480,6 +2480,7 @@ int nf_conntrack_init_net(struct net *net)
int cpu;
BUILD_BUG_ON(IP_CT_UNTRACKED == IP_CT_NUMBER);
+ BUILD_BUG_ON_NOT_POWER_OF_2(CONNTRACK_LOCKS);
atomic_set(&net->ct.count, 0);
net->ct.pcpu_lists = alloc_percpu(struct ct_pcpu);