netfilter: conntrack: use a single hashtable for all namespaces

We already include netns address in the hash and compare the netns pointers during lookup, so even if namespaces have overlapping addresses entries will be spread across the table. Assuming 64k bucket size, this change saves 0.5 mbyte per namespace on a 64bit system. NAT bysrc and expectation hash is still per namespace, those will changed too soon. Future patch will also make conntrack object slab cache global again. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2016-05-02 18:39:55 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-05-05 16:39:47 +0200
commit: 56d52d4892d0e478a005b99ed10d0a7f488ea8c1 (patch)
tree: 89f2c12e4f197ac3876f5ebf01f61b7a3f49dd3e /net/netfilter/nf_nat_core.c
parent: 1b8c8a9f648c809c01a44114d7535ac8ca4c5ba3 (diff)
download: linux-56d52d4892d0e478a005b99ed10d0a7f488ea8c1.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_nat_core.c b/net/netfilter/nf_nat_core.c
index 3d522715a1675a..d74e7167499d86 100644
--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -824,7 +824,7 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct,
 static int __net_init nf_nat_net_init(struct net *net)
 {
 	/* Leave them the same for the moment. */
-	net->ct.nat_htable_size = net->ct.htable_size;
+	net->ct.nat_htable_size = nf_conntrack_htable_size;
 	net->ct.nat_bysource = nf_ct_alloc_hashtable(&net->ct.nat_htable_size, 0);
 	if (!net->ct.nat_bysource)
 		return -ENOMEM;
author	Florian Westphal <fw@strlen.de>	2016-05-02 18:39:55 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-05-05 16:39:47 +0200
commit	56d52d4892d0e478a005b99ed10d0a7f488ea8c1 (patch)
tree	89f2c12e4f197ac3876f5ebf01f61b7a3f49dd3e /net/netfilter/nf_nat_core.c
parent	1b8c8a9f648c809c01a44114d7535ac8ca4c5ba3 (diff)
download	linux-56d52d4892d0e478a005b99ed10d0a7f488ea8c1.tar.gz