diff -urN linux-2.4.21-bk1141-pom-20030429-extra/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.4.21-bk1141-pom-20030429-optim/include/linux/netfilter_ipv4/ip_conntrack.h --- linux-2.4.21-bk1141-pom-20030429-extra/include/linux/netfilter_ipv4/ip_conntrack.h Wed Apr 30 23:58:53 2003 +++ linux-2.4.21-bk1141-pom-20030429-optim/include/linux/netfilter_ipv4/ip_conntrack.h Thu May 1 00:01:31 2003 @@ -270,6 +270,9 @@ extern void ip_ct_refresh(struct ip_conntrack *ct, unsigned long extra_jiffies); +/* Kill conntrack */ +extern void ip_ct_death_by_timeout(unsigned long ul_conntrack); + /* These are for NAT. Icky. */ /* Call me when a conntrack is destroyed. */ extern void (*ip_conntrack_destroyed)(struct ip_conntrack *conntrack); diff -urN linux-2.4.21-bk1141-pom-20030429-extra/net/ipv4/netfilter/ip_conntrack_core.c linux-2.4.21-bk1141-pom-20030429-optim/net/ipv4/netfilter/ip_conntrack_core.c --- linux-2.4.21-bk1141-pom-20030429-extra/net/ipv4/netfilter/ip_conntrack_core.c Wed Apr 30 23:58:58 2003 +++ linux-2.4.21-bk1141-pom-20030429-optim/net/ipv4/netfilter/ip_conntrack_core.c Thu May 1 00:01:31 2003 @@ -354,7 +354,7 @@ atomic_dec(&ip_conntrack_count); } -static void death_by_timeout(unsigned long ul_conntrack) +void ip_ct_death_by_timeout(unsigned long ul_conntrack) { struct ip_conntrack *ct = (void *)ul_conntrack; @@ -379,9 +379,10 @@ const struct ip_conntrack *ignored_conntrack) { struct ip_conntrack_tuple_hash *h; + size_t hash = hash_conntrack(tuple); MUST_BE_READ_LOCKED(&ip_conntrack_lock); - h = LIST_FIND(&ip_conntrack_hash[hash_conntrack(tuple)], + h = LIST_FIND(&ip_conntrack_hash[hash], conntrack_tuple_cmp, struct ip_conntrack_tuple_hash *, tuple, ignored_conntrack); @@ -635,7 +636,7 @@ return dropped; if (del_timer(&h->ctrack->timeout)) { - death_by_timeout((unsigned long)h->ctrack); + ip_ct_death_by_timeout((unsigned long)h->ctrack); dropped = 1; } ip_conntrack_put(h->ctrack); @@ -723,7 +724,7 @@ /* Don't set timer yet: wait for confirmation */ init_timer(&conntrack->timeout); conntrack->timeout.data = (unsigned long)conntrack; - conntrack->timeout.function = death_by_timeout; + conntrack->timeout.function = ip_ct_death_by_timeout; INIT_LIST_HEAD(&conntrack->sibling_list); @@ -1279,8 +1280,10 @@ if (!is_confirmed(ct)) ct->timeout.expires = extra_jiffies; else { - /* Need del_timer for race avoidance (may already be dying). */ - if (del_timer(&ct->timeout)) { + /* Don't update timer for each packet, only if it's been >HZ + * ticks since last update. + * Need del_timer for race avoidance (may already be dying). */ + if (abs(jiffies + extra_jiffies - ct->timeout.expires) >= HZ && del_timer(&ct->timeout)) { ct->timeout.expires = jiffies + extra_jiffies; add_timer(&ct->timeout); } @@ -1405,7 +1408,7 @@ while ((h = get_next_corpse(kill, data)) != NULL) { /* Time to push up daises... */ if (del_timer(&h->ctrack->timeout)) - death_by_timeout((unsigned long)h->ctrack); + ip_ct_death_by_timeout((unsigned long)h->ctrack); /* ... else the timer will get him soon. */ ip_conntrack_put(h->ctrack); diff -urN linux-2.4.21-bk1141-pom-20030429-extra/net/ipv4/netfilter/ip_conntrack_pptp.c linux-2.4.21-bk1141-pom-20030429-optim/net/ipv4/netfilter/ip_conntrack_pptp.c --- linux-2.4.21-bk1141-pom-20030429-extra/net/ipv4/netfilter/ip_conntrack_pptp.c Wed Apr 30 23:58:34 2003 +++ linux-2.4.21-bk1141-pom-20030429-optim/net/ipv4/netfilter/ip_conntrack_pptp.c Thu May 1 00:01:32 2003 @@ -108,11 +108,13 @@ continue; } - DEBUGP("setting timeout of conntrack %p to 0\n", + DEBUGP("killing conntrack %p\n", exp->sibling); exp->sibling->proto.gre.timeout = 0; exp->sibling->proto.gre.stream_timeout = 0; - ip_ct_refresh(exp->sibling, 0); + + if (del_timer(&exp->sibling->timeout)) + ip_ct_death_by_timeout((unsigned long)exp->sibling); } return 0; diff -urN linux-2.4.21-bk1141-pom-20030429-extra/net/ipv4/netfilter/ip_conntrack_standalone.c linux-2.4.21-bk1141-pom-20030429-optim/net/ipv4/netfilter/ip_conntrack_standalone.c --- linux-2.4.21-bk1141-pom-20030429-extra/net/ipv4/netfilter/ip_conntrack_standalone.c Wed Apr 30 23:58:58 2003 +++ linux-2.4.21-bk1141-pom-20030429-optim/net/ipv4/netfilter/ip_conntrack_standalone.c Thu May 1 00:01:31 2003 @@ -504,6 +504,7 @@ EXPORT_SYMBOL(ip_conntrack_helper_unregister); EXPORT_SYMBOL(ip_ct_selective_cleanup); EXPORT_SYMBOL(ip_ct_refresh); +EXPORT_SYMBOL(ip_ct_death_by_timeout); EXPORT_SYMBOL(ip_ct_find_proto); EXPORT_SYMBOL(__ip_ct_find_proto); EXPORT_SYMBOL(ip_ct_find_helper);