From 6678c9feb992feb49fc5b94c63d5e89562625b83 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Wed, 16 Jan 2013 12:56:44 +0100 Subject: [PATCH] nfq: avoid extra copy when running in workers mode currently, the packet payload recv()d from the nfqueue netlink socket is copied into a new packet buffer. This is required because the recv-buffer space used is tied to the current thread, but a packet may be handed off to other threads, and the recv-buffer can be re-used while the packet is handled by another thread. However, in worker runmode, the packet will always be handled by the current thread, and the recv-buffer will only be reused after the entire packet processing stack is done with the packet. Thus, in worker runmode, we can avoid the copy and assign the packet data area directly. --- src/source-nfq.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/source-nfq.c b/src/source-nfq.c index 3d1626ac95..740fc1eb22 100644 --- a/src/source-nfq.c +++ b/src/source-nfq.c @@ -107,7 +107,8 @@ extern int max_pending_packets; #define MAX_ALREADY_TREATED 5 #define NFQ_VERDICT_RETRY_TIME 3 -int already_seen_warning; +static int already_seen_warning; +static int runmode_workers; #define NFQ_BURST_FACTOR 4 @@ -277,12 +278,13 @@ static inline void NFQMutexInit(NFQQueueVars *nq) if (active_runmode && !strcmp("workers", active_runmode)) { nq->use_mutex = 0; + runmode_workers = 1; SCLogInfo("NFQ running in 'workers' runmode, will not use mutex."); } else { nq->use_mutex = 1; - } - if (nq->use_mutex) + runmode_workers = 0; SCMutexInit(&nq->mutex_qh, NULL); + } } #define NFQMutexLock(nq) do { \ @@ -346,6 +348,8 @@ int NFQSetupPkt (Packet *p, struct nfq_q_handle *qh, void *data) * This is unlikely to happen */ SCLogWarning(SC_ERR_INVALID_ARGUMENTS, "NFQ sent too big packet"); SET_PKT_LEN(p, 0); + } else if (runmode_workers) { + PacketSetData(p, (uint8_t *)pktdata, ret); } else { PacketCopyData(p, (uint8_t *)pktdata, ret); }