From nobody Sun Feb 8 05:07:53 2026 Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A325F309F13 for ; Fri, 30 Jan 2026 07:22:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769757738; cv=none; b=VvDhs7JXxaQOUTEVMWdmHcVCsyy4zEqLpGO3yXfew/ThUZn/PXTSSpRBmjPvKgC5uwhLtChsSPG8pnQaP7yNkeYocE6eWiBD+nrhRV4EQeTfgaSGgzp3qcNdjfCg3jcjSqoaPUoEoCrS8DCcjsUJjIZxgbqHCl6bDiOmL9yvHUs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769757738; c=relaxed/simple; bh=scpHbiU85fPKFr3iZ5a8B06uHXcjdSPXniUbJsWoh5k=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=Yk+vKc18tM/y+/p7Gxc9k/g4so3K+YVCxzoZ6blcHDgGr9OYXGahoiO6ioVPLGXXp5vFhVmGIyQvzDxQpF8XuaCyNQ2C6b3XgJZx75Rpr3h5SBjambrujP7uduD8CzDbxNCJo+ZCDxABGMKajPYQwwoWyVK2dGDEzj5xOtOzzGo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=cQwmQm6L; arc=none smtp.client-ip=209.85.208.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="cQwmQm6L" Received: by mail-ed1-f41.google.com with SMTP id 4fb4d7f45d1cf-65812261842so4283926a12.1 for ; Thu, 29 Jan 2026 23:22:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769757735; x=1770362535; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=0lV1Eb14MHHXl34cLNbbdByp1XdnJD9vp/7a+55/aDk=; b=cQwmQm6LdQ1GoFYIID9LxpBt35vzfmqsXTxMsjgNifnTTB8MKJkO5cNjTlhfURddro i5N4Pc8XW/1UNczzgir44OOAqTbquBFnP4+jXujj5gwFwyteKtFIgWTgbmS5OjzsxmZ1 cJBS5Xuc8cdpLglFNrwqc7n/1u20mejI+dfH1z7HOAz06ovruXlBfIuuKPJYiR/RerEy Oj25silYh+WS7PYNLwJLB2l4SsBajrO7bybZ9qvFeFrdjj+WFHFQ9HcLNFcMHUZZcMym tFEPpIzffyNFYjb4sOudbEqhum7T+yi1Yejpn+1NW6bSF1PF1WRYC4yeAnVLly3vmWku 9mvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769757735; x=1770362535; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=0lV1Eb14MHHXl34cLNbbdByp1XdnJD9vp/7a+55/aDk=; b=H2p860nTyE0DKc8c9F9qFp3yoBC4STQcmz8uAJAz4j3yLXwH3YScBklvSeJTLtqYcH LkML1wY39rkWnz3hBoexn4CDEPbBsIldopMvu6snPIm6cxqxr3s2o6Bg+sKCpf4CVnX7 ozO6gV46aSjcP+Hgs8FSI1TabhyhK/IApd+vg3htHLkmJ+ckA7XirFd+KP4+HPFOc1uy EBFov3SWxa4qod/uTte5BDCMd60VP3M8tBxNKCi2pGaRZqpvbAA/tPbNBd1Do2BuY1Vy laiAhnmrFCtA5IgQwY5low9TyfsKf2GdsBo7tpiS6uxN8udDidhxNb+1ZqzPEd3IYLX0 SMqQ== X-Forwarded-Encrypted: i=1; AJvYcCWgrGRmPZwU1as68O5OI2Q7hKye0fq9Ym5oJZWONrJfyJZXBnPDvOfe+UAspRZ+BA4CkHmmqBqpsRZjyrw=@vger.kernel.org X-Gm-Message-State: AOJu0Yw1NhMDHDqCKSy6DqfCbIakCeINKAf/wGCtjPppAkNspPeprCRs 7oS+YPOTik/lu0OMt5rDkxXDEvcG0lpFbAbyXT2yh3wJkQGTss6fHBZV X-Gm-Gg: AZuq6aJVAnM5nYAk70YbFwnCQeVgDghIMqRy2BVwLE6455sU4NsdFBYNIiDVUWknFpo L7vQmvfJZubi+Ds5sct+WK2k/j4Cu/B6RoMagPTksW+Sv8u3wRdHqyy0FSEo6zn4x+B+Rr7v1cq 8XrQkfCXSY4kndrjRdeDGQsDBy4uN0QHEJ4OU6IKGNycmnzX7rJKzLtXwQU3JMSH3rgnyS/RsdA zQlHCKspGqbBmWui8AuNkFUT4YuNuP/LGFw0WY5d2bOLl9uEQ1DfehH8X1FHn47ERAjr0Gdf4Mg EDgokOUyHCXtUGr8XWIyttRlHYaE+8XG502HB3o4wf01A8e1oDHkH+ejG1xJasd/BSeG3tOI65o IwewtSHkEm+OBDbg56/T6zTb9mKcwawWUvdXa+peY9gl0LnC1hZVm8ACXw5KT+YlQcoQ= X-Received: by 2002:a17:907:9805:b0:b87:7430:d5e2 with SMTP id a640c23a62f3a-b8ddf85c0a2mr331985166b.12.1769757734675; Thu, 29 Jan 2026 23:22:14 -0800 (PST) Received: from gmail.com ([2a09:bac5:4e22:2e3c::49b:47]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-b8dbf2f3e33sm379318466b.71.2026.01.29.23.22.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 29 Jan 2026 23:22:14 -0800 (PST) From: Qingfang Deng To: Pablo Neira Ayuso , Florian Westphal , Phil Sutter , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Simon Horman , netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Lorenzo Bianconi Subject: [PATCH nf-next v2] netfilter: flowtable: dedicated slab for flow entry Date: Fri, 30 Jan 2026 15:22:07 +0800 Message-ID: <20260130072208.108345-1-dqfext@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The size of `struct flow_offload` has grown beyond 256 bytes on 64-bit kernels (currently 280 bytes) because of the `flow_offload_tunnel` member added recently. So kmalloc() allocates from the kmalloc-512 slab, causing significant memory waste per entry. Introduce a dedicated slab cache for flow entries to reduce memory footprint. Results in a reduction from 512 bytes to 320 bytes per entry on x86_64 kernels. Signed-off-by: Qingfang Deng --- v2: use KMEM_CACHE macro - https://lore.kernel.org/netfilter-devel/20260129101213.74557-1-dqfext@g= mail.com/ net/netfilter/nf_flow_table_core.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_tab= le_core.c index 06e8251a6644..2c4140e6f53c 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -16,6 +16,7 @@ =20 static DEFINE_MUTEX(flowtable_lock); static LIST_HEAD(flowtables); +static __read_mostly struct kmem_cache *flow_offload_cachep; =20 static void flow_offload_fill_dir(struct flow_offload *flow, @@ -56,7 +57,7 @@ struct flow_offload *flow_offload_alloc(struct nf_conn *c= t) if (unlikely(nf_ct_is_dying(ct))) return NULL; =20 - flow =3D kzalloc(sizeof(*flow), GFP_ATOMIC); + flow =3D kmem_cache_zalloc(flow_offload_cachep, GFP_ATOMIC); if (!flow) return NULL; =20 @@ -812,9 +813,13 @@ static int __init nf_flow_table_module_init(void) { int ret; =20 + flow_offload_cachep =3D KMEM_CACHE(flow_offload, SLAB_HWCACHE_ALIGN); + if (!flow_offload_cachep) + return -ENOMEM; + ret =3D register_pernet_subsys(&nf_flow_table_net_ops); if (ret < 0) - return ret; + goto out_pernet; =20 ret =3D nf_flow_table_offload_init(); if (ret) @@ -830,6 +835,8 @@ static int __init nf_flow_table_module_init(void) nf_flow_table_offload_exit(); out_offload: unregister_pernet_subsys(&nf_flow_table_net_ops); +out_pernet: + kmem_cache_destroy(flow_offload_cachep); return ret; } =20 @@ -837,6 +844,7 @@ static void __exit nf_flow_table_module_exit(void) { nf_flow_table_offload_exit(); unregister_pernet_subsys(&nf_flow_table_net_ops); + kmem_cache_destroy(flow_offload_cachep); } =20 module_init(nf_flow_table_module_init); --=20 2.43.0