netfilter: nf_nat_core: don't check if the tuple is used if there is no other choice

Eliminate nf_nat_used_tuple() to save some CPU cycles when there is no
other choice.

Signed-off-by: Changli Gao <xiaosuo@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 8c8632d9b93cead0cd115945a9566d1e57829667..2c084b3a8f0c700ee86f61d51ca0ee23bde74ac4 100644 (file)
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -262,11 +262,17 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple,
        proto = __nf_nat_proto_find(orig_tuple->dst.protonum);
 
        /* Only bother mapping if it's not already in range and unique */
-       if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM) &&
-           (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) ||
-            proto->in_range(tuple, maniptype, &range->min, &range->max)) &&
-           !nf_nat_used_tuple(tuple, ct))
-               goto out;
+       if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) {
+               if (range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
+                       if (proto->in_range(tuple, maniptype, &range->min,
+                                           &range->max) &&
+                           (range->min.all == range->max.all ||
+                            !nf_nat_used_tuple(tuple, ct)))
+                               goto out;
+               } else if (!nf_nat_used_tuple(tuple, ct)) {
+                       goto out;
+               }
+       }
 
        /* Last change: get protocol to try to obtain unique tuple. */
        proto->unique_tuple(tuple, range, maniptype, ct);