The mentioned struct has an hole and uses unnecessary wide type to store a MAC length. It's also embedded into the skb_extensions, and the latter, due to recent CAN changes, may exceeds the 192 bytes mark (3 cachelines on x86_64 arch) on some reasonable configuration. Reordering and the sec_path fields and shrinking xfrm_offload.orig_mac_len to 16 bits, we can save 8 bytes and keep skb_extensions size under control. Before: struct sec_path { int len; int olen; int verified_cnt; /* XXX 4 bytes hole, try to pack */$ struct xfrm_state * xvec[6]; struct xfrm_offload ovec[1]; /* size: 88, cachelines: 2, members: 5 */ /* sum members: 84, holes: 1, sum holes: 4 */ /* last cacheline: 24 bytes */ }; After: struct sec_path { int len; int olen; struct xfrm_offload ovec[1]; int verified_cnt; struct xfrm_state * xvec[6]; /* size: 80, cachelines: 2, members: 5 */ /* last cacheline: 16 bytes */ }; Signed-off-by: Paolo Abeni --- only build tested, any feedback appreciated. --- include/net/xfrm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 0a14daaa5dd4..41122cb83901 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1156,7 +1156,7 @@ struct xfrm_offload { #define CRYPTO_INVALID_PROTOCOL 128 /* Used to keep whole l2 header for transport mode GRO */ - __u32 orig_mac_len; + __u16 orig_mac_len; __u8 proto; __u8 inner_ipproto; @@ -1165,10 +1165,10 @@ struct xfrm_offload { struct sec_path { int len; int olen; + struct xfrm_offload ovec[XFRM_MAX_OFFLOAD_DEPTH]; int verified_cnt; struct xfrm_state *xvec[XFRM_MAX_DEPTH]; - struct xfrm_offload ovec[XFRM_MAX_OFFLOAD_DEPTH]; }; struct sec_path *secpath_set(struct sk_buff *skb); -- 2.52.0