mirror of
https://github.com/torvalds/linux.git
synced 2024-12-02 17:11:33 +00:00
netfilter: x_tables: move known table lists to net_generic infra
Will reduce struct net size by 208 bytes. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
0854db2aae
commit
1d610d4d31
@ -24,6 +24,7 @@
|
||||
#include <linux/audit.h>
|
||||
#include <linux/user_namespace.h>
|
||||
#include <net/net_namespace.h>
|
||||
#include <net/netns/generic.h>
|
||||
|
||||
#include <linux/netfilter/x_tables.h>
|
||||
#include <linux/netfilter_arp.h>
|
||||
@ -38,6 +39,10 @@ MODULE_DESCRIPTION("{ip,ip6,arp,eb}_tables backend module");
|
||||
#define XT_PCPU_BLOCK_SIZE 4096
|
||||
#define XT_MAX_TABLE_SIZE (512 * 1024 * 1024)
|
||||
|
||||
struct xt_pernet {
|
||||
struct list_head tables[NFPROTO_NUMPROTO];
|
||||
};
|
||||
|
||||
struct compat_delta {
|
||||
unsigned int offset; /* offset in kernel */
|
||||
int delta; /* delta in 32bit user land */
|
||||
@ -55,7 +60,8 @@ struct xt_af {
|
||||
#endif
|
||||
};
|
||||
|
||||
static struct xt_af *xt;
|
||||
static unsigned int xt_pernet_id __read_mostly;
|
||||
static struct xt_af *xt __read_mostly;
|
||||
|
||||
static const char *const xt_prefix[NFPROTO_NUMPROTO] = {
|
||||
[NFPROTO_UNSPEC] = "x",
|
||||
@ -1203,10 +1209,11 @@ EXPORT_SYMBOL(xt_free_table_info);
|
||||
struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af,
|
||||
const char *name)
|
||||
{
|
||||
struct xt_pernet *xt_net = net_generic(net, xt_pernet_id);
|
||||
struct xt_table *t, *found = NULL;
|
||||
|
||||
mutex_lock(&xt[af].mutex);
|
||||
list_for_each_entry(t, &net->xt.tables[af], list)
|
||||
list_for_each_entry(t, &xt_net->tables[af], list)
|
||||
if (strcmp(t->name, name) == 0 && try_module_get(t->me))
|
||||
return t;
|
||||
|
||||
@ -1214,7 +1221,8 @@ struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af,
|
||||
goto out;
|
||||
|
||||
/* Table doesn't exist in this netns, re-try init */
|
||||
list_for_each_entry(t, &init_net.xt.tables[af], list) {
|
||||
xt_net = net_generic(&init_net, xt_pernet_id);
|
||||
list_for_each_entry(t, &xt_net->tables[af], list) {
|
||||
int err;
|
||||
|
||||
if (strcmp(t->name, name))
|
||||
@ -1237,8 +1245,9 @@ struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af,
|
||||
if (!found)
|
||||
goto out;
|
||||
|
||||
xt_net = net_generic(net, xt_pernet_id);
|
||||
/* and once again: */
|
||||
list_for_each_entry(t, &net->xt.tables[af], list)
|
||||
list_for_each_entry(t, &xt_net->tables[af], list)
|
||||
if (strcmp(t->name, name) == 0)
|
||||
return t;
|
||||
|
||||
@ -1423,9 +1432,10 @@ struct xt_table *xt_register_table(struct net *net,
|
||||
struct xt_table_info *bootstrap,
|
||||
struct xt_table_info *newinfo)
|
||||
{
|
||||
int ret;
|
||||
struct xt_pernet *xt_net = net_generic(net, xt_pernet_id);
|
||||
struct xt_table_info *private;
|
||||
struct xt_table *t, *table;
|
||||
int ret;
|
||||
|
||||
/* Don't add one object to multiple lists. */
|
||||
table = kmemdup(input_table, sizeof(struct xt_table), GFP_KERNEL);
|
||||
@ -1436,7 +1446,7 @@ struct xt_table *xt_register_table(struct net *net,
|
||||
|
||||
mutex_lock(&xt[table->af].mutex);
|
||||
/* Don't autoload: we'd eat our tail... */
|
||||
list_for_each_entry(t, &net->xt.tables[table->af], list) {
|
||||
list_for_each_entry(t, &xt_net->tables[table->af], list) {
|
||||
if (strcmp(t->name, table->name) == 0) {
|
||||
ret = -EEXIST;
|
||||
goto unlock;
|
||||
@ -1455,7 +1465,7 @@ struct xt_table *xt_register_table(struct net *net,
|
||||
/* save number of initial entries */
|
||||
private->initial_entries = private->number;
|
||||
|
||||
list_add(&table->list, &net->xt.tables[table->af]);
|
||||
list_add(&table->list, &xt_net->tables[table->af]);
|
||||
mutex_unlock(&xt[table->af].mutex);
|
||||
return table;
|
||||
|
||||
@ -1486,19 +1496,25 @@ EXPORT_SYMBOL_GPL(xt_unregister_table);
|
||||
#ifdef CONFIG_PROC_FS
|
||||
static void *xt_table_seq_start(struct seq_file *seq, loff_t *pos)
|
||||
{
|
||||
u8 af = (unsigned long)PDE_DATA(file_inode(seq->file));
|
||||
struct net *net = seq_file_net(seq);
|
||||
u_int8_t af = (unsigned long)PDE_DATA(file_inode(seq->file));
|
||||
struct xt_pernet *xt_net;
|
||||
|
||||
xt_net = net_generic(net, xt_pernet_id);
|
||||
|
||||
mutex_lock(&xt[af].mutex);
|
||||
return seq_list_start(&net->xt.tables[af], *pos);
|
||||
return seq_list_start(&xt_net->tables[af], *pos);
|
||||
}
|
||||
|
||||
static void *xt_table_seq_next(struct seq_file *seq, void *v, loff_t *pos)
|
||||
{
|
||||
u8 af = (unsigned long)PDE_DATA(file_inode(seq->file));
|
||||
struct net *net = seq_file_net(seq);
|
||||
u_int8_t af = (unsigned long)PDE_DATA(file_inode(seq->file));
|
||||
struct xt_pernet *xt_net;
|
||||
|
||||
return seq_list_next(v, &net->xt.tables[af], pos);
|
||||
xt_net = net_generic(net, xt_pernet_id);
|
||||
|
||||
return seq_list_next(v, &xt_net->tables[af], pos);
|
||||
}
|
||||
|
||||
static void xt_table_seq_stop(struct seq_file *seq, void *v)
|
||||
@ -1864,24 +1880,28 @@ EXPORT_SYMBOL_GPL(xt_percpu_counter_free);
|
||||
|
||||
static int __net_init xt_net_init(struct net *net)
|
||||
{
|
||||
struct xt_pernet *xt_net = net_generic(net, xt_pernet_id);
|
||||
int i;
|
||||
|
||||
for (i = 0; i < NFPROTO_NUMPROTO; i++)
|
||||
INIT_LIST_HEAD(&net->xt.tables[i]);
|
||||
INIT_LIST_HEAD(&xt_net->tables[i]);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void __net_exit xt_net_exit(struct net *net)
|
||||
{
|
||||
struct xt_pernet *xt_net = net_generic(net, xt_pernet_id);
|
||||
int i;
|
||||
|
||||
for (i = 0; i < NFPROTO_NUMPROTO; i++)
|
||||
WARN_ON_ONCE(!list_empty(&net->xt.tables[i]));
|
||||
WARN_ON_ONCE(!list_empty(&xt_net->tables[i]));
|
||||
}
|
||||
|
||||
static struct pernet_operations xt_net_ops = {
|
||||
.init = xt_net_init,
|
||||
.exit = xt_net_exit,
|
||||
.id = &xt_pernet_id,
|
||||
.size = sizeof(struct xt_pernet),
|
||||
};
|
||||
|
||||
static int __init xt_init(void)
|
||||
|
Loading…
Reference in New Issue
Block a user