Skip to content

L
linux
Commit d4f6f399 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files
Options

netfilter: nf_tables: avoid usage of embedded nft_ctx 

nft_ctx is stored in nft_trans object, but nft_ctx is large
(48 bytes on 64-bit platforms), it should not be embedded in
the transaction structures.

Reduce its usage so we can remove it eventually.

This replaces trans->ctx.chain with the chain pointer
already available in nft_trans_chain structure.
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 0c2e0ee8
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 13 deletions
net/netfilter/nf_tables_api.c
View file @ d4f6f399
...@@ -9682,10 +9682,10 @@ static void nf_tables_commit_chain_prepare_cancel(struct net *net) ...@@ -9682,10 +9682,10 @@ static void nf_tables_commit_chain_prepare_cancel(struct net *net)
struct nft_trans *trans, *next; struct nft_trans *trans, *next;
list_for_each_entry_safe(trans, next, &nft_net->commit_list, list) { list_for_each_entry_safe(trans, next, &nft_net->commit_list, list) {
struct nft_chain *chain = trans->ctx.chain;
if (trans->msg_type == NFT_MSG_NEWRULE || if (trans->msg_type == NFT_MSG_NEWRULE ||
trans->msg_type == NFT_MSG_DELRULE) { trans->msg_type == NFT_MSG_DELRULE) {
struct nft_chain *chain = trans->ctx.chain;
kvfree(chain->blob_next); kvfree(chain->blob_next);
chain->blob_next = NULL; chain->blob_next = NULL;
} }
...@@ -10318,7 +10318,7 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb) ...@@ -10318,7 +10318,7 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
/* trans destroyed after rcu grace period */ /* trans destroyed after rcu grace period */
} else { } else {
nft_chain_commit_drop_policy(nft_trans_container_chain(trans)); nft_chain_commit_drop_policy(nft_trans_container_chain(trans));
nft_clear(net, trans->ctx.chain); nft_clear(net, nft_trans_chain(trans));
nf_tables_chain_notify(&trans->ctx, NFT_MSG_NEWCHAIN, NULL); nf_tables_chain_notify(&trans->ctx, NFT_MSG_NEWCHAIN, NULL);
nft_trans_destroy(trans); nft_trans_destroy(trans);
} }
...@@ -10334,11 +10334,11 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb) ...@@ -10334,11 +10334,11 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
true); true);
} }
} else { } else {
nft_chain_del(trans->ctx.chain); nft_chain_del(nft_trans_chain(trans));
nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN, nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN,
NULL); NULL);
nf_tables_unregister_hook(trans->ctx.net, table, nf_tables_unregister_hook(trans->ctx.net, table,
trans->ctx.chain); nft_trans_chain(trans));
} }
break; break;
case NFT_MSG_NEWRULE: case NFT_MSG_NEWRULE:
......
net/netfilter/nf_tables_offload.c
View file @ d4f6f399
...@@ -518,18 +518,18 @@ static void nft_flow_rule_offload_abort(struct net *net, ...@@ -518,18 +518,18 @@ static void nft_flow_rule_offload_abort(struct net *net,
switch (trans->msg_type) { switch (trans->msg_type) {
case NFT_MSG_NEWCHAIN: case NFT_MSG_NEWCHAIN:
if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD) || if (!(nft_trans_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD) ||
nft_trans_chain_update(trans)) nft_trans_chain_update(trans))
continue; continue;
err = nft_flow_offload_chain(trans->ctx.chain, NULL, err = nft_flow_offload_chain(nft_trans_chain(trans), NULL,
FLOW_BLOCK_UNBIND); FLOW_BLOCK_UNBIND);
break; break;
case NFT_MSG_DELCHAIN: case NFT_MSG_DELCHAIN:
if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD)) if (!(nft_trans_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD))
continue; continue;
err = nft_flow_offload_chain(trans->ctx.chain, NULL, err = nft_flow_offload_chain(nft_trans_chain(trans), NULL,
FLOW_BLOCK_BIND); FLOW_BLOCK_BIND);
break; break;
case NFT_MSG_NEWRULE: case NFT_MSG_NEWRULE:
...@@ -569,20 +569,20 @@ int nft_flow_rule_offload_commit(struct net *net) ...@@ -569,20 +569,20 @@ int nft_flow_rule_offload_commit(struct net *net)
switch (trans->msg_type) { switch (trans->msg_type) {
case NFT_MSG_NEWCHAIN: case NFT_MSG_NEWCHAIN:
if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD) || if (!(nft_trans_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD) ||
nft_trans_chain_update(trans)) nft_trans_chain_update(trans))
continue; continue;
policy = nft_trans_chain_policy(trans); policy = nft_trans_chain_policy(trans);
err = nft_flow_offload_chain(trans->ctx.chain, &policy, err = nft_flow_offload_chain(nft_trans_chain(trans), &policy,
FLOW_BLOCK_BIND); FLOW_BLOCK_BIND);
break; break;
case NFT_MSG_DELCHAIN: case NFT_MSG_DELCHAIN:
if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD)) if (!(nft_trans_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD))
continue; continue;
policy = nft_trans_chain_policy(trans); policy = nft_trans_chain_policy(trans);
err = nft_flow_offload_chain(trans->ctx.chain, &policy, err = nft_flow_offload_chain(nft_trans_chain(trans), &policy,
FLOW_BLOCK_UNBIND); FLOW_BLOCK_UNBIND);
break; break;
case NFT_MSG_NEWRULE: case NFT_MSG_NEWRULE:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7