diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2008-10-08 05:35:00 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:00 -0400 |
commit | 7e9c6eeb136a46dfd941852803b3a9dd78939b69 (patch) | |
tree | 441776a1c5b750f0e11b56e87b9804144d0b72ae /net | |
parent | 079aa88fe7172b7650c7cf2c0bc01662bafea236 (diff) |
netfilter: Introduce NFPROTO_* constants
The netfilter subsystem only supports a handful of protocols (much
less than PF_*) and even non-PF protocols like ARP and
pseudo-protocols like PF_BRIDGE. By creating NFPROTO_*, we can earn a
few memory savings on arrays that previously were always PF_MAX-sized
and keep the pseudo-protocols to ourselves.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/core.c | 6 | ||||
-rw-r--r-- | net/netfilter/nf_log.c | 12 | ||||
-rw-r--r-- | net/netfilter/nf_queue.c | 12 | ||||
-rw-r--r-- | net/netfilter/x_tables.c | 18 |
4 files changed, 25 insertions, 23 deletions
diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 26b8f489d7a..b16cd79951c 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c | |||
@@ -26,7 +26,7 @@ | |||
26 | 26 | ||
27 | static DEFINE_MUTEX(afinfo_mutex); | 27 | static DEFINE_MUTEX(afinfo_mutex); |
28 | 28 | ||
29 | const struct nf_afinfo *nf_afinfo[NPROTO] __read_mostly; | 29 | const struct nf_afinfo *nf_afinfo[NFPROTO_NUMPROTO] __read_mostly; |
30 | EXPORT_SYMBOL(nf_afinfo); | 30 | EXPORT_SYMBOL(nf_afinfo); |
31 | 31 | ||
32 | int nf_register_afinfo(const struct nf_afinfo *afinfo) | 32 | int nf_register_afinfo(const struct nf_afinfo *afinfo) |
@@ -51,7 +51,7 @@ void nf_unregister_afinfo(const struct nf_afinfo *afinfo) | |||
51 | } | 51 | } |
52 | EXPORT_SYMBOL_GPL(nf_unregister_afinfo); | 52 | EXPORT_SYMBOL_GPL(nf_unregister_afinfo); |
53 | 53 | ||
54 | struct list_head nf_hooks[NPROTO][NF_MAX_HOOKS] __read_mostly; | 54 | struct list_head nf_hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS] __read_mostly; |
55 | EXPORT_SYMBOL(nf_hooks); | 55 | EXPORT_SYMBOL(nf_hooks); |
56 | static DEFINE_MUTEX(nf_hook_mutex); | 56 | static DEFINE_MUTEX(nf_hook_mutex); |
57 | 57 | ||
@@ -264,7 +264,7 @@ EXPORT_SYMBOL(proc_net_netfilter); | |||
264 | void __init netfilter_init(void) | 264 | void __init netfilter_init(void) |
265 | { | 265 | { |
266 | int i, h; | 266 | int i, h; |
267 | for (i = 0; i < NPROTO; i++) { | 267 | for (i = 0; i < ARRAY_SIZE(nf_hooks); i++) { |
268 | for (h = 0; h < NF_MAX_HOOKS; h++) | 268 | for (h = 0; h < NF_MAX_HOOKS; h++) |
269 | INIT_LIST_HEAD(&nf_hooks[i][h]); | 269 | INIT_LIST_HEAD(&nf_hooks[i][h]); |
270 | } | 270 | } |
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c index 5c2f7332015..fa8ae5d2659 100644 --- a/net/netfilter/nf_log.c +++ b/net/netfilter/nf_log.c | |||
@@ -15,7 +15,7 @@ | |||
15 | 15 | ||
16 | #define NF_LOG_PREFIXLEN 128 | 16 | #define NF_LOG_PREFIXLEN 128 |
17 | 17 | ||
18 | static const struct nf_logger *nf_loggers[NPROTO] __read_mostly; | 18 | static const struct nf_logger *nf_loggers[NFPROTO_NUMPROTO] __read_mostly; |
19 | static DEFINE_MUTEX(nf_log_mutex); | 19 | static DEFINE_MUTEX(nf_log_mutex); |
20 | 20 | ||
21 | /* return EBUSY if somebody else is registered, EEXIST if the same logger | 21 | /* return EBUSY if somebody else is registered, EEXIST if the same logger |
@@ -24,7 +24,7 @@ int nf_log_register(u_int8_t pf, const struct nf_logger *logger) | |||
24 | { | 24 | { |
25 | int ret; | 25 | int ret; |
26 | 26 | ||
27 | if (pf >= NPROTO) | 27 | if (pf >= ARRAY_SIZE(nf_loggers)) |
28 | return -EINVAL; | 28 | return -EINVAL; |
29 | 29 | ||
30 | /* Any setup of logging members must be done before | 30 | /* Any setup of logging members must be done before |
@@ -47,7 +47,7 @@ EXPORT_SYMBOL(nf_log_register); | |||
47 | 47 | ||
48 | void nf_log_unregister_pf(u_int8_t pf) | 48 | void nf_log_unregister_pf(u_int8_t pf) |
49 | { | 49 | { |
50 | if (pf >= NPROTO) | 50 | if (pf >= ARRAY_SIZE(nf_loggers)) |
51 | return; | 51 | return; |
52 | mutex_lock(&nf_log_mutex); | 52 | mutex_lock(&nf_log_mutex); |
53 | rcu_assign_pointer(nf_loggers[pf], NULL); | 53 | rcu_assign_pointer(nf_loggers[pf], NULL); |
@@ -63,7 +63,7 @@ void nf_log_unregister(const struct nf_logger *logger) | |||
63 | int i; | 63 | int i; |
64 | 64 | ||
65 | mutex_lock(&nf_log_mutex); | 65 | mutex_lock(&nf_log_mutex); |
66 | for (i = 0; i < NPROTO; i++) { | 66 | for (i = 0; i < ARRAY_SIZE(nf_loggers); i++) { |
67 | if (nf_loggers[i] == logger) | 67 | if (nf_loggers[i] == logger) |
68 | rcu_assign_pointer(nf_loggers[i], NULL); | 68 | rcu_assign_pointer(nf_loggers[i], NULL); |
69 | } | 69 | } |
@@ -103,7 +103,7 @@ static void *seq_start(struct seq_file *seq, loff_t *pos) | |||
103 | { | 103 | { |
104 | rcu_read_lock(); | 104 | rcu_read_lock(); |
105 | 105 | ||
106 | if (*pos >= NPROTO) | 106 | if (*pos >= ARRAY_SIZE(nf_loggers)) |
107 | return NULL; | 107 | return NULL; |
108 | 108 | ||
109 | return pos; | 109 | return pos; |
@@ -113,7 +113,7 @@ static void *seq_next(struct seq_file *s, void *v, loff_t *pos) | |||
113 | { | 113 | { |
114 | (*pos)++; | 114 | (*pos)++; |
115 | 115 | ||
116 | if (*pos >= NPROTO) | 116 | if (*pos >= ARRAY_SIZE(nf_loggers)) |
117 | return NULL; | 117 | return NULL; |
118 | 118 | ||
119 | return pos; | 119 | return pos; |
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c index f285086f629..4f2310c93e0 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c | |||
@@ -16,7 +16,7 @@ | |||
16 | * long term mutex. The handler must provide an an outfn() to accept packets | 16 | * long term mutex. The handler must provide an an outfn() to accept packets |
17 | * for queueing and must reinject all packets it receives, no matter what. | 17 | * for queueing and must reinject all packets it receives, no matter what. |
18 | */ | 18 | */ |
19 | static const struct nf_queue_handler *queue_handler[NPROTO]; | 19 | static const struct nf_queue_handler *queue_handler[NFPROTO_NUMPROTO] __read_mostly; |
20 | 20 | ||
21 | static DEFINE_MUTEX(queue_handler_mutex); | 21 | static DEFINE_MUTEX(queue_handler_mutex); |
22 | 22 | ||
@@ -26,7 +26,7 @@ int nf_register_queue_handler(u_int8_t pf, const struct nf_queue_handler *qh) | |||
26 | { | 26 | { |
27 | int ret; | 27 | int ret; |
28 | 28 | ||
29 | if (pf >= NPROTO) | 29 | if (pf >= ARRAY_SIZE(queue_handler)) |
30 | return -EINVAL; | 30 | return -EINVAL; |
31 | 31 | ||
32 | mutex_lock(&queue_handler_mutex); | 32 | mutex_lock(&queue_handler_mutex); |
@@ -47,7 +47,7 @@ EXPORT_SYMBOL(nf_register_queue_handler); | |||
47 | /* The caller must flush their queue before this */ | 47 | /* The caller must flush their queue before this */ |
48 | int nf_unregister_queue_handler(u_int8_t pf, const struct nf_queue_handler *qh) | 48 | int nf_unregister_queue_handler(u_int8_t pf, const struct nf_queue_handler *qh) |
49 | { | 49 | { |
50 | if (pf >= NPROTO) | 50 | if (pf >= ARRAY_SIZE(queue_handler)) |
51 | return -EINVAL; | 51 | return -EINVAL; |
52 | 52 | ||
53 | mutex_lock(&queue_handler_mutex); | 53 | mutex_lock(&queue_handler_mutex); |
@@ -70,7 +70,7 @@ void nf_unregister_queue_handlers(const struct nf_queue_handler *qh) | |||
70 | u_int8_t pf; | 70 | u_int8_t pf; |
71 | 71 | ||
72 | mutex_lock(&queue_handler_mutex); | 72 | mutex_lock(&queue_handler_mutex); |
73 | for (pf = 0; pf < NPROTO; pf++) { | 73 | for (pf = 0; pf < ARRAY_SIZE(queue_handler); pf++) { |
74 | if (queue_handler[pf] == qh) | 74 | if (queue_handler[pf] == qh) |
75 | rcu_assign_pointer(queue_handler[pf], NULL); | 75 | rcu_assign_pointer(queue_handler[pf], NULL); |
76 | } | 76 | } |
@@ -285,7 +285,7 @@ EXPORT_SYMBOL(nf_reinject); | |||
285 | #ifdef CONFIG_PROC_FS | 285 | #ifdef CONFIG_PROC_FS |
286 | static void *seq_start(struct seq_file *seq, loff_t *pos) | 286 | static void *seq_start(struct seq_file *seq, loff_t *pos) |
287 | { | 287 | { |
288 | if (*pos >= NPROTO) | 288 | if (*pos >= ARRAY_SIZE(queue_handler)) |
289 | return NULL; | 289 | return NULL; |
290 | 290 | ||
291 | return pos; | 291 | return pos; |
@@ -295,7 +295,7 @@ static void *seq_next(struct seq_file *s, void *v, loff_t *pos) | |||
295 | { | 295 | { |
296 | (*pos)++; | 296 | (*pos)++; |
297 | 297 | ||
298 | if (*pos >= NPROTO) | 298 | if (*pos >= ARRAY_SIZE(queue_handler)) |
299 | return NULL; | 299 | return NULL; |
300 | 300 | ||
301 | return pos; | 301 | return pos; |
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index cf2f3e90cef..2a7eb1da5d0 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c | |||
@@ -58,10 +58,12 @@ static struct xt_af *xt; | |||
58 | #define duprintf(format, args...) | 58 | #define duprintf(format, args...) |
59 | #endif | 59 | #endif |
60 | 60 | ||
61 | static const char *const xt_prefix[NPROTO] = { | 61 | static const char *const xt_prefix[NFPROTO_NUMPROTO] = { |
62 | [AF_INET] = "ip", | 62 | [NFPROTO_UNSPEC] = "x", |
63 | [AF_INET6] = "ip6", | 63 | [NFPROTO_IPV4] = "ip", |
64 | [NF_ARP] = "arp", | 64 | [NFPROTO_ARP] = "arp", |
65 | [NFPROTO_BRIDGE] = "eb", | ||
66 | [NFPROTO_IPV6] = "ip6", | ||
65 | }; | 67 | }; |
66 | 68 | ||
67 | /* Registration hooks for targets. */ | 69 | /* Registration hooks for targets. */ |
@@ -932,7 +934,7 @@ int xt_proto_init(struct net *net, u_int8_t af) | |||
932 | struct proc_dir_entry *proc; | 934 | struct proc_dir_entry *proc; |
933 | #endif | 935 | #endif |
934 | 936 | ||
935 | if (af >= NPROTO) | 937 | if (af >= ARRAY_SIZE(xt_prefix)) |
936 | return -EINVAL; | 938 | return -EINVAL; |
937 | 939 | ||
938 | 940 | ||
@@ -1001,7 +1003,7 @@ static int __net_init xt_net_init(struct net *net) | |||
1001 | { | 1003 | { |
1002 | int i; | 1004 | int i; |
1003 | 1005 | ||
1004 | for (i = 0; i < NPROTO; i++) | 1006 | for (i = 0; i < NFPROTO_NUMPROTO; i++) |
1005 | INIT_LIST_HEAD(&net->xt.tables[i]); | 1007 | INIT_LIST_HEAD(&net->xt.tables[i]); |
1006 | return 0; | 1008 | return 0; |
1007 | } | 1009 | } |
@@ -1014,11 +1016,11 @@ static int __init xt_init(void) | |||
1014 | { | 1016 | { |
1015 | int i, rv; | 1017 | int i, rv; |
1016 | 1018 | ||
1017 | xt = kmalloc(sizeof(struct xt_af) * NPROTO, GFP_KERNEL); | 1019 | xt = kmalloc(sizeof(struct xt_af) * NFPROTO_NUMPROTO, GFP_KERNEL); |
1018 | if (!xt) | 1020 | if (!xt) |
1019 | return -ENOMEM; | 1021 | return -ENOMEM; |
1020 | 1022 | ||
1021 | for (i = 0; i < NPROTO; i++) { | 1023 | for (i = 0; i < NFPROTO_NUMPROTO; i++) { |
1022 | mutex_init(&xt[i].mutex); | 1024 | mutex_init(&xt[i].mutex); |
1023 | #ifdef CONFIG_COMPAT | 1025 | #ifdef CONFIG_COMPAT |
1024 | mutex_init(&xt[i].compat_mutex); | 1026 | mutex_init(&xt[i].compat_mutex); |