diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2009-06-17 16:14:54 -0400 |
---|---|---|
committer | Jan Engelhardt <jengelh@medozas.de> | 2010-02-10 11:50:47 -0500 |
commit | e3eaa9910b380530cfd2c0670fcd3f627674da8a (patch) | |
tree | 309e522e78f78149ec3cb99ffc386d1b72415a96 /net/netfilter | |
parent | 2b95efe7f6bb750256a702cc32d33b0cb2cd8223 (diff) |
netfilter: xtables: generate initial table on-demand
The static initial tables are pretty large, and after the net
namespace has been instantiated, they just hang around for nothing.
This commit removes them and creates tables on-demand at runtime when
needed.
Size shrinks by 7735 bytes (x86_64).
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/x_tables.c | 4 | ||||
-rw-r--r-- | net/netfilter/xt_repldata.h | 35 |
2 files changed, 38 insertions, 1 deletions
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index b51cb0d7234..dc2e05cb54c 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c | |||
@@ -26,7 +26,9 @@ | |||
26 | 26 | ||
27 | #include <linux/netfilter/x_tables.h> | 27 | #include <linux/netfilter/x_tables.h> |
28 | #include <linux/netfilter_arp.h> | 28 | #include <linux/netfilter_arp.h> |
29 | 29 | #include <linux/netfilter_ipv4/ip_tables.h> | |
30 | #include <linux/netfilter_ipv6/ip6_tables.h> | ||
31 | #include <linux/netfilter_arp/arp_tables.h> | ||
30 | 32 | ||
31 | MODULE_LICENSE("GPL"); | 33 | MODULE_LICENSE("GPL"); |
32 | MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); | 34 | MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); |
diff --git a/net/netfilter/xt_repldata.h b/net/netfilter/xt_repldata.h new file mode 100644 index 00000000000..6efe4e5a81c --- /dev/null +++ b/net/netfilter/xt_repldata.h | |||
@@ -0,0 +1,35 @@ | |||
1 | /* | ||
2 | * Today's hack: quantum tunneling in structs | ||
3 | * | ||
4 | * 'entries' and 'term' are never anywhere referenced by word in code. In fact, | ||
5 | * they serve as the hanging-off data accessed through repl.data[]. | ||
6 | */ | ||
7 | |||
8 | #define xt_alloc_initial_table(type, typ2) ({ \ | ||
9 | unsigned int hook_mask = info->valid_hooks; \ | ||
10 | unsigned int nhooks = hweight32(hook_mask); \ | ||
11 | unsigned int bytes = 0, hooknum = 0, i = 0; \ | ||
12 | struct { \ | ||
13 | struct type##_replace repl; \ | ||
14 | struct type##_standard entries[nhooks]; \ | ||
15 | struct type##_error term; \ | ||
16 | } *tbl = kzalloc(sizeof(*tbl), GFP_KERNEL); \ | ||
17 | if (tbl == NULL) \ | ||
18 | return NULL; \ | ||
19 | strncpy(tbl->repl.name, info->name, sizeof(tbl->repl.name)); \ | ||
20 | tbl->term = (struct type##_error)typ2##_ERROR_INIT; \ | ||
21 | tbl->repl.valid_hooks = hook_mask; \ | ||
22 | tbl->repl.num_entries = nhooks + 1; \ | ||
23 | tbl->repl.size = nhooks * sizeof(struct type##_standard) + \ | ||
24 | sizeof(struct type##_error); \ | ||
25 | for (; hook_mask != 0; hook_mask >>= 1, ++hooknum) { \ | ||
26 | if (!(hook_mask & 1)) \ | ||
27 | continue; \ | ||
28 | tbl->repl.hook_entry[hooknum] = bytes; \ | ||
29 | tbl->repl.underflow[hooknum] = bytes; \ | ||
30 | tbl->entries[i++] = (struct type##_standard) \ | ||
31 | typ2##_STANDARD_INIT(NF_ACCEPT); \ | ||
32 | bytes += sizeof(struct type##_standard); \ | ||
33 | } \ | ||
34 | tbl; \ | ||
35 | }) | ||