[NETFILTER]: xt_hashlimit: reduce overhead without IPv6

This patch generalizes the (CONFIG_IP6_NF_IPTABLES || CONFIG_IP6_NF_IPTABLES_MODULE)
test done in hashlimit_init_dst() to all the xt_hashlimit module.

This permits a size reduction of "struct dsthash_dst". This saves memory and
cpu for IPV4 only hosts.

Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 17 insertions, 3 deletions

diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 651c1d26564a..c35d220a7ae2 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -20,8 +20,11 @@
 #include <linux/mm.h>
 #include <linux/in.h>
 #include <linux/ip.h>
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
 #include <linux/ipv6.h>
 #include <net/ipv6.h>
+#endif
+
 #include <net/net_namespace.h>
 
 #include <linux/netfilter/x_tables.h>
@@ -48,10 +51,12 @@ struct dsthash_dst {
                         __be32 src;
                         __be32 dst;
                 } ip;
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
                 struct {
                         __be32 src[4];
                         __be32 dst[4];
                 } ip6;
+#endif
         } addr;
         __be16 src_port;
         __be16 dst_port;
@@ -599,6 +604,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
                 .destroy        = hashlimit_mt_destroy,
                 .me             = THIS_MODULE
         },
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
         {
                 .name           = "hashlimit",
                 .family         = AF_INET6,
@@ -613,6 +619,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
                 .destroy        = hashlimit_mt_destroy,
                 .me             = THIS_MODULE
         },
+#endif
 };
 
 /* PROC stuff */
@@ -675,6 +682,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, int family,
                                  ntohs(ent->dst.dst_port),
                                  ent->rateinfo.credit, ent->rateinfo.credit_cap,
                                  ent->rateinfo.cost);
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
         case AF_INET6:
                 return seq_printf(s, "%ld " NIP6_FMT ":%u->"
                                      NIP6_FMT ":%u %u %u %u\n",
@@ -685,6 +693,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, int family,
                                  ntohs(ent->dst.dst_port),
                                  ent->rateinfo.credit, ent->rateinfo.credit_cap,
                                  ent->rateinfo.cost);
+#endif
         default:
                 BUG();
                 return 0;
@@ -756,14 +765,17 @@ static int __init hashlimit_mt_init(void)
                                 "entry\n");
                 goto err3;
         }
+        err = 0;
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
         hashlimit_procdir6 = proc_mkdir("ip6t_hashlimit", init_net.proc_net);
         if (!hashlimit_procdir6) {
                 printk(KERN_ERR "xt_hashlimit: unable to create proc dir "
                                 "entry\n");
-                goto err4;
+                err = -ENOMEM;
         }
-        return 0;
-err4:
+#endif
+        if (!err)
+                return 0;
         remove_proc_entry("ipt_hashlimit", init_net.proc_net);
 err3:
         kmem_cache_destroy(hashlimit_cachep);
@@ -777,7 +789,9 @@ err1:
 static void __exit hashlimit_mt_exit(void)
 {
         remove_proc_entry("ipt_hashlimit", init_net.proc_net);
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
         remove_proc_entry("ip6t_hashlimit", init_net.proc_net);
+#endif
         kmem_cache_destroy(hashlimit_cachep);
         xt_unregister_matches(hashlimit_mt_reg, ARRAY_SIZE(hashlimit_mt_reg));
 }