netfilter: nf_tables: expression ops overloading

Split the expression ops into two parts and support overloading of
the runtime expression ops based on the requested function through
a ->select_ops() callback.

This can be used to provide optimized implementations, for instance
for loading small aligned amounts of data from the packet or inlining
frequently used operations into the main evaluation loop.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 24 insertions, 12 deletions

diff --git a/net/ipv4/netfilter/nf_table_nat_ipv4.c b/net/ipv4/netfilter/nf_table_nat_ipv4.c
index 2a6f184c10bd..2ecce39077a3 100644
--- a/net/ipv4/netfilter/nf_table_nat_ipv4.c
+++ b/net/ipv4/netfilter/nf_table_nat_ipv4.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008 Patrick McHardy <kaber@trash.net>
+ * Copyright (c) 2008-2009 Patrick McHardy <kaber@trash.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -149,15 +149,21 @@ nla_put_failure:
         return -1;
 }
 
-static struct nft_expr_ops nft_nat_ops __read_mostly = {
-        .name           = "nat",
+static struct nft_expr_type nft_nat_type;
+static const struct nft_expr_ops nft_nat_ops = {
+        .type           = &nft_nat_type,
         .size           = NFT_EXPR_SIZE(sizeof(struct nft_nat)),
-        .owner          = THIS_MODULE,
         .eval           = nft_nat_eval,
         .init           = nft_nat_init,
         .dump           = nft_nat_dump,
+};
+
+static struct nft_expr_type nft_nat_type __read_mostly = {
+        .name           = "nat",
+        .ops            = &nft_nat_ops,
         .policy         = nft_nat_policy,
         .maxattr        = NFTA_NAT_MAX,
+        .owner          = THIS_MODULE,
 };
 
 /*
@@ -382,7 +388,7 @@ static int __init nf_table_nat_init(void)
         if (err < 0)
                 goto err1;
 
-        err = nft_register_expr(&nft_nat_ops);
+        err = nft_register_expr(&nft_nat_type);
         if (err < 0)
                 goto err2;
 
@@ -396,7 +402,7 @@ err1:
 
 static void __exit nf_table_nat_exit(void)
 {
-        nft_unregister_expr(&nft_nat_ops);
+        nft_unregister_expr(&nft_nat_type);
         nft_unregister_table(&nf_table_nat_ipv4, AF_INET);
 }
 
diff --git a/net/ipv4/netfilter/nft_reject_ipv4.c b/net/ipv4/netfilter/nft_reject_ipv4.c
index b4ee8d3bb1e4..fff5ba1a33b7 100644
--- a/net/ipv4/netfilter/nft_reject_ipv4.c
+++ b/net/ipv4/netfilter/nft_reject_ipv4.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008 Patrick McHardy <kaber@trash.net>
+ * Copyright (c) 2008-2009 Patrick McHardy <kaber@trash.net>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 2 as
@@ -88,25 +88,31 @@ nla_put_failure:
         return -1;
 }
 
-static struct nft_expr_ops reject_ops __read_mostly = {
-        .name           = "reject",
+static struct nft_expr_type nft_reject_type;
+static const struct nft_expr_ops nft_reject_ops = {
+        .type           = &nft_reject_type,
         .size           = NFT_EXPR_SIZE(sizeof(struct nft_reject)),
-        .owner          = THIS_MODULE,
         .eval           = nft_reject_eval,
         .init           = nft_reject_init,
         .dump           = nft_reject_dump,
+};
+
+static struct nft_expr_type nft_reject_type __read_mostly = {
+        .name           = "reject",
+        .ops            = &nft_reject_ops,
         .policy         = nft_reject_policy,
         .maxattr        = NFTA_REJECT_MAX,
+        .owner          = THIS_MODULE,
 };
 
 static int __init nft_reject_module_init(void)
 {
-        return nft_register_expr(&reject_ops);
+        return nft_register_expr(&nft_reject_type);
 }
 
 static void __exit nft_reject_module_exit(void)
 {
-        nft_unregister_expr(&reject_ops);
+        nft_unregister_expr(&nft_reject_type);
 }
 
 module_init(nft_reject_module_init);