Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8a22543c authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_tables: make meta expression builtin 



size net/netfilter/nft_meta.ko
   text    data     bss     dec     hex filename
   5826     936       1    6763    1a6b net/netfilter/nft_meta.ko
  96407    2064     400   98871   18237 net/netfilter/nf_tables.ko

after:
 100826    2240     401  103467   1942b net/netfilter/nf_tables.ko

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent bd2bbdb4

include/net/netfilter/nf_tables_core.h

+1 −0
Original line number Original line Diff line number Diff line
@@ -10,6 +10,7 @@ extern struct nft_expr_type nft_byteorder_type; 
extern struct nft_expr_type nft_payload_type;

extern struct nft_expr_type nft_payload_type;

extern struct nft_expr_type nft_dynset_type;

extern struct nft_expr_type nft_dynset_type;

extern struct nft_expr_type nft_range_type;

extern struct nft_expr_type nft_range_type;

extern struct nft_expr_type nft_meta_type;





int nf_tables_core_module_init(void);

int nf_tables_core_module_init(void);

void nf_tables_core_module_exit(void);

void nf_tables_core_module_exit(void);

net/netfilter/Kconfig

+0 −6
Original line number Original line Diff line number Diff line
@@ -480,12 +480,6 @@ config NFT_EXTHDR 
	  This option adds the "exthdr" expression that you can use to match

	  This option adds the "exthdr" expression that you can use to match

	  IPv6 extension headers and tcp options.

	  IPv6 extension headers and tcp options.





config NFT_META

	tristate "Netfilter nf_tables meta module"

	help

	  This option adds the "meta" expression that you can use to match and

	  to set packet metainformation such as the packet mark.



config NFT_RT

config NFT_RT

	tristate "Netfilter nf_tables routing module"

	tristate "Netfilter nf_tables routing module"

	help

	help

net/netfilter/Makefile

+1 −2
Original line number Original line Diff line number Diff line
@@ -76,12 +76,11 @@ obj-$(CONFIG_NF_DUP_NETDEV) += nf_dup_netdev.o 
nf_tables-objs := nf_tables_core.o nf_tables_api.o nft_chain_filter.o \

nf_tables-objs := nf_tables_core.o nf_tables_api.o nft_chain_filter.o \

		  nf_tables_trace.o nft_immediate.o nft_cmp.o nft_range.o \

		  nf_tables_trace.o nft_immediate.o nft_cmp.o nft_range.o \

		  nft_bitwise.o nft_byteorder.o nft_payload.o nft_lookup.o \

		  nft_bitwise.o nft_byteorder.o nft_payload.o nft_lookup.o \

		  nft_dynset.o

		  nft_dynset.o nft_meta.o





obj-$(CONFIG_NF_TABLES)		+= nf_tables.o

obj-$(CONFIG_NF_TABLES)		+= nf_tables.o

obj-$(CONFIG_NFT_COMPAT)	+= nft_compat.o

obj-$(CONFIG_NFT_COMPAT)	+= nft_compat.o

obj-$(CONFIG_NFT_EXTHDR)	+= nft_exthdr.o

obj-$(CONFIG_NFT_EXTHDR)	+= nft_exthdr.o

obj-$(CONFIG_NFT_META)		+= nft_meta.o

obj-$(CONFIG_NFT_RT)		+= nft_rt.o

obj-$(CONFIG_NFT_RT)		+= nft_rt.o

obj-$(CONFIG_NFT_NUMGEN)	+= nft_numgen.o

obj-$(CONFIG_NFT_NUMGEN)	+= nft_numgen.o

obj-$(CONFIG_NFT_CT)		+= nft_ct.o

obj-$(CONFIG_NFT_CT)		+= nft_ct.o

net/netfilter/nf_tables_core.c

+1 −0
Original line number Original line Diff line number Diff line
@@ -251,6 +251,7 @@ static struct nft_expr_type *nft_basic_types[] = { 
	&nft_payload_type,

	&nft_payload_type,

	&nft_dynset_type,

	&nft_dynset_type,

	&nft_range_type,

	&nft_range_type,

	&nft_meta_type,

};

};





int __init nf_tables_core_module_init(void)

int __init nf_tables_core_module_init(void)

net/netfilter/nft_meta.c

+1 −21
Original line number Original line Diff line number Diff line
@@ -11,8 +11,6 @@ 
 */

 */





#include <linux/kernel.h>

#include <linux/kernel.h>

#include <linux/init.h>

#include <linux/module.h>

#include <linux/netlink.h>

#include <linux/netlink.h>

#include <linux/netfilter.h>

#include <linux/netfilter.h>

#include <linux/netfilter/nf_tables.h>

#include <linux/netfilter/nf_tables.h>
@@ -495,7 +493,6 @@ static void nft_meta_set_destroy(const struct nft_ctx *ctx, 
		static_branch_dec(&nft_trace_enabled);

		static_branch_dec(&nft_trace_enabled);

}

}





static struct nft_expr_type nft_meta_type;

static const struct nft_expr_ops nft_meta_get_ops = {

static const struct nft_expr_ops nft_meta_get_ops = {

	.type		= &nft_meta_type,

	.type		= &nft_meta_type,

	.size		= NFT_EXPR_SIZE(sizeof(struct nft_meta)),

	.size		= NFT_EXPR_SIZE(sizeof(struct nft_meta)),
@@ -534,27 +531,10 @@ nft_meta_select_ops(const struct nft_ctx *ctx, 
	return ERR_PTR(-EINVAL);

	return ERR_PTR(-EINVAL);

}

}





static struct nft_expr_type nft_meta_type __read_mostly = {

struct nft_expr_type nft_meta_type __read_mostly = {

	.name		= "meta",

	.name		= "meta",

	.select_ops	= nft_meta_select_ops,

	.select_ops	= nft_meta_select_ops,

	.policy		= nft_meta_policy,

	.policy		= nft_meta_policy,

	.maxattr	= NFTA_META_MAX,

	.maxattr	= NFTA_META_MAX,

	.owner		= THIS_MODULE,

	.owner		= THIS_MODULE,

};
 
};
 


static int __init nft_meta_module_init(void)

{

	return nft_register_expr(&nft_meta_type);

}



static void __exit nft_meta_module_exit(void)

{

	nft_unregister_expr(&nft_meta_type);

}



module_init(nft_meta_module_init);

module_exit(nft_meta_module_exit);



MODULE_LICENSE("GPL");

MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");

MODULE_ALIAS_NFT_EXPR("meta");