Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 613dbd95 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: x_tables: move hook state into xt_action_param structure 



Place pointer to hook state in xt_action_param structure instead of
copying the fields that we need. After this change xt_action_param fits
into one cacheline.

This patch also adds a set of new wrapper functions to fetch relevant
hook state structure fields.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 06fd3a39

include/linux/netfilter/x_tables.h

+38 −10
Original line number Diff line number Diff line
@@ -4,6 +4,7 @@ 


#include <linux/netdevice.h>

#include <linux/static_key.h>

#include <linux/netfilter.h>

#include <uapi/linux/netfilter/x_tables.h>



/* Test a struct->invflags and a boolean for inequality */
@@ -17,14 +18,9 @@ 
 * @target:	the target extension

 * @matchinfo:	per-match data

 * @targetinfo:	per-target data

 * @net		network namespace through which the action was invoked

 * @in:		input netdevice

 * @out:	output netdevice

 * @state:	pointer to hook state this packet came from

 * @fragoff:	packet is a fragment, this is the data offset

 * @thoff:	position of transport header relative to skb->data

 * @hook:	hook number given packet came from

 * @family:	Actual NFPROTO_* through which the function is invoked

 * 		(helpful when match->family == NFPROTO_UNSPEC)

 *

 * Fields written to by extensions:

 *
@@ -38,15 +34,47 @@ struct xt_action_param { 
	union {

		const void *matchinfo, *targinfo;

	};

	struct net *net;

	const struct net_device *in, *out;

	const struct nf_hook_state *state;

	int fragoff;

	unsigned int thoff;

	unsigned int hooknum;

	u_int8_t family;

	bool hotdrop;

};



static inline struct net *xt_net(const struct xt_action_param *par)

{

	return par->state->net;

}



static inline struct net_device *xt_in(const struct xt_action_param *par)

{

	return par->state->in;

}



static inline const char *xt_inname(const struct xt_action_param *par)

{

	return par->state->in->name;

}



static inline struct net_device *xt_out(const struct xt_action_param *par)

{

	return par->state->out;

}



static inline const char *xt_outname(const struct xt_action_param *par)

{

	return par->state->out->name;

}



static inline unsigned int xt_hooknum(const struct xt_action_param *par)

{

	return par->state->hook;

}



static inline u_int8_t xt_family(const struct xt_action_param *par)

{

	return par->state->pf;

}



/**

 * struct xt_mtchk_param - parameters for match extensions'

 * checkentry functions

include/net/netfilter/nf_tables.h

+6 −5
Original line number Diff line number Diff line
@@ -30,11 +30,12 @@ static inline void nft_set_pktinfo(struct nft_pktinfo *pkt, 
				   const struct nf_hook_state *state)

{

	pkt->skb = skb;

	pkt->net = pkt->xt.net = state->net;

	pkt->in = pkt->xt.in = state->in;

	pkt->out = pkt->xt.out = state->out;

	pkt->hook = pkt->xt.hooknum = state->hook;

	pkt->pf = pkt->xt.family = state->pf;

	pkt->net = state->net;

	pkt->in = state->in;

	pkt->out = state->out;

	pkt->hook = state->hook;

	pkt->pf = state->pf;

	pkt->xt.state = state;

}



static inline void nft_set_pktinfo_proto_unspec(struct nft_pktinfo *pkt,

net/bridge/netfilter/ebt_arpreply.c

+2 −1
Original line number Diff line number Diff line
@@ -51,7 +51,8 @@ ebt_arpreply_tg(struct sk_buff *skb, const struct xt_action_param *par) 
	if (diptr == NULL)

		return EBT_DROP;



	arp_send(ARPOP_REPLY, ETH_P_ARP, *siptr, (struct net_device *)par->in,

	arp_send(ARPOP_REPLY, ETH_P_ARP, *siptr,

		 (struct net_device *)xt_in(par),

		 *diptr, shp, info->mac, shp);



	return info->target;

net/bridge/netfilter/ebt_log.c

+6 −5
Original line number Diff line number Diff line
@@ -179,7 +179,7 @@ ebt_log_tg(struct sk_buff *skb, const struct xt_action_param *par) 
{

	const struct ebt_log_info *info = par->targinfo;

	struct nf_loginfo li;

	struct net *net = par->net;

	struct net *net = xt_net(par);



	li.type = NF_LOG_TYPE_LOG;

	li.u.log.level = info->loglevel;
@@ -190,11 +190,12 @@ ebt_log_tg(struct sk_buff *skb, const struct xt_action_param *par) 
	 * nf_log_packet() with NFT_LOG_TYPE_LOG here. --Pablo

	 */

	if (info->bitmask & EBT_LOG_NFLOG)

		nf_log_packet(net, NFPROTO_BRIDGE, par->hooknum, skb,

			      par->in, par->out, &li, "%s", info->prefix);

		nf_log_packet(net, NFPROTO_BRIDGE, xt_hooknum(par), skb,

			      xt_in(par), xt_out(par), &li, "%s",

			      info->prefix);

	else

		ebt_log_packet(net, NFPROTO_BRIDGE, par->hooknum, skb, par->in,

			       par->out, &li, info->prefix);

		ebt_log_packet(net, NFPROTO_BRIDGE, xt_hooknum(par), skb,

			       xt_in(par), xt_out(par), &li, info->prefix);

	return EBT_CONTINUE;

}

net/bridge/netfilter/ebt_nflog.c

+3 −3
Original line number Diff line number Diff line
@@ -23,16 +23,16 @@ static unsigned int 
ebt_nflog_tg(struct sk_buff *skb, const struct xt_action_param *par)

{

	const struct ebt_nflog_info *info = par->targinfo;

	struct net *net = xt_net(par);

	struct nf_loginfo li;

	struct net *net = par->net;



	li.type = NF_LOG_TYPE_ULOG;

	li.u.ulog.copy_len = info->len;

	li.u.ulog.group = info->group;

	li.u.ulog.qthreshold = info->threshold;



	nf_log_packet(net, PF_BRIDGE, par->hooknum, skb, par->in,

		      par->out, &li, "%s", info->prefix);

	nf_log_packet(net, PF_BRIDGE, xt_hooknum(par), skb, xt_in(par),

		      xt_out(par), &li, "%s", info->prefix);

	return EBT_CONTINUE;

}