Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7b21e09d authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller
Browse files

[NETFILTER]: xt_hashlimit: reduce overhead without IPv6 



This patch generalizes the (CONFIG_IP6_NF_IPTABLES || CONFIG_IP6_NF_IPTABLES_MODULE)
test done in hashlimit_init_dst() to all the xt_hashlimit module.

This permits a size reduction of "struct dsthash_dst". This saves memory and
cpu for IPV4 only hosts.

Signed-off-by: default avatarEric Dumazet <dada1@cosmosbay.com>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e2f82ac3

net/netfilter/xt_hashlimit.c

+17 −3
Original line number Diff line number Diff line
@@ -20,8 +20,11 @@ 
#include <linux/mm.h>

#include <linux/in.h>

#include <linux/ip.h>

#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)

#include <linux/ipv6.h>

#include <net/ipv6.h>

#endif



#include <net/net_namespace.h>



#include <linux/netfilter/x_tables.h>
@@ -48,10 +51,12 @@ struct dsthash_dst { 
			__be32 src;

			__be32 dst;

		} ip;

#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)

		struct {

			__be32 src[4];

			__be32 dst[4];

		} ip6;

#endif

	} addr;

	__be16 src_port;

	__be16 dst_port;
@@ -599,6 +604,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = { 
		.destroy	= hashlimit_mt_destroy,

		.me		= THIS_MODULE

	},

#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)

	{

		.name		= "hashlimit",

		.family		= AF_INET6,
@@ -613,6 +619,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = { 
		.destroy	= hashlimit_mt_destroy,

		.me		= THIS_MODULE

	},

#endif

};



/* PROC stuff */
@@ -675,6 +682,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, int family, 
				 ntohs(ent->dst.dst_port),

				 ent->rateinfo.credit, ent->rateinfo.credit_cap,

				 ent->rateinfo.cost);

#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)

	case AF_INET6:

		return seq_printf(s, "%ld " NIP6_FMT ":%u->"

				     NIP6_FMT ":%u %u %u %u\n",
@@ -685,6 +693,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, int family, 
				 ntohs(ent->dst.dst_port),

				 ent->rateinfo.credit, ent->rateinfo.credit_cap,

				 ent->rateinfo.cost);

#endif

	default:

		BUG();

		return 0;
@@ -756,14 +765,17 @@ static int __init hashlimit_mt_init(void) 
				"entry\n");

		goto err3;

	}

	err = 0;

#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)

	hashlimit_procdir6 = proc_mkdir("ip6t_hashlimit", init_net.proc_net);

	if (!hashlimit_procdir6) {

		printk(KERN_ERR "xt_hashlimit: unable to create proc dir "

				"entry\n");

		goto err4;

		err = -ENOMEM;

	}

#endif

	if (!err)

		return 0;

err4:

	remove_proc_entry("ipt_hashlimit", init_net.proc_net);

err3:

	kmem_cache_destroy(hashlimit_cachep);
@@ -777,7 +789,9 @@ static int __init hashlimit_mt_init(void) 
static void __exit hashlimit_mt_exit(void)

{

	remove_proc_entry("ipt_hashlimit", init_net.proc_net);

#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)

	remove_proc_entry("ip6t_hashlimit", init_net.proc_net);

#endif

	kmem_cache_destroy(hashlimit_cachep);

	xt_unregister_matches(hashlimit_mt_reg, ARRAY_SIZE(hashlimit_mt_reg));

}