This patch generalizes the (CONFIG_IP6_NF_IPTABLES ||
CONFIG_IP6_NF_IPTABLES_MODULE)
test done in hashlimit_init_dst() to all the xt_hashlimit module.
This permits a size reduction of "struct dsthash_dst". This saves memory
and cpu for IPV4 only hosts.
Signed-off-by: Eric Dumazet <dada1@xxxxxxxxxxxxx>
net/netfilter/xt_hashlimit.c | 45 ++++++++++++++++++++++-----------
1 files changed, 31 insertions(+), 14 deletions(-)
--- net-2.6.25/net/netfilter/xt_hashlimit.c.prev
+++ net-2.6.25/net/netfilter/xt_hashlimit.c
@@ -20,8 +20,14 @@
#include <linux/mm.h>
#include <linux/in.h>
#include <linux/ip.h>
-#include <linux/ipv6.h>
-#include <net/ipv6.h>
+#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
+# include <linux/ipv6.h>
+# include <net/ipv6.h>
+# define IFIPV6(...) __VA_ARGS__
+#else
+# define IFIPV6(...)
+#endif
+
#include <net/net_namespace.h>
#include <linux/netfilter/x_tables.h>
@@ -34,11 +40,11 @@ MODULE_LICENSE("GPL");
MODULE_AUTHOR("Harald Welte <laforge@xxxxxxxxxxxxx>");
MODULE_DESCRIPTION("iptables match for limiting per hash-bucket");
MODULE_ALIAS("ipt_hashlimit");
-MODULE_ALIAS("ip6t_hashlimit");
+IFIPV6(MODULE_ALIAS("ip6t_hashlimit");)
/* need to declare this at the top */
static struct proc_dir_entry *hashlimit_procdir4;
-static struct proc_dir_entry *hashlimit_procdir6;
+IFIPV6(static struct proc_dir_entry *hashlimit_procdir6;)
static const struct file_operations dl_file_ops;
/* hash table crap */
@@ -48,10 +54,12 @@ struct dsthash_dst {
__be32 src;
__be32 dst;
} ip;
+ IFIPV6(
struct {
__be32 src[4];
__be32 dst[4];
} ip6;
+ )
} addr;
__be16 src_port;
__be16 dst_port;
@@ -221,8 +229,9 @@ static int htable_create(struct xt_hashl
hinfo->rnd_initialized = 0;
spin_lock_init(&hinfo->lock);
hinfo->pde = create_proc_entry(minfo->name, 0,
- family == AF_INET ? hashlimit_procdir4 :
- hashlimit_procdir6);
+ IFIPV6(family == AF_INET6 ?
+ hashlimit_procdir6 :)
+ hashlimit_procdir4);
if (!hinfo->pde) {
vfree(hinfo);
return -1;
@@ -292,8 +301,9 @@ static void htable_destroy(struct xt_has
/* remove proc entry */
remove_proc_entry(hinfo->pde->name,
- hinfo->family == AF_INET ? hashlimit_procdir4 :
- hashlimit_procdir6);
+ IFIPV6(hinfo->family == AF_INET6 ?
+ hashlimit_procdir6 :)
+ hashlimit_procdir4);
htable_selective_cleanup(hinfo, select_all);
vfree(hinfo);
}
@@ -405,7 +415,7 @@ hashlimit_init_dst(const struct xt_hashl
return 0;
nexthdr = ip_hdr(skb)->protocol;
break;
-#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
+IFIPV6(
case AF_INET6:
if (hinfo->cfg.mode & XT_HASHLIMIT_HASH_DIP)
memcpy(&dst->addr.ip6.dst, &ipv6_hdr(skb)->daddr,
@@ -422,7 +432,7 @@ hashlimit_init_dst(const struct xt_hashl
if ((int)protoff < 0)
return -1;
break;
-#endif
+)
default:
BUG();
return 0;
@@ -599,6 +609,7 @@ static struct xt_match hashlimit_mt_reg[
.destroy = hashlimit_mt_destroy,
.me = THIS_MODULE
},
+IFIPV6(
{
.name = "hashlimit",
.family = AF_INET6,
@@ -613,6 +624,7 @@ static struct xt_match hashlimit_mt_reg[
.destroy = hashlimit_mt_destroy,
.me = THIS_MODULE
},
+ )
};
/* PROC stuff */
@@ -675,6 +687,7 @@ static int dl_seq_real_show(struct dstha
ntohs(ent->dst.dst_port),
ent->rateinfo.credit, ent->rateinfo.credit_cap,
ent->rateinfo.cost);
+ IFIPV6(
case AF_INET6:
return seq_printf(s, "%ld " NIP6_FMT ":%u->"
NIP6_FMT ":%u %u %u %u\n",
@@ -685,6 +698,7 @@ static int dl_seq_real_show(struct dstha
ntohs(ent->dst.dst_port),
ent->rateinfo.credit, ent->rateinfo.credit_cap,
ent->rateinfo.cost);
+ )
default:
BUG();
return 0;
@@ -756,14 +770,17 @@ static int __init hashlimit_mt_init(void
"entry\n");
goto err3;
}
+ err = 0;
+IFIPV6(
hashlimit_procdir6 = proc_mkdir("ip6t_hashlimit", init_net.proc_net);
if (!hashlimit_procdir6) {
printk(KERN_ERR "xt_hashlimit: unable to create proc dir "
"entry\n");
- goto err4;
+ err = -ENOMEM;
}
- return 0;
-err4:
+ )
+ if (!err)
+ return 0;
remove_proc_entry("ipt_hashlimit", init_net.proc_net);
err3:
kmem_cache_destroy(hashlimit_cachep);
@@ -777,7 +794,7 @@ err1:
static void __exit hashlimit_mt_exit(void)
{
remove_proc_entry("ipt_hashlimit", init_net.proc_net);
- remove_proc_entry("ip6t_hashlimit", init_net.proc_net);
+IFIPV6( remove_proc_entry("ip6t_hashlimit", init_net.proc_net);)
kmem_cache_destroy(hashlimit_cachep);
xt_unregister_matches(hashlimit_mt_reg, ARRAY_SIZE(hashlimit_mt_reg));
}