On Feb 29 2008 19:47, Jan Engelhardt wrote: >>=== >>commit 84622a5c5190ea1bf0a37695961714a04a99a9c0 >>Author: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx> >>Date: Thu Feb 21 16:33:32 2008 +0100 >> >> [NETFILTER]: Deploy a prefix length to network mask mapping table >> >> Userspace utilities commonly transform a prefix length (CIDR notation >> like 192.168.222.1/32) into a full netmask before submitting it to >> the kernel. >> >> The size of struct xt_conntrack_mtinfo1 is currently 152 bytes, of >> which 64 bytes are for masks. By submitting prefix lengths to the >> kernel, we can save 60 bytes (almost 40%) as prefix lengths can fit >> into one uint8_t. Since we do not want to recompute the mask for each >> invocation of the match function, a static translation table will be >> used (net/core/pfxlen.c). >> >> The patch also removes xt_hashlimit's obsolete mask computation. > >Can we merge this while r1 is not yet used by userspace? >If not, that's fine too, will queue it for 2.6.26. > I have not yet heard back. If this fails to make it into 2.6.25, then I suggest disabling revision 1 support before the next iptables release (replacing .family=AF_INET/AF_INET6 with AF_UNSPEC for simplicity) so that iptables continues to use rev 0 on 2.6.25. Following this, .revision=1 can just be exchanged by .revision=2 in both 2.6.26 and iptables without problems. This way, no new extra code is introduced while keeping all the backwards niceties. thanks, Jan -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html