Jan Engelhardt wrote:
> For a following patch in this series ("generate nf hook ops on
> demand"), we will be requiring that a single hook entry function per
> table does the processing. Would this not be done would I need to
> pass multiple hook functions as arguments in that later patch, which
> would have been not so nice.
>
> This also removes exact duplicates of some hook functions —
> ipt_pre_routing_hook, ipt_local_in_hook and ipt_forward_hook in
> iptable_mangle.c all did the same.
Removing duplicates is fine of course, but I don't like the
"consolidation" of multiple different hook functions very much.
You're trading more runtime overhead (admittedly not that much,
but those functions are heavily used) for a small "unification",
which doesn't seem like a good trade to me.
The second problem is that your automatically generated hook ops
can't even represent all the cases we have since some tables
actually do use different priorities for the different hooks.
And I'm not sure where the memory savings you claim should come
from, the hook ops are still required at runtime.
So please explain the benefit of these patches (1-3) in more
detail.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
