On Wed, Feb 26, 2014 at 02:53:12AM +0100, Pablo Neira Ayuso wrote:
> This allows us to store user comment strings, but it could be also
> used to store any kind of information that the user application needs
> to link to the rule.
>
> struct nft_rule {
> struct list_head list;
> - u64 handle:46,
> - genmask:2,
> - dlen:16;
> + u64 handle;
> + u32 dlen;
> + u32 genmask:2,
> + ulen:30;
This increases the size of the rule by 8 bytes. I'd suggest to scrape
that off elsewhere. First of all, we probably don't need 16 bytes for
the rule length, 12 == 4k should be enough. The other 4 bits could
be taken from the handle I suppose, 2^42 should still be enough. Assuming
1000 new rules per second it would still last for 139 years :)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
