On 19 July 2015 at 20:42, David Miller <davem@xxxxxxxxxxxxx> wrote: > From: Mathias Krause <minipli@xxxxxxxxxxxxxx> > Date: Sun, 19 Jul 2015 20:17:41 +0200 > >> The sk_classid member is only required when CONFIG_CGROUP_NET_CLASSID is >> enabled. #ifdefify it to reduce the size of struct sock on 32 bit >> systems, at least. >> >> Signed-off-by: Mathias Krause <minipli@xxxxxxxxxxxxxx> > > Are you sure NFT_META_CGROUP cannot enter nft_meta_get_eval()? If so it'll > WARN_ON(). I just tried to bring the code in line as it already is for NFT_META_RTCLASSID and NFT_META_SECMARK. But, obviously, I messed it up by missing the nft_meta_get_init() function. Sorry for that! The init function gets called prior to the eval function (see nft_expr_init() and nf_tables_newrule()). If it returns an error, the latter won't be called. So the fix is, to add the #ifdef to nft_meta_get_init() as well. Another direct caller of nft_meta_get_eval() is nft_meta_bridge_get_eval(). However, it also complies to the init / eval rule by calling nft_meta_get_init() in its init function, so will error out in the case, too. I'll send a v2 soon. Thanks for the review! > I really don't like changes like this. Sorry. I should have taken more attention. Thanks, Mathias -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
