Le 18/09/2015 17:06, Eric W. Biederman a écrit :
This is the next installment of my work to pass struct net through the output path so the code does not need to guess how to figure out which network namespace it is in, and ultimately routes can have output devices in another network namespace. This round the changes focus on using nf_hook_state->net in the netfilter functions, and not passing nf_hook_ops to the functions on the netfilter chains. Given the way per network namespace operations are implemented callers can not rely on addresses or games with container_of. None of the netfilter hooks do but we should remove the temptation. Plus removing the extra parameter and the extra jump to get at values should reduce the number of cache line misses. At a practical matter this is the bulk of the work that other pieces of code in the netfilter stack will depend on.
Great! LGTM. Acked-by: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
