On Thu, Jul 21, 2016 at 12:51:16PM +0200, Florian Westphal wrote:
> The conntrack label extension is currently variable-sized, e.g. if
> only 2 labels are used by iptables rules then the labels->bits[] array
> will only contain one element.
>
> We track size of each label storage area in the 'words' member.
>
> But in nftables and openvswitch we always have to ask for worst-case
> since we don't know what bit will be used at configuration time.
>
> As most arches are 64bit we need to allocate 24 bytes in this case:
>
> struct nf_conn_labels {
> u8 words; /* 0 1 */
> /* XXX 7 bytes hole, try to pack */
> long unsigned bits[2]; /* 8 24 */
>
> Make bits a fixed size and drop the words member, it simplifies
> the code and only increases memory requirements on x86 when
> less than 64bit labels are required.
>
> We still only allocate the extension if its needed.
Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
