On Sun, Dec 03, 2017 at 12:58:48AM +0100, Florian Westphal wrote: > Not all families share the same hook count. > > Can't use the corresponding ARP, BRIDGE, DECNET defines because they are > defined in uapi headers and including them causes build failures. > > struct net before: > /* size: 6592, cachelines: 103, members: 46 */ > after: > /* size: 5952, cachelines: 93, members: 46 */ > > Also, no need to define hook points if the family isn't supported. > > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- > include/linux/netfilter.h | 6 ++++++ > include/net/netns/netfilter.h | 19 ++++++++++++++----- > net/netfilter/core.c | 22 ++++++++++++++++++++++ > 3 files changed, 42 insertions(+), 5 deletions(-) > > diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h > index 80aa9a0b3d10..30a0d12a1f6d 100644 > --- a/include/linux/netfilter.h > +++ b/include/linux/netfilter.h > @@ -202,15 +202,21 @@ static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net, > case NFPROTO_IPV6: > hook_head = rcu_dereference(net->nf.hooks_ipv6[hook]); > break; > +#if IS_ENABLED(CONFIG_IP_NF_ARPTABLES) There'a also nftables here that can use the NFPROTO_ARP family. > case NFPROTO_ARP: > hook_head = rcu_dereference(net->nf.hooks_arp[hook]); > break; > +#endif > +#if IS_ENABLED(CONFIG_NF_TABLES_BRIDGE) Same here with ebtables? > case NFPROTO_BRIDGE: > hook_head = rcu_dereference(net->nf.hooks_bridge[hook]); > break; > +#endif -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
