[PATCH nf-next 0/7] nf_tables: remove struct nft_af_info

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a follow up after the RFC patchset posted in late December [1].

This patch gets rid of quite a bit of complexity by removing the family
layer and it saves us 64 bytes per netns. Families are basically
defining the default filter chain hooks, that can be placed in the
filter chain definition instead. Then, there is already a hook
validation field that is redundant these days and some fields that are
very much specific of NFPROTO_NETDEV that we can also remove.

Result is less code to maintain (~500 LOC), and hence more simple
infrastructure.

No functional changes after this patchset.

[1] https://marc.info/?l=netfilter-devel&m=151467563814063&w=2

Pablo Neira Ayuso (7):
  netfilter: nf_tables: remove nhooks field from struct nft_af_info
  netfilter: nf_tables: remove flag field from struct nft_af_info
  netfilter: nf_tables: no need for struct nft_af_info to enable/disable table
  netfilter: nf_tables: remove struct nft_af_info parameter in nf_tables_chain_type_lookup()
  netfilter: nf_tables: add single table list for all families
  netfilter: nf_tables: get rid of pernet families
  netfilter: nf_tables: get rid of struct nft_af_info abstraction

 include/net/netfilter/nf_tables.h       |  37 +-
 include/net/netns/nftables.h            |   8 +-
 net/bridge/netfilter/nf_tables_bridge.c |  54 +--
 net/ipv4/netfilter/nf_tables_arp.c      |  49 +-
 net/ipv4/netfilter/nf_tables_ipv4.c     |  49 +-
 net/ipv6/netfilter/nf_tables_ipv6.c     |  49 +-
 net/netfilter/nf_tables_api.c           | 787 ++++++++++++--------------------
 net/netfilter/nf_tables_inet.c          |  49 +-
 net/netfilter/nf_tables_netdev.c        |  70 +--
 net/netfilter/nft_compat.c              |  16 +-
 net/netfilter/nft_ct.c                  |  16 +-
 net/netfilter/nft_flow_offload.c        |   4 +-
 net/netfilter/nft_log.c                 |   4 +-
 net/netfilter/nft_masq.c                |   2 +-
 net/netfilter/nft_meta.c                |   4 +-
 net/netfilter/nft_nat.c                 |   2 +-
 net/netfilter/nft_redir.c               |   2 +-
 17 files changed, 348 insertions(+), 854 deletions(-)

-- 
2.11.0


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux