This series reworks nf_tables evaluation loop so that only the next
rule to run after returning from the chain needs to be saved.
This reduces nft_do_chain stack usage from 600 to 328 bytes.
There is more potential for reduction of stack usage by dieting
the traceinfo structure, I will look into this next.
Florian Westphal (3):
netfilter: nf_tables: merge nft_rules_old structure and end of
ruleblob marker
netfilter: nf_tables: don't store address of last rule on jump
netfilter: nf_tables: don't store chain address on jump
include/net/netfilter/nf_tables.h | 14 ++++++--
net/netfilter/nf_tables_api.c | 56 +++++++++++++------------------
net/netfilter/nf_tables_core.c | 29 +++++-----------
net/netfilter/nf_tables_trace.c | 30 ++++++++++++++---
4 files changed, 70 insertions(+), 59 deletions(-)
--
2.39.2
