netfilter: nf_tables: reduce trans->ctx.table references

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

nft_ctx is huge, it should not be stored in nft_trans at all,
most information is not needed.

Preparation patch to remove trans->ctx, no change in behaviour intended.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 2 years ago 06fcaca2 b3f4c216

+41 -38

1 changed file

expand all

net

netfilter

nf_tables_api.c

+41 -38

net/netfilter/nf_tables_api.c

··· 9472 9472 9473 9473 static void nft_chain_commit_update(struct nft_trans *trans) 9474 9474 { 9475 + struct nft_table *table = trans->ctx.table; 9475 9476 struct nft_base_chain *basechain; 9476 9477 9477 9478 if (nft_trans_chain_name(trans)) { 9478 - rhltable_remove(&trans->ctx.table->chains_ht, 9479 + rhltable_remove(&table->chains_ht, 9479 9480 &trans->ctx.chain->rhlhead, 9480 9481 nft_chain_ht_params); 9481 9482 swap(trans->ctx.chain->name, nft_trans_chain_name(trans)); 9482 - rhltable_insert_key(&trans->ctx.table->chains_ht, 9483 + rhltable_insert_key(&table->chains_ht, 9483 9484 trans->ctx.chain->name, 9484 9485 &trans->ctx.chain->rhlhead, 9485 9486 nft_chain_ht_params); ··· 10238 10237 10239 10238 /* 1. Allocate space for next generation rules_gen_X[] */ 10240 10239 list_for_each_entry_safe(trans, next, &nft_net->commit_list, list) { 10240 + struct nft_table *table = trans->ctx.table; 10241 10241 int ret; 10242 10242 10243 - ret = nf_tables_commit_audit_alloc(&adl, trans->ctx.table); 10243 + ret = nf_tables_commit_audit_alloc(&adl, table); 10244 10244 if (ret) { 10245 10245 nf_tables_commit_chain_prepare_cancel(net); 10246 10246 nf_tables_commit_audit_free(&adl); ··· 10282 10280 net->nft.gencursor = nft_gencursor_next(net); 10283 10281 10284 10282 list_for_each_entry_safe(trans, next, &nft_net->commit_list, list) { 10285 - nf_tables_commit_audit_collect(&adl, trans->ctx.table, 10286 - trans->msg_type); 10283 + struct nft_table *table = trans->ctx.table; 10284 + 10285 + nf_tables_commit_audit_collect(&adl, table, trans->msg_type); 10287 10286 switch (trans->msg_type) { 10288 10287 case NFT_MSG_NEWTABLE: 10289 10288 if (nft_trans_table_update(trans)) { 10290 - if (!(trans->ctx.table->flags & __NFT_TABLE_F_UPDATE)) { 10289 + if (!(table->flags & __NFT_TABLE_F_UPDATE)) { 10291 10290 nft_trans_destroy(trans); 10292 10291 break; 10293 10292 } 10294 - if (trans->ctx.table->flags & NFT_TABLE_F_DORMANT) 10295 - nf_tables_table_disable(net, trans->ctx.table); 10293 + if (table->flags & NFT_TABLE_F_DORMANT) 10294 + nf_tables_table_disable(net, table); 10296 10295 10297 - trans->ctx.table->flags &= ~__NFT_TABLE_F_UPDATE; 10296 + table->flags &= ~__NFT_TABLE_F_UPDATE; 10298 10297 } else { 10299 - nft_clear(net, trans->ctx.table); 10298 + nft_clear(net, table); 10300 10299 } 10301 10300 nf_tables_table_notify(&trans->ctx, NFT_MSG_NEWTABLE); 10302 10301 nft_trans_destroy(trans); 10303 10302 break; 10304 10303 case NFT_MSG_DELTABLE: 10305 10304 case NFT_MSG_DESTROYTABLE: 10306 - list_del_rcu(&trans->ctx.table->list); 10305 + list_del_rcu(&table->list); 10307 10306 nf_tables_table_notify(&trans->ctx, trans->msg_type); 10308 10307 break; 10309 10308 case NFT_MSG_NEWCHAIN: ··· 10327 10324 if (nft_trans_chain_update(trans)) { 10328 10325 nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN, 10329 10326 &nft_trans_chain_hooks(trans)); 10330 - if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT)) { 10327 + if (!(table->flags & NFT_TABLE_F_DORMANT)) { 10331 10328 nft_netdev_unregister_hooks(net, 10332 10329 &nft_trans_chain_hooks(trans), 10333 10330 true); ··· 10336 10333 nft_chain_del(trans->ctx.chain); 10337 10334 nf_tables_chain_notify(&trans->ctx, NFT_MSG_DELCHAIN, 10338 10335 NULL); 10339 - nf_tables_unregister_hook(trans->ctx.net, 10340 - trans->ctx.table, 10336 + nf_tables_unregister_hook(trans->ctx.net, table, 10341 10337 trans->ctx.chain); 10342 10338 } 10343 10339 break; ··· 10379 10377 */ 10380 10378 if (nft_set_is_anonymous(nft_trans_set(trans)) && 10381 10379 !list_empty(&nft_trans_set(trans)->bindings)) 10382 - nft_use_dec(&trans->ctx.table->use); 10380 + nft_use_dec(&table->use); 10383 10381 } 10384 10382 nf_tables_set_notify(&trans->ctx, nft_trans_set(trans), 10385 10383 NFT_MSG_NEWSET, GFP_KERNEL); ··· 10577 10575 10578 10576 list_for_each_entry_safe_reverse(trans, next, &nft_net->commit_list, 10579 10577 list) { 10578 + struct nft_table *table = trans->ctx.table; 10579 + 10580 10580 switch (trans->msg_type) { 10581 10581 case NFT_MSG_NEWTABLE: 10582 10582 if (nft_trans_table_update(trans)) { 10583 - if (!(trans->ctx.table->flags & __NFT_TABLE_F_UPDATE)) { 10583 + if (!(table->flags & __NFT_TABLE_F_UPDATE)) { 10584 10584 nft_trans_destroy(trans); 10585 10585 break; 10586 10586 } 10587 - if (trans->ctx.table->flags & __NFT_TABLE_F_WAS_DORMANT) { 10588 - nf_tables_table_disable(net, trans->ctx.table); 10589 - trans->ctx.table->flags |= NFT_TABLE_F_DORMANT; 10590 - } else if (trans->ctx.table->flags & __NFT_TABLE_F_WAS_AWAKEN) { 10591 - trans->ctx.table->flags &= ~NFT_TABLE_F_DORMANT; 10587 + if (table->flags & __NFT_TABLE_F_WAS_DORMANT) { 10588 + nf_tables_table_disable(net, table); 10589 + table->flags |= NFT_TABLE_F_DORMANT; 10590 + } else if (table->flags & __NFT_TABLE_F_WAS_AWAKEN) { 10591 + table->flags &= ~NFT_TABLE_F_DORMANT; 10592 10592 } 10593 - if (trans->ctx.table->flags & __NFT_TABLE_F_WAS_ORPHAN) { 10594 - trans->ctx.table->flags &= ~NFT_TABLE_F_OWNER; 10595 - trans->ctx.table->nlpid = 0; 10593 + if (table->flags & __NFT_TABLE_F_WAS_ORPHAN) { 10594 + table->flags &= ~NFT_TABLE_F_OWNER; 10595 + table->nlpid = 0; 10596 10596 } 10597 - trans->ctx.table->flags &= ~__NFT_TABLE_F_UPDATE; 10597 + table->flags &= ~__NFT_TABLE_F_UPDATE; 10598 10598 nft_trans_destroy(trans); 10599 10599 } else { 10600 - list_del_rcu(&trans->ctx.table->list); 10600 + list_del_rcu(&table->list); 10601 10601 } 10602 10602 break; 10603 10603 case NFT_MSG_DELTABLE: 10604 10604 case NFT_MSG_DESTROYTABLE: 10605 - nft_clear(trans->ctx.net, trans->ctx.table); 10605 + nft_clear(trans->ctx.net, table); 10606 10606 nft_trans_destroy(trans); 10607 10607 break; 10608 10608 case NFT_MSG_NEWCHAIN: 10609 10609 if (nft_trans_chain_update(trans)) { 10610 - if (!(trans->ctx.table->flags & NFT_TABLE_F_DORMANT)) { 10610 + if (!(table->flags & NFT_TABLE_F_DORMANT)) { 10611 10611 nft_netdev_unregister_hooks(net, 10612 10612 &nft_trans_chain_hooks(trans), 10613 10613 true); ··· 10622 10618 nft_trans_destroy(trans); 10623 10619 break; 10624 10620 } 10625 - nft_use_dec_restore(&trans->ctx.table->use); 10621 + nft_use_dec_restore(&table->use); 10626 10622 nft_chain_del(trans->ctx.chain); 10627 - nf_tables_unregister_hook(trans->ctx.net, 10628 - trans->ctx.table, 10623 + nf_tables_unregister_hook(trans->ctx.net, table, 10629 10624 trans->ctx.chain); 10630 10625 } 10631 10626 break; ··· 10634 10631 list_splice(&nft_trans_chain_hooks(trans), 10635 10632 &nft_trans_basechain(trans)->hook_list); 10636 10633 } else { 10637 - nft_use_inc_restore(&trans->ctx.table->use); 10634 + nft_use_inc_restore(&table->use); 10638 10635 nft_clear(trans->ctx.net, trans->ctx.chain); 10639 10636 } 10640 10637 nft_trans_destroy(trans); ··· 10667 10664 nft_trans_destroy(trans); 10668 10665 break; 10669 10666 } 10670 - nft_use_dec_restore(&trans->ctx.table->use); 10667 + nft_use_dec_restore(&table->use); 10671 10668 if (nft_trans_set_bound(trans)) { 10672 10669 nft_trans_destroy(trans); 10673 10670 break; ··· 10677 10674 break; 10678 10675 case NFT_MSG_DELSET: 10679 10676 case NFT_MSG_DESTROYSET: 10680 - nft_use_inc_restore(&trans->ctx.table->use); 10677 + nft_use_inc_restore(&table->use); 10681 10678 nft_clear(trans->ctx.net, nft_trans_set(trans)); 10682 10679 if (nft_trans_set(trans)->flags & (NFT_SET_MAP | NFT_SET_OBJECT)) 10683 10680 nft_map_activate(&trans->ctx, nft_trans_set(trans)); ··· 10723 10720 nft_obj_destroy(&trans->ctx, nft_trans_obj_newobj(trans)); 10724 10721 nft_trans_destroy(trans); 10725 10722 } else { 10726 - nft_use_dec_restore(&trans->ctx.table->use); 10723 + nft_use_dec_restore(&table->use); 10727 10724 nft_obj_del(nft_trans_obj(trans)); 10728 10725 } 10729 10726 break; 10730 10727 case NFT_MSG_DELOBJ: 10731 10728 case NFT_MSG_DESTROYOBJ: 10732 - nft_use_inc_restore(&trans->ctx.table->use); 10729 + nft_use_inc_restore(&table->use); 10733 10730 nft_clear(trans->ctx.net, nft_trans_obj(trans)); 10734 10731 nft_trans_destroy(trans); 10735 10732 break; ··· 10738 10735 nft_unregister_flowtable_net_hooks(net, 10739 10736 &nft_trans_flowtable_hooks(trans)); 10740 10737 } else { 10741 - nft_use_dec_restore(&trans->ctx.table->use); 10738 + nft_use_dec_restore(&table->use); 10742 10739 list_del_rcu(&nft_trans_flowtable(trans)->list); 10743 10740 nft_unregister_flowtable_net_hooks(net, 10744 10741 &nft_trans_flowtable(trans)->hook_list); ··· 10750 10747 list_splice(&nft_trans_flowtable_hooks(trans), 10751 10748 &nft_trans_flowtable(trans)->hook_list); 10752 10749 } else { 10753 - nft_use_inc_restore(&trans->ctx.table->use); 10750 + nft_use_inc_restore(&table->use); 10754 10751 nft_clear(trans->ctx.net, nft_trans_flowtable(trans)); 10755 10752 } 10756 10753 nft_trans_destroy(trans);