inet netfilter: Prefer state->hook to ops->hooknum

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The values of nf_hook_state.hook and nf_hook_ops.hooknum must be the
same by definition.

We are more likely to access the fields in nf_hook_state over the
fields in nf_hook_ops so with a little luck this results in
fewer cache line misses, and slightly more consistent code.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Eric W. Biederman and committed by

Pablo Neira Ayuso 10 years ago 082a758f 6cb8ff3f

+21 -21

6 changed files

expand all

net

ipv4

netfilter

nf_conntrack_l3proto_ipv4.c

nf_defrag_ipv4.c

nf_nat_l3proto_ipv4.c

ipv6

netfilter

nf_conntrack_l3proto_ipv6.c

nf_defrag_ipv6_hooks.c

nf_nat_l3proto_ipv6.c

+2 -2

net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c

··· 147 147 struct sk_buff *skb, 148 148 const struct nf_hook_state *state) 149 149 { 150 - return nf_conntrack_in(state->net, PF_INET, ops->hooknum, skb); 150 + return nf_conntrack_in(state->net, PF_INET, state->hook, skb); 151 151 } 152 152 153 153 static unsigned int ipv4_conntrack_local(const struct nf_hook_ops *ops, ··· 158 158 if (skb->len < sizeof(struct iphdr) || 159 159 ip_hdrlen(skb) < sizeof(struct iphdr)) 160 160 return NF_ACCEPT; 161 - return nf_conntrack_in(state->net, PF_INET, ops->hooknum, skb); 161 + return nf_conntrack_in(state->net, PF_INET, state->hook, skb); 162 162 } 163 163 164 164 /* Connection tracking may drop packets, but never alters them, so

+1 -1

net/ipv4/netfilter/nf_defrag_ipv4.c

··· 83 83 /* Gather fragments. */ 84 84 if (ip_is_fragment(ip_hdr(skb))) { 85 85 enum ip_defrag_users user = 86 - nf_ct_defrag_user(ops->hooknum, skb); 86 + nf_ct_defrag_user(state->hook, skb); 87 87 88 88 if (nf_ct_ipv4_gather_frags(skb, user)) 89 89 return NF_STOLEN;

+7 -7

net/ipv4/netfilter/nf_nat_l3proto_ipv4.c

··· 266 266 enum ip_conntrack_info ctinfo; 267 267 struct nf_conn_nat *nat; 268 268 /* maniptype == SRC for postrouting. */ 269 - enum nf_nat_manip_type maniptype = HOOK2MANIP(ops->hooknum); 269 + enum nf_nat_manip_type maniptype = HOOK2MANIP(state->hook); 270 270 271 271 /* We never see fragments: conntrack defrags on pre-routing 272 272 * and local-out, and nf_nat_out protects post-routing. ··· 295 295 case IP_CT_RELATED_REPLY: 296 296 if (ip_hdr(skb)->protocol == IPPROTO_ICMP) { 297 297 if (!nf_nat_icmp_reply_translation(skb, ct, ctinfo, 298 - ops->hooknum)) 298 + state->hook)) 299 299 return NF_DROP; 300 300 else 301 301 return NF_ACCEPT; ··· 312 312 if (ret != NF_ACCEPT) 313 313 return ret; 314 314 315 - if (nf_nat_initialized(ct, HOOK2MANIP(ops->hooknum))) 315 + if (nf_nat_initialized(ct, HOOK2MANIP(state->hook))) 316 316 break; 317 317 318 - ret = nf_nat_alloc_null_binding(ct, ops->hooknum); 318 + ret = nf_nat_alloc_null_binding(ct, state->hook); 319 319 if (ret != NF_ACCEPT) 320 320 return ret; 321 321 } else { 322 322 pr_debug("Already setup manip %s for ct %p\n", 323 323 maniptype == NF_NAT_MANIP_SRC ? "SRC" : "DST", 324 324 ct); 325 - if (nf_nat_oif_changed(ops->hooknum, ctinfo, nat, 325 + if (nf_nat_oif_changed(state->hook, ctinfo, nat, 326 326 state->out)) 327 327 goto oif_changed; 328 328 } ··· 332 332 /* ESTABLISHED */ 333 333 NF_CT_ASSERT(ctinfo == IP_CT_ESTABLISHED || 334 334 ctinfo == IP_CT_ESTABLISHED_REPLY); 335 - if (nf_nat_oif_changed(ops->hooknum, ctinfo, nat, state->out)) 335 + if (nf_nat_oif_changed(state->hook, ctinfo, nat, state->out)) 336 336 goto oif_changed; 337 337 } 338 338 339 - return nf_nat_packet(ct, ctinfo, ops->hooknum, skb); 339 + return nf_nat_packet(ct, ctinfo, state->hook, skb); 340 340 341 341 oif_changed: 342 342 nf_ct_kill_acct(ct, ctinfo, skb);

+2 -2

net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c

··· 169 169 struct sk_buff *skb, 170 170 const struct nf_hook_state *state) 171 171 { 172 - return nf_conntrack_in(state->net, PF_INET6, ops->hooknum, skb); 172 + return nf_conntrack_in(state->net, PF_INET6, state->hook, skb); 173 173 } 174 174 175 175 static unsigned int ipv6_conntrack_local(const struct nf_hook_ops *ops, ··· 181 181 net_notice_ratelimited("ipv6_conntrack_local: packet too short\n"); 182 182 return NF_ACCEPT; 183 183 } 184 - return nf_conntrack_in(state->net, PF_INET6, ops->hooknum, skb); 184 + return nf_conntrack_in(state->net, PF_INET6, state->hook, skb); 185 185 } 186 186 187 187 static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = {

+2 -2

net/ipv6/netfilter/nf_defrag_ipv6_hooks.c

··· 63 63 return NF_ACCEPT; 64 64 #endif 65 65 66 - reasm = nf_ct_frag6_gather(skb, nf_ct6_defrag_user(ops->hooknum, skb)); 66 + reasm = nf_ct_frag6_gather(skb, nf_ct6_defrag_user(state->hook, skb)); 67 67 /* queued */ 68 68 if (reasm == NULL) 69 69 return NF_STOLEN; ··· 74 74 75 75 nf_ct_frag6_consume_orig(reasm); 76 76 77 - NF_HOOK_THRESH(NFPROTO_IPV6, ops->hooknum, state->net, state->sk, reasm, 77 + NF_HOOK_THRESH(NFPROTO_IPV6, state->hook, state->net, state->sk, reasm, 78 78 state->in, state->out, 79 79 state->okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1); 80 80

+7 -7

net/ipv6/netfilter/nf_nat_l3proto_ipv6.c

··· 272 272 struct nf_conn *ct; 273 273 enum ip_conntrack_info ctinfo; 274 274 struct nf_conn_nat *nat; 275 - enum nf_nat_manip_type maniptype = HOOK2MANIP(ops->hooknum); 275 + enum nf_nat_manip_type maniptype = HOOK2MANIP(state->hook); 276 276 __be16 frag_off; 277 277 int hdrlen; 278 278 u8 nexthdr; ··· 303 303 304 304 if (hdrlen >= 0 && nexthdr == IPPROTO_ICMPV6) { 305 305 if (!nf_nat_icmpv6_reply_translation(skb, ct, ctinfo, 306 - ops->hooknum, 306 + state->hook, 307 307 hdrlen)) 308 308 return NF_DROP; 309 309 else ··· 321 321 if (ret != NF_ACCEPT) 322 322 return ret; 323 323 324 - if (nf_nat_initialized(ct, HOOK2MANIP(ops->hooknum))) 324 + if (nf_nat_initialized(ct, HOOK2MANIP(state->hook))) 325 325 break; 326 326 327 - ret = nf_nat_alloc_null_binding(ct, ops->hooknum); 327 + ret = nf_nat_alloc_null_binding(ct, state->hook); 328 328 if (ret != NF_ACCEPT) 329 329 return ret; 330 330 } else { 331 331 pr_debug("Already setup manip %s for ct %p\n", 332 332 maniptype == NF_NAT_MANIP_SRC ? "SRC" : "DST", 333 333 ct); 334 - if (nf_nat_oif_changed(ops->hooknum, ctinfo, nat, state->out)) 334 + if (nf_nat_oif_changed(state->hook, ctinfo, nat, state->out)) 335 335 goto oif_changed; 336 336 } 337 337 break; ··· 340 340 /* ESTABLISHED */ 341 341 NF_CT_ASSERT(ctinfo == IP_CT_ESTABLISHED || 342 342 ctinfo == IP_CT_ESTABLISHED_REPLY); 343 - if (nf_nat_oif_changed(ops->hooknum, ctinfo, nat, state->out)) 343 + if (nf_nat_oif_changed(state->hook, ctinfo, nat, state->out)) 344 344 goto oif_changed; 345 345 } 346 346 347 - return nf_nat_packet(ct, ctinfo, ops->hooknum, skb); 347 + return nf_nat_packet(ct, ctinfo, state->hook, skb); 348 348 349 349 oif_changed: 350 350 nf_ct_kill_acct(ct, ctinfo, skb);