netfilter: decouple nf_hook_entry and nf_hook_ops

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

During nfhook traversal we only need a very small subset of
nf_hook_ops members.

We need:
- next element
- hook function to call
- hook function priv argument

Bridge netfilter also needs 'thresh'; can be obtained via ->orig_ops.

nf_hook_entry struct is now 32 bytes on x86_64.

A followup patch will turn the run-time list into an array that only
stores hook functions plus their priv arguments, eliminating the ->next
element.

Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Aaron Conole <aconole@bytheb.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Aaron Conole and committed by

Pablo Neira Ayuso 9 years ago d415b9eb 0aa8c57a

+6 -4

1 changed file

expand all

include

linux

netfilter.h

+6 -4

include/linux/netfilter.h

··· 75 75 76 76 struct nf_hook_entry { 77 77 struct nf_hook_entry __rcu *next; 78 - struct nf_hook_ops ops; 78 + nf_hookfn *hook; 79 + void *priv; 79 80 const struct nf_hook_ops *orig_ops; 80 81 }; 81 82 ··· 84 83 nf_hook_entry_init(struct nf_hook_entry *entry, const struct nf_hook_ops *ops) 85 84 { 86 85 entry->next = NULL; 87 - entry->ops = *ops; 86 + entry->hook = ops->hook; 87 + entry->priv = ops->priv; 88 88 entry->orig_ops = ops; 89 89 } 90 90 91 91 static inline int 92 92 nf_hook_entry_priority(const struct nf_hook_entry *entry) 93 93 { 94 - return entry->ops.priority; 94 + return entry->orig_ops->priority; 95 95 } 96 96 97 97 static inline int 98 98 nf_hook_entry_hookfn(const struct nf_hook_entry *entry, struct sk_buff *skb, 99 99 struct nf_hook_state *state) 100 100 { 101 - return entry->ops.hook(entry->ops.priv, skb, state); 101 + return entry->hook(entry->priv, skb, state); 102 102 } 103 103 104 104 static inline const struct nf_hook_ops *