diff options
| author | Florian Westphal <fw@strlen.de> | 2023-04-11 16:29:47 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-04-22 01:39:40 +0200 |
| commit | 63e9bbbcca60333490e13744ae736d8f988e4950 (patch) | |
| tree | ee6c0666b6c814f62b3482336e0cf2452017ce8e /net/netfilter/nf_tables_api.c | |
| parent | d4d89e6546e0d1ac09cb9dd353f0cb31c8a8deb1 (diff) | |
| download | linux-63e9bbbcca60333490e13744ae736d8f988e4950.tar.gz | |
netfilter: nf_tables: don't store chain address on jump
Now that the rule trailer/end marker and the rcu head reside in the
same structure, we no longer need to save/restore the chain pointer
when performing/returning from a jump.
We can simply let the trace infra walk the evaluated rule until it
hits the end marker and then fetch the chain pointer from there.
When the rule is NULL (policy tracing), then chain and basechain
pointers were already identical, so just use the basechain.
This cuts size of jumpstack in half, from 256 to 128 bytes in 64bit,
scripts/stackusage says:
nf_tables_core.c:251 nft_do_chain 328 static
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_tables_api.c')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 79848a27e640d0..0e1c86bb51a2c1 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -2110,13 +2110,6 @@ static void nft_chain_release_hook(struct nft_chain_hook *hook) module_put(hook->type->owner); } -struct nft_rule_dp_last { - struct nft_rule_dp end; /* end of nft_rule_blob marker */ - struct rcu_head h; - struct nft_rule_blob *blob; - const struct nft_chain *chain; /* for tracing */ -}; - static void nft_last_rule(const struct nft_chain *chain, const void *ptr) { struct nft_rule_dp_last *lrule; |