[NETFILTER]: xt_hashlimit: reduce overhead without IPv6
This patch generalizes the (CONFIG_IP6_NF_IPTABLES || CONFIG_IP6_NF_IPTABLES_MODULE) test done in hashlimit_init_dst() to all the xt_hashlimit module. This permits a size reduction of "struct dsthash_dst". This saves memory and cpu for IPV4 only hosts. Signed-off-by: Eric Dumazet <dada1@cosmosbay.com> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Eric Dumazet
David S. Miller
parent
e2f82ac3fc
commit
7b21e09d1c
1 changed files with 17 additions and 3 deletions
|
|
@ -20,8 +20,11 @@
|
|||
#include <linux/mm.h>
|
||||
#include <linux/in.h>
|
||||
#include <linux/ip.h>
|
||||
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
|
||||
#include <linux/ipv6.h>
|
||||
#include <net/ipv6.h>
|
||||
#endif
|
||||
|
||||
#include <net/net_namespace.h>
|
||||
|
||||
#include <linux/netfilter/x_tables.h>
|
||||
|
|
@ -48,10 +51,12 @@ struct dsthash_dst {
|
|||
__be32 src;
|
||||
__be32 dst;
|
||||
} ip;
|
||||
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
|
||||
struct {
|
||||
__be32 src[4];
|
||||
__be32 dst[4];
|
||||
} ip6;
|
||||
#endif
|
||||
} addr;
|
||||
__be16 src_port;
|
||||
__be16 dst_port;
|
||||
|
|
@ -599,6 +604,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
|
|||
.destroy = hashlimit_mt_destroy,
|
||||
.me = THIS_MODULE
|
||||
},
|
||||
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
|
||||
{
|
||||
.name = "hashlimit",
|
||||
.family = AF_INET6,
|
||||
|
|
@ -613,6 +619,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
|
|||
.destroy = hashlimit_mt_destroy,
|
||||
.me = THIS_MODULE
|
||||
},
|
||||
#endif
|
||||
};
|
||||
|
||||
/* PROC stuff */
|
||||
|
|
@ -675,6 +682,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, int family,
|
|||
ntohs(ent->dst.dst_port),
|
||||
ent->rateinfo.credit, ent->rateinfo.credit_cap,
|
||||
ent->rateinfo.cost);
|
||||
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
|
||||
case AF_INET6:
|
||||
return seq_printf(s, "%ld " NIP6_FMT ":%u->"
|
||||
NIP6_FMT ":%u %u %u %u\n",
|
||||
|
|
@ -685,6 +693,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, int family,
|
|||
ntohs(ent->dst.dst_port),
|
||||
ent->rateinfo.credit, ent->rateinfo.credit_cap,
|
||||
ent->rateinfo.cost);
|
||||
#endif
|
||||
default:
|
||||
BUG();
|
||||
return 0;
|
||||
|
|
@ -756,14 +765,17 @@ static int __init hashlimit_mt_init(void)
|
|||
"entry\n");
|
||||
goto err3;
|
||||
}
|
||||
err = 0;
|
||||
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
|
||||
hashlimit_procdir6 = proc_mkdir("ip6t_hashlimit", init_net.proc_net);
|
||||
if (!hashlimit_procdir6) {
|
||||
printk(KERN_ERR "xt_hashlimit: unable to create proc dir "
|
||||
"entry\n");
|
||||
goto err4;
|
||||
err = -ENOMEM;
|
||||
}
|
||||
return 0;
|
||||
err4:
|
||||
#endif
|
||||
if (!err)
|
||||
return 0;
|
||||
remove_proc_entry("ipt_hashlimit", init_net.proc_net);
|
||||
err3:
|
||||
kmem_cache_destroy(hashlimit_cachep);
|
||||
|
|
@ -777,7 +789,9 @@ static int __init hashlimit_mt_init(void)
|
|||
static void __exit hashlimit_mt_exit(void)
|
||||
{
|
||||
remove_proc_entry("ipt_hashlimit", init_net.proc_net);
|
||||
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
|
||||
remove_proc_entry("ip6t_hashlimit", init_net.proc_net);
|
||||
#endif
|
||||
kmem_cache_destroy(hashlimit_cachep);
|
||||
xt_unregister_matches(hashlimit_mt_reg, ARRAY_SIZE(hashlimit_mt_reg));
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue