You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
67 lines
2.3 KiB
67 lines
2.3 KiB
From bb4badf3a3dc81190f7c1c1fa063cdefb18df45f Mon Sep 17 00:00:00 2001
|
|
From: Florian Westphal <fw@strlen.de>
|
|
Date: Thu, 7 Dec 2017 16:28:25 +0100
|
|
Subject: [PATCH 07/11] netfilter: don't allocate space for decnet hooks unless
|
|
needed
|
|
|
|
no need to define hook points if the family isn't supported.
|
|
|
|
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
---
|
|
include/linux/netfilter.h | 2 ++
|
|
include/net/netns/netfilter.h | 2 ++
|
|
net/netfilter/core.c | 4 ++++
|
|
3 files changed, 8 insertions(+)
|
|
|
|
--- a/include/linux/netfilter.h
|
|
+++ b/include/linux/netfilter.h
|
|
@@ -219,9 +219,11 @@ static inline int nf_hook(u_int8_t pf, u
|
|
case NFPROTO_BRIDGE:
|
|
hook_head = rcu_dereference(net->nf.hooks_bridge[hook]);
|
|
break;
|
|
+#if IS_ENABLED(CONFIG_DECNET)
|
|
case NFPROTO_DECNET:
|
|
hook_head = rcu_dereference(net->nf.hooks_decnet[hook]);
|
|
break;
|
|
+#endif
|
|
default:
|
|
WARN_ON_ONCE(1);
|
|
break;
|
|
--- a/include/net/netns/netfilter.h
|
|
+++ b/include/net/netns/netfilter.h
|
|
@@ -21,7 +21,9 @@ struct netns_nf {
|
|
struct nf_hook_entries __rcu *hooks_ipv6[NF_INET_NUMHOOKS];
|
|
struct nf_hook_entries __rcu *hooks_arp[NF_ARP_NUMHOOKS];
|
|
struct nf_hook_entries __rcu *hooks_bridge[NF_INET_NUMHOOKS];
|
|
+#if IS_ENABLED(CONFIG_DECNET)
|
|
struct nf_hook_entries __rcu *hooks_decnet[NF_DN_NUMHOOKS];
|
|
+#endif
|
|
#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4)
|
|
bool defrag_ipv4;
|
|
#endif
|
|
--- a/net/netfilter/core.c
|
|
+++ b/net/netfilter/core.c
|
|
@@ -283,10 +283,12 @@ static struct nf_hook_entries __rcu **nf
|
|
if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv6) <= reg->hooknum))
|
|
return NULL;
|
|
return net->nf.hooks_ipv6 + reg->hooknum;
|
|
+#if IS_ENABLED(CONFIG_DECNET)
|
|
case NFPROTO_DECNET:
|
|
if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_decnet) <= reg->hooknum))
|
|
return NULL;
|
|
return net->nf.hooks_decnet + reg->hooknum;
|
|
+#endif
|
|
default:
|
|
WARN_ON_ONCE(1);
|
|
return NULL;
|
|
@@ -573,7 +575,9 @@ static int __net_init netfilter_net_init
|
|
__netfilter_net_init(net->nf.hooks_ipv6, ARRAY_SIZE(net->nf.hooks_ipv6));
|
|
__netfilter_net_init(net->nf.hooks_arp, ARRAY_SIZE(net->nf.hooks_arp));
|
|
__netfilter_net_init(net->nf.hooks_bridge, ARRAY_SIZE(net->nf.hooks_bridge));
|
|
+#if IS_ENABLED(CONFIG_DECNET)
|
|
__netfilter_net_init(net->nf.hooks_decnet, ARRAY_SIZE(net->nf.hooks_decnet));
|
|
+#endif
|
|
|
|
#ifdef CONFIG_PROC_FS
|
|
net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter",
|
|
|