Commit 7b21e09d authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller

[NETFILTER]: xt_hashlimit: reduce overhead without IPv6

This patch generalizes the (CONFIG_IP6_NF_IPTABLES || CONFIG_IP6_NF_IPTABLES_MODULE)
test done in hashlimit_init_dst() to all the xt_hashlimit module.

This permits a size reduction of "struct dsthash_dst". This saves memory and
cpu for IPV4 only hosts.
Signed-off-by: default avatarEric Dumazet <dada1@cosmosbay.com>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent e2f82ac3
...@@ -20,8 +20,11 @@ ...@@ -20,8 +20,11 @@
#include <linux/mm.h> #include <linux/mm.h>
#include <linux/in.h> #include <linux/in.h>
#include <linux/ip.h> #include <linux/ip.h>
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
#include <linux/ipv6.h> #include <linux/ipv6.h>
#include <net/ipv6.h> #include <net/ipv6.h>
#endif
#include <net/net_namespace.h> #include <net/net_namespace.h>
#include <linux/netfilter/x_tables.h> #include <linux/netfilter/x_tables.h>
...@@ -48,10 +51,12 @@ struct dsthash_dst { ...@@ -48,10 +51,12 @@ struct dsthash_dst {
__be32 src; __be32 src;
__be32 dst; __be32 dst;
} ip; } ip;
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
struct { struct {
__be32 src[4]; __be32 src[4];
__be32 dst[4]; __be32 dst[4];
} ip6; } ip6;
#endif
} addr; } addr;
__be16 src_port; __be16 src_port;
__be16 dst_port; __be16 dst_port;
...@@ -599,6 +604,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = { ...@@ -599,6 +604,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
.destroy = hashlimit_mt_destroy, .destroy = hashlimit_mt_destroy,
.me = THIS_MODULE .me = THIS_MODULE
}, },
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
{ {
.name = "hashlimit", .name = "hashlimit",
.family = AF_INET6, .family = AF_INET6,
...@@ -613,6 +619,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = { ...@@ -613,6 +619,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = {
.destroy = hashlimit_mt_destroy, .destroy = hashlimit_mt_destroy,
.me = THIS_MODULE .me = THIS_MODULE
}, },
#endif
}; };
/* PROC stuff */ /* PROC stuff */
...@@ -675,6 +682,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, int family, ...@@ -675,6 +682,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, int family,
ntohs(ent->dst.dst_port), ntohs(ent->dst.dst_port),
ent->rateinfo.credit, ent->rateinfo.credit_cap, ent->rateinfo.credit, ent->rateinfo.credit_cap,
ent->rateinfo.cost); ent->rateinfo.cost);
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
case AF_INET6: case AF_INET6:
return seq_printf(s, "%ld " NIP6_FMT ":%u->" return seq_printf(s, "%ld " NIP6_FMT ":%u->"
NIP6_FMT ":%u %u %u %u\n", NIP6_FMT ":%u %u %u %u\n",
...@@ -685,6 +693,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, int family, ...@@ -685,6 +693,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, int family,
ntohs(ent->dst.dst_port), ntohs(ent->dst.dst_port),
ent->rateinfo.credit, ent->rateinfo.credit_cap, ent->rateinfo.credit, ent->rateinfo.credit_cap,
ent->rateinfo.cost); ent->rateinfo.cost);
#endif
default: default:
BUG(); BUG();
return 0; return 0;
...@@ -756,14 +765,17 @@ static int __init hashlimit_mt_init(void) ...@@ -756,14 +765,17 @@ static int __init hashlimit_mt_init(void)
"entry\n"); "entry\n");
goto err3; goto err3;
} }
err = 0;
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
hashlimit_procdir6 = proc_mkdir("ip6t_hashlimit", init_net.proc_net); hashlimit_procdir6 = proc_mkdir("ip6t_hashlimit", init_net.proc_net);
if (!hashlimit_procdir6) { if (!hashlimit_procdir6) {
printk(KERN_ERR "xt_hashlimit: unable to create proc dir " printk(KERN_ERR "xt_hashlimit: unable to create proc dir "
"entry\n"); "entry\n");
goto err4; err = -ENOMEM;
} }
return 0; #endif
err4: if (!err)
return 0;
remove_proc_entry("ipt_hashlimit", init_net.proc_net); remove_proc_entry("ipt_hashlimit", init_net.proc_net);
err3: err3:
kmem_cache_destroy(hashlimit_cachep); kmem_cache_destroy(hashlimit_cachep);
...@@ -777,7 +789,9 @@ err1: ...@@ -777,7 +789,9 @@ err1:
static void __exit hashlimit_mt_exit(void) static void __exit hashlimit_mt_exit(void)
{ {
remove_proc_entry("ipt_hashlimit", init_net.proc_net); remove_proc_entry("ipt_hashlimit", init_net.proc_net);
#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
remove_proc_entry("ip6t_hashlimit", init_net.proc_net); remove_proc_entry("ip6t_hashlimit", init_net.proc_net);
#endif
kmem_cache_destroy(hashlimit_cachep); kmem_cache_destroy(hashlimit_cachep);
xt_unregister_matches(hashlimit_mt_reg, ARRAY_SIZE(hashlimit_mt_reg)); xt_unregister_matches(hashlimit_mt_reg, ARRAY_SIZE(hashlimit_mt_reg));
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment