diff options
| author | Florian Westphal <fw@strlen.de> | 2023-04-13 17:13:20 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-04-22 01:39:40 +0200 |
| commit | 00c320f9b75560628e840bef027a27c746706759 (patch) | |
| tree | 6da08133efe9c273e23a892f3eb7282351cecb14 /include/net | |
| parent | netfilter: nf_tables: don't write table validation state without mutex (diff) | |
| download | linux-00c320f9b75560628e840bef027a27c746706759.tar.xz linux-00c320f9b75560628e840bef027a27c746706759.zip | |
netfilter: nf_tables: make validation state per table
We only need to validate tables that saw changes in the current
transaction.
The existing code revalidates all tables, but this isn't needed as
cross-table jumps are not allowed (chains have table scope).
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/netfilter/nf_tables.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index f476fd030626..ec347d9cff9e 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -1209,6 +1209,7 @@ unsigned int nft_do_chain(struct nft_pktinfo *pkt, void *priv); * @genmask: generation mask * @afinfo: address family info * @name: name of the table + * @validate_state: internal, set when transaction adds jumps */ struct nft_table { struct list_head list; @@ -1227,6 +1228,7 @@ struct nft_table { char *name; u16 udlen; u8 *udata; + u8 validate_state; }; static inline bool nft_table_has_owner(const struct nft_table *table) @@ -1698,7 +1700,6 @@ struct nftables_pernet { struct mutex commit_mutex; u64 table_handle; unsigned int base_seq; - u8 validate_state; }; extern unsigned int nf_tables_net_id; |