summaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2013-10-10 11:41:20 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-10-14 17:16:08 +0200
commitef1f7df9170dbd875ce198ba84e6ab80f6fc139e (patch)
treeac15a3cbf8c4a05b8b1919cf195189e00c3a2956 /net/ipv4
parentnetfilter: nf_tables: add netlink set API (diff)
downloadlinux-ef1f7df9170dbd875ce198ba84e6ab80f6fc139e.tar.xz
linux-ef1f7df9170dbd875ce198ba84e6ab80f6fc139e.zip
netfilter: nf_tables: expression ops overloading
Split the expression ops into two parts and support overloading of the runtime expression ops based on the requested function through a ->select_ops() callback. This can be used to provide optimized implementations, for instance for loading small aligned amounts of data from the packet or inlining frequently used operations into the main evaluation loop. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/netfilter/nf_table_nat_ipv4.c18
-rw-r--r--net/ipv4/netfilter/nft_reject_ipv4.c18
2 files changed, 24 insertions, 12 deletions
diff --git a/net/ipv4/netfilter/nf_table_nat_ipv4.c b/net/ipv4/netfilter/nf_table_nat_ipv4.c
index 2a6f184c10bd..2ecce39077a3 100644
--- a/net/ipv4/netfilter/nf_table_nat_ipv4.c
+++ b/net/ipv4/netfilter/nf_table_nat_ipv4.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2008 Patrick McHardy <kaber@trash.net>
+ * Copyright (c) 2008-2009 Patrick McHardy <kaber@trash.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -149,15 +149,21 @@ nla_put_failure:
return -1;
}
-static struct nft_expr_ops nft_nat_ops __read_mostly = {
- .name = "nat",
+static struct nft_expr_type nft_nat_type;
+static const struct nft_expr_ops nft_nat_ops = {
+ .type = &nft_nat_type,
.size = NFT_EXPR_SIZE(sizeof(struct nft_nat)),
- .owner = THIS_MODULE,
.eval = nft_nat_eval,
.init = nft_nat_init,
.dump = nft_nat_dump,
+};
+
+static struct nft_expr_type nft_nat_type __read_mostly = {
+ .name = "nat",
+ .ops = &nft_nat_ops,
.policy = nft_nat_policy,
.maxattr = NFTA_NAT_MAX,
+ .owner = THIS_MODULE,
};
/*
@@ -382,7 +388,7 @@ static int __init nf_table_nat_init(void)
if (err < 0)
goto err1;
- err = nft_register_expr(&nft_nat_ops);
+ err = nft_register_expr(&nft_nat_type);
if (err < 0)
goto err2;
@@ -396,7 +402,7 @@ err1:
static void __exit nf_table_nat_exit(void)
{
- nft_unregister_expr(&nft_nat_ops);
+ nft_unregister_expr(&nft_nat_type);
nft_unregister_table(&nf_table_nat_ipv4, AF_INET);
}
diff --git a/net/ipv4/netfilter/nft_reject_ipv4.c b/net/ipv4/netfilter/nft_reject_ipv4.c
index b4ee8d3bb1e4..fff5ba1a33b7 100644
--- a/net/ipv4/netfilter/nft_reject_ipv4.c
+++ b/net/ipv4/netfilter/nft_reject_ipv4.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2008 Patrick McHardy <kaber@trash.net>
+ * Copyright (c) 2008-2009 Patrick McHardy <kaber@trash.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -88,25 +88,31 @@ nla_put_failure:
return -1;
}
-static struct nft_expr_ops reject_ops __read_mostly = {
- .name = "reject",
+static struct nft_expr_type nft_reject_type;
+static const struct nft_expr_ops nft_reject_ops = {
+ .type = &nft_reject_type,
.size = NFT_EXPR_SIZE(sizeof(struct nft_reject)),
- .owner = THIS_MODULE,
.eval = nft_reject_eval,
.init = nft_reject_init,
.dump = nft_reject_dump,
+};
+
+static struct nft_expr_type nft_reject_type __read_mostly = {
+ .name = "reject",
+ .ops = &nft_reject_ops,
.policy = nft_reject_policy,
.maxattr = NFTA_REJECT_MAX,
+ .owner = THIS_MODULE,
};
static int __init nft_reject_module_init(void)
{
- return nft_register_expr(&reject_ops);
+ return nft_register_expr(&nft_reject_type);
}
static void __exit nft_reject_module_exit(void)
{
- nft_unregister_expr(&reject_ops);
+ nft_unregister_expr(&nft_reject_type);
}
module_init(nft_reject_module_init);