diff options
| author | Pablo Neira Ayuso | 2018-01-09 02:42:11 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso | 2018-01-10 15:32:10 +0100 |
| commit | dd4cbef7235154f163501ffbf396c0dadd830c9c (patch) | |
| tree | 6b111b82fc5991876e976e8a4a70d3ee619f6b4a /net/bridge/netfilter | |
| parent | netfilter: nf_tables: add single table list for all families (diff) | |
| download | kernel-qcow2-linux-dd4cbef7235154f163501ffbf396c0dadd830c9c.tar.gz kernel-qcow2-linux-dd4cbef7235154f163501ffbf396c0dadd830c9c.tar.xz kernel-qcow2-linux-dd4cbef7235154f163501ffbf396c0dadd830c9c.zip | |
netfilter: nf_tables: get rid of pernet families
Now that we have a single table list for each netns, we can get rid of
one pointer per family and the global afinfo list, thus, shrinking
struct netns for nftables that now becomes 64 bytes smaller.
And call __nft_release_afinfo() from __net_exit path accordingly to
release netnamespace objects on removal.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/bridge/netfilter')
| -rw-r--r-- | net/bridge/netfilter/nf_tables_bridge.c | 38 |
1 files changed, 5 insertions, 33 deletions
diff --git a/net/bridge/netfilter/nf_tables_bridge.c b/net/bridge/netfilter/nf_tables_bridge.c index 66c97b1e3303..dbf7195f059c 100644 --- a/net/bridge/netfilter/nf_tables_bridge.c +++ b/net/bridge/netfilter/nf_tables_bridge.c @@ -47,34 +47,6 @@ static struct nft_af_info nft_af_bridge __read_mostly = { .owner = THIS_MODULE, }; -static int nf_tables_bridge_init_net(struct net *net) -{ - net->nft.bridge = kmalloc(sizeof(struct nft_af_info), GFP_KERNEL); - if (net->nft.bridge == NULL) - return -ENOMEM; - - memcpy(net->nft.bridge, &nft_af_bridge, sizeof(nft_af_bridge)); - - if (nft_register_afinfo(net, net->nft.bridge) < 0) - goto err; - - return 0; -err: - kfree(net->nft.bridge); - return -ENOMEM; -} - -static void nf_tables_bridge_exit_net(struct net *net) -{ - nft_unregister_afinfo(net, net->nft.bridge); - kfree(net->nft.bridge); -} - -static struct pernet_operations nf_tables_bridge_net_ops = { - .init = nf_tables_bridge_init_net, - .exit = nf_tables_bridge_exit_net, -}; - static const struct nf_chain_type filter_bridge = { .name = "filter", .type = NFT_CHAIN_T_DEFAULT, @@ -98,17 +70,17 @@ static int __init nf_tables_bridge_init(void) { int ret; - ret = nft_register_chain_type(&filter_bridge); + ret = nft_register_afinfo(&nft_af_bridge); if (ret < 0) return ret; - ret = register_pernet_subsys(&nf_tables_bridge_net_ops); + ret = nft_register_chain_type(&filter_bridge); if (ret < 0) - goto err_register_subsys; + goto err_register_chain; return ret; -err_register_subsys: +err_register_chain: nft_unregister_chain_type(&filter_bridge); return ret; @@ -116,8 +88,8 @@ err_register_subsys: static void __exit nf_tables_bridge_exit(void) { - unregister_pernet_subsys(&nf_tables_bridge_net_ops); nft_unregister_chain_type(&filter_bridge); + nft_unregister_afinfo(&nft_af_bridge); } module_init(nf_tables_bridge_init); |