summaryrefslogtreecommitdiffstats
path: root/include/internal/object.h
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-01-04 11:50:28 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2012-01-04 12:08:22 +0100
commit00c2c9dca32eb8eb8687b42fc6d135f35eaa5ff8 (patch)
tree165dc4759be70221168fe401c8c7b8114ea3039e /include/internal/object.h
parentac39464a7619955adf9b317c829a0de0379d7c04 (diff)
src: put nf_expect and nf_conntrack into diet
Now, struct nf_expect takes only 192 bytes, instead of 1KB. struct nf_conntrack takes 296 bytes instead of 328 bytes. The size of the nf_expect structure has been reduced by rearranging the layout of the nf_conntrack structure. For the nf_conntrack case, this removes the allocation of room for attributes that the master tuple does not use (more specifically, the NATseq bytes). This patch modifies the binary layout of struct nf_conntrack. This should not be a problem since the definition of this object is opaque (it can be only accessed via get/set API). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/internal/object.h')
-rw-r--r--include/internal/object.h38
1 files changed, 22 insertions, 16 deletions
diff --git a/include/internal/object.h b/include/internal/object.h
index 880f7c1..64f7721 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -109,18 +109,12 @@ struct __nfct_tuple {
u_int8_t protonum;
union __nfct_l4_src l4src;
union __nfct_l4_dst l4dst;
-
- struct {
- u_int32_t correction_pos;
- u_int32_t offset_before;
- u_int32_t offset_after;
- } natseq;
};
#define __DIR_ORIG 0
#define __DIR_REPL 1
+#define __DIR_MAX __DIR_REPL+1
#define __DIR_MASTER 2
-#define __DIR_MAX __DIR_MASTER+1
union __nfct_protoinfo {
struct {
@@ -152,9 +146,18 @@ struct __nfct_nat {
union __nfct_l4_src l4min, l4max;
};
+struct nfct_tuple_head {
+ struct __nfct_tuple orig;
+
+#define __NFCT_BITSET 3
+ u_int32_t set[__NFCT_BITSET];
+};
+
struct nf_conntrack {
- struct __nfct_tuple tuple[__DIR_MAX];
-
+ struct nfct_tuple_head head;
+ struct __nfct_tuple repl;
+ struct __nfct_tuple master;
+
u_int32_t timeout;
u_int32_t mark;
u_int32_t secmark;
@@ -174,13 +177,15 @@ struct nf_conntrack {
struct __nfct_nat dnat;
struct {
+ u_int32_t correction_pos;
+ u_int32_t offset_before;
+ u_int32_t offset_after;
+ } natseq[__DIR_MAX];
+
+ struct {
u_int64_t start;
u_int64_t stop;
} timestamp;
-
-/* we've got more than 64 attributes now, we need 96 bits to store them. */
-#define __NFCT_BITSET 3
- u_int32_t set[__NFCT_BITSET];
};
/*
@@ -260,9 +265,10 @@ struct nfct_filter {
*/
struct nf_expect {
- struct nf_conntrack master;
- struct nf_conntrack expected;
- struct nf_conntrack mask;
+ struct nfct_tuple_head master;
+ struct nfct_tuple_head expected;
+ struct nfct_tuple_head mask;
+
u_int32_t timeout;
u_int32_t id;
u_int16_t zone;