diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-01-04 11:50:28 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-01-04 12:08:22 +0100 |
commit | 00c2c9dca32eb8eb8687b42fc6d135f35eaa5ff8 (patch) | |
tree | 165dc4759be70221168fe401c8c7b8114ea3039e /src/expect | |
parent | ac39464a7619955adf9b317c829a0de0379d7c04 (diff) |
src: put nf_expect and nf_conntrack into diet
Now, struct nf_expect takes only 192 bytes, instead of 1KB.
struct nf_conntrack takes 296 bytes instead of 328 bytes.
The size of the nf_expect structure has been reduced by rearranging
the layout of the nf_conntrack structure. For the nf_conntrack case,
this removes the allocation of room for attributes that the master
tuple does not use (more specifically, the NATseq bytes).
This patch modifies the binary layout of struct nf_conntrack.
This should not be a problem since the definition of this
object is opaque (it can be only accessed via get/set API).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/expect')
-rw-r--r-- | src/expect/build.c | 19 | ||||
-rw-r--r-- | src/expect/parse.c | 12 | ||||
-rw-r--r-- | src/expect/setter.c | 6 | ||||
-rw-r--r-- | src/expect/snprintf_default.c | 17 |
4 files changed, 21 insertions, 33 deletions
diff --git a/src/expect/build.c b/src/expect/build.c index 175698a..7fefd5f 100644 --- a/src/expect/build.c +++ b/src/expect/build.c @@ -45,9 +45,9 @@ int __build_expect(struct nfnl_subsys_handle *ssh, u_int8_t l3num; if (test_bit(ATTR_ORIG_L3PROTO, exp->master.set)) - l3num = exp->master.tuple[__DIR_ORIG].l3protonum; + l3num = exp->master.orig.l3protonum; else if (test_bit(ATTR_ORIG_L3PROTO, exp->expected.set)) - l3num = exp->expected.tuple[__DIR_ORIG].l3protonum; + l3num = exp->expected.orig.l3protonum; else return -1; @@ -56,24 +56,15 @@ int __build_expect(struct nfnl_subsys_handle *ssh, nfnl_fill_hdr(ssh, &req->nlh, 0, l3num, 0, type, flags); if (test_bit(ATTR_EXP_EXPECTED, exp->set)) { - __build_tuple(req, - size, - &exp->expected.tuple[__DIR_ORIG], - CTA_EXPECT_TUPLE); + __build_tuple(req, size, &exp->expected.orig, CTA_EXPECT_TUPLE); } if (test_bit(ATTR_EXP_MASTER, exp->set)) { - __build_tuple(req, - size, - &exp->master.tuple[__DIR_ORIG], - CTA_EXPECT_MASTER); + __build_tuple(req, size, &exp->master.orig, CTA_EXPECT_MASTER); } if (test_bit(ATTR_EXP_MASK, exp->set)) { - __build_tuple(req, - size, - &exp->mask.tuple[__DIR_ORIG], - CTA_EXPECT_MASK); + __build_tuple(req, size, &exp->mask.orig, CTA_EXPECT_MASK); } if (test_bit(ATTR_EXP_TIMEOUT, exp->set)) diff --git a/src/expect/parse.c b/src/expect/parse.c index 22d28ed..bee755d 100644 --- a/src/expect/parse.c +++ b/src/expect/parse.c @@ -33,32 +33,32 @@ void __parse_expect(const struct nlmsghdr *nlh, struct nfgenmsg *nfhdr = NLMSG_DATA(nlh); /* XXX: this is ugly, clean it up, please */ - exp->expected.tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family; + exp->expected.orig.l3protonum = nfhdr->nfgen_family; set_bit(ATTR_ORIG_L3PROTO, exp->expected.set); - exp->mask.tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family; + exp->mask.orig.l3protonum = nfhdr->nfgen_family; set_bit(ATTR_ORIG_L3PROTO, exp->mask.set); - exp->master.tuple[__DIR_ORIG].l3protonum = nfhdr->nfgen_family; + exp->master.orig.l3protonum = nfhdr->nfgen_family; set_bit(ATTR_ORIG_L3PROTO, exp->master.set); if (cda[CTA_EXPECT_MASTER-1]) { __parse_tuple(cda[CTA_EXPECT_MASTER-1], - &exp->master.tuple[__DIR_ORIG], + &exp->master.orig, __DIR_ORIG, exp->master.set); set_bit(ATTR_EXP_MASTER, exp->set); } if (cda[CTA_EXPECT_TUPLE-1]) { __parse_tuple(cda[CTA_EXPECT_TUPLE-1], - &exp->expected.tuple[__DIR_ORIG], + &exp->expected.orig, __DIR_ORIG, exp->expected.set); set_bit(ATTR_EXP_EXPECTED, exp->set); } if (cda[CTA_EXPECT_MASK-1]) { __parse_tuple(cda[CTA_EXPECT_MASK-1], - &exp->mask.tuple[__DIR_ORIG], + &exp->mask.orig, __DIR_ORIG, exp->mask.set); set_bit(ATTR_EXP_MASK, exp->set); diff --git a/src/expect/setter.c b/src/expect/setter.c index 40e06f3..89a3157 100644 --- a/src/expect/setter.c +++ b/src/expect/setter.c @@ -11,17 +11,17 @@ static void set_exp_attr_master(struct nf_expect *exp, const void *value) { - exp->master = *((struct nf_conntrack *) value); + exp->master = *((struct nfct_tuple_head *) value); } static void set_exp_attr_expected(struct nf_expect *exp, const void *value) { - exp->expected = *((struct nf_conntrack *) value); + exp->expected = *((struct nfct_tuple_head *) value); } static void set_exp_attr_mask(struct nf_expect *exp, const void *value) { - exp->mask = *((struct nf_conntrack *) value); + exp->mask = *((struct nfct_tuple_head *) value); } static void set_exp_attr_timeout(struct nf_expect *exp, const void *value) diff --git a/src/expect/snprintf_default.c b/src/expect/snprintf_default.c index 7af9d15..77f9c3b 100644 --- a/src/expect/snprintf_default.c +++ b/src/expect/snprintf_default.c @@ -24,7 +24,7 @@ static int __snprintf_expect_proto(char *buf, const struct nf_expect *exp) { return(snprintf(buf, len, "proto=%d ", - exp->expected.tuple[__DIR_ORIG].protonum)); + exp->expected.orig.protonum)); } int __snprintf_expect_default(char *buf, @@ -58,30 +58,27 @@ int __snprintf_expect_default(char *buf, ret = __snprintf_expect_proto(buf+offset, len, exp); BUFFER_SIZE(ret, size, len, offset); - ret = __snprintf_address(buf+offset, len, - &exp->expected.tuple[__DIR_ORIG], + ret = __snprintf_address(buf+offset, len, &exp->expected.orig, "src", "dst"); BUFFER_SIZE(ret, size, len, offset); - ret = __snprintf_proto(buf+offset, len, &exp->expected.tuple[__DIR_ORIG]); + ret = __snprintf_proto(buf+offset, len, &exp->expected.orig); BUFFER_SIZE(ret, size, len, offset); - ret = __snprintf_address(buf+offset, len, - &exp->mask.tuple[__DIR_ORIG], + ret = __snprintf_address(buf+offset, len, &exp->mask.orig, "mask-src", "mask-dst"); BUFFER_SIZE(ret, size, len, offset); ret = __snprintf_proto(buf+offset, len, - &exp->mask.tuple[__DIR_ORIG]); + &exp->mask.orig); BUFFER_SIZE(ret, size, len, offset); - ret = __snprintf_address(buf+offset, len, - &exp->master.tuple[__DIR_ORIG], + ret = __snprintf_address(buf+offset, len, &exp->master.orig, "master-src", "master-dst"); BUFFER_SIZE(ret, size, len, offset); ret = __snprintf_proto(buf+offset, len, - &exp->master.tuple[__DIR_ORIG]); + &exp->master.orig); BUFFER_SIZE(ret, size, len, offset); if (test_bit(ATTR_EXP_ZONE, exp->set)) { |