]> git.karo-electronics.de Git - linux-beck.git/commitdiff
inet netfilter: Prefer state->hook to ops->hooknum
authorEric W. Biederman <ebiederm@xmission.com>
Fri, 18 Sep 2015 19:32:56 +0000 (14:32 -0500)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 18 Sep 2015 19:57:51 +0000 (21:57 +0200)
The values of nf_hook_state.hook and nf_hook_ops.hooknum must be the
same by definition.

We are more likely to access the fields in nf_hook_state over the
fields in nf_hook_ops so with a little luck this results in
fewer cache line misses, and slightly more consistent code.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
net/ipv4/netfilter/nf_defrag_ipv4.c
net/ipv4/netfilter/nf_nat_l3proto_ipv4.c
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
net/ipv6/netfilter/nf_nat_l3proto_ipv6.c

index 9564684876c9729d5cf27cb7370d3d6b56afcbc7..15749cc5cf2bf04d4a5c0e773b90b27c3f074db3 100644 (file)
@@ -147,7 +147,7 @@ static unsigned int ipv4_conntrack_in(const struct nf_hook_ops *ops,
                                      struct sk_buff *skb,
                                      const struct nf_hook_state *state)
 {
-       return nf_conntrack_in(state->net, PF_INET, ops->hooknum, skb);
+       return nf_conntrack_in(state->net, PF_INET, state->hook, skb);
 }
 
 static unsigned int ipv4_conntrack_local(const struct nf_hook_ops *ops,
@@ -158,7 +158,7 @@ static unsigned int ipv4_conntrack_local(const struct nf_hook_ops *ops,
        if (skb->len < sizeof(struct iphdr) ||
            ip_hdrlen(skb) < sizeof(struct iphdr))
                return NF_ACCEPT;
-       return nf_conntrack_in(state->net, PF_INET, ops->hooknum, skb);
+       return nf_conntrack_in(state->net, PF_INET, state->hook, skb);
 }
 
 /* Connection tracking may drop packets, but never alters them, so
index 9306ec4fab41e9fa0c3c99fd6be78bcf8adfb397..8aea536d2e839d0a7d71fee2c6c0b80eda425a9f 100644 (file)
@@ -83,7 +83,7 @@ static unsigned int ipv4_conntrack_defrag(const struct nf_hook_ops *ops,
        /* Gather fragments. */
        if (ip_is_fragment(ip_hdr(skb))) {
                enum ip_defrag_users user =
-                       nf_ct_defrag_user(ops->hooknum, skb);
+                       nf_ct_defrag_user(state->hook, skb);
 
                if (nf_ct_ipv4_gather_frags(skb, user))
                        return NF_STOLEN;
index 22f4579b0c2aeba3ad637e4cff756042e86e4244..16da45a76dacd200397828722da14bcb7185076b 100644 (file)
@@ -266,7 +266,7 @@ nf_nat_ipv4_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
        enum ip_conntrack_info ctinfo;
        struct nf_conn_nat *nat;
        /* maniptype == SRC for postrouting. */
-       enum nf_nat_manip_type maniptype = HOOK2MANIP(ops->hooknum);
+       enum nf_nat_manip_type maniptype = HOOK2MANIP(state->hook);
 
        /* We never see fragments: conntrack defrags on pre-routing
         * and local-out, and nf_nat_out protects post-routing.
@@ -295,7 +295,7 @@ nf_nat_ipv4_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
        case IP_CT_RELATED_REPLY:
                if (ip_hdr(skb)->protocol == IPPROTO_ICMP) {
                        if (!nf_nat_icmp_reply_translation(skb, ct, ctinfo,
-                                                          ops->hooknum))
+                                                          state->hook))
                                return NF_DROP;
                        else
                                return NF_ACCEPT;
@@ -312,17 +312,17 @@ nf_nat_ipv4_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
                        if (ret != NF_ACCEPT)
                                return ret;
 
-                       if (nf_nat_initialized(ct, HOOK2MANIP(ops->hooknum)))
+                       if (nf_nat_initialized(ct, HOOK2MANIP(state->hook)))
                                break;
 
-                       ret = nf_nat_alloc_null_binding(ct, ops->hooknum);
+                       ret = nf_nat_alloc_null_binding(ct, state->hook);
                        if (ret != NF_ACCEPT)
                                return ret;
                } else {
                        pr_debug("Already setup manip %s for ct %p\n",
                                 maniptype == NF_NAT_MANIP_SRC ? "SRC" : "DST",
                                 ct);
-                       if (nf_nat_oif_changed(ops->hooknum, ctinfo, nat,
+                       if (nf_nat_oif_changed(state->hook, ctinfo, nat,
                                               state->out))
                                goto oif_changed;
                }
@@ -332,11 +332,11 @@ nf_nat_ipv4_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
                /* ESTABLISHED */
                NF_CT_ASSERT(ctinfo == IP_CT_ESTABLISHED ||
                             ctinfo == IP_CT_ESTABLISHED_REPLY);
-               if (nf_nat_oif_changed(ops->hooknum, ctinfo, nat, state->out))
+               if (nf_nat_oif_changed(state->hook, ctinfo, nat, state->out))
                        goto oif_changed;
        }
 
-       return nf_nat_packet(ct, ctinfo, ops->hooknum, skb);
+       return nf_nat_packet(ct, ctinfo, state->hook, skb);
 
 oif_changed:
        nf_ct_kill_acct(ct, ctinfo, skb);
index 1ef1b79def5689b720c9ea23e1d060182569d57f..339be1d59afcac4418d9a055cf35bd4dd0f1ec26 100644 (file)
@@ -169,7 +169,7 @@ static unsigned int ipv6_conntrack_in(const struct nf_hook_ops *ops,
                                      struct sk_buff *skb,
                                      const struct nf_hook_state *state)
 {
-       return nf_conntrack_in(state->net, PF_INET6, ops->hooknum, skb);
+       return nf_conntrack_in(state->net, PF_INET6, state->hook, skb);
 }
 
 static unsigned int ipv6_conntrack_local(const struct nf_hook_ops *ops,
@@ -181,7 +181,7 @@ static unsigned int ipv6_conntrack_local(const struct nf_hook_ops *ops,
                net_notice_ratelimited("ipv6_conntrack_local: packet too short\n");
                return NF_ACCEPT;
        }
-       return nf_conntrack_in(state->net, PF_INET6, ops->hooknum, skb);
+       return nf_conntrack_in(state->net, PF_INET6, state->hook, skb);
 }
 
 static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = {
index 6b576be3c83e802704d67f789ac8686a63ea64a6..a9c08520596b00dc8242fe26dfc72116125fad11 100644 (file)
@@ -63,7 +63,7 @@ static unsigned int ipv6_defrag(const struct nf_hook_ops *ops,
                return NF_ACCEPT;
 #endif
 
-       reasm = nf_ct_frag6_gather(skb, nf_ct6_defrag_user(ops->hooknum, skb));
+       reasm = nf_ct_frag6_gather(skb, nf_ct6_defrag_user(state->hook, skb));
        /* queued */
        if (reasm == NULL)
                return NF_STOLEN;
@@ -74,7 +74,7 @@ static unsigned int ipv6_defrag(const struct nf_hook_ops *ops,
 
        nf_ct_frag6_consume_orig(reasm);
 
-       NF_HOOK_THRESH(NFPROTO_IPV6, ops->hooknum, state->net, state->sk, reasm,
+       NF_HOOK_THRESH(NFPROTO_IPV6, state->hook, state->net, state->sk, reasm,
                       state->in, state->out,
                       state->okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1);
 
index 70fbaed49edbc5511d9327be5c9c0e003dc12e7d..8bc94907dbd989c3eff9537be1e1a1911954f349 100644 (file)
@@ -272,7 +272,7 @@ nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
        struct nf_conn *ct;
        enum ip_conntrack_info ctinfo;
        struct nf_conn_nat *nat;
-       enum nf_nat_manip_type maniptype = HOOK2MANIP(ops->hooknum);
+       enum nf_nat_manip_type maniptype = HOOK2MANIP(state->hook);
        __be16 frag_off;
        int hdrlen;
        u8 nexthdr;
@@ -303,7 +303,7 @@ nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
 
                if (hdrlen >= 0 && nexthdr == IPPROTO_ICMPV6) {
                        if (!nf_nat_icmpv6_reply_translation(skb, ct, ctinfo,
-                                                            ops->hooknum,
+                                                            state->hook,
                                                             hdrlen))
                                return NF_DROP;
                        else
@@ -321,17 +321,17 @@ nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
                        if (ret != NF_ACCEPT)
                                return ret;
 
-                       if (nf_nat_initialized(ct, HOOK2MANIP(ops->hooknum)))
+                       if (nf_nat_initialized(ct, HOOK2MANIP(state->hook)))
                                break;
 
-                       ret = nf_nat_alloc_null_binding(ct, ops->hooknum);
+                       ret = nf_nat_alloc_null_binding(ct, state->hook);
                        if (ret != NF_ACCEPT)
                                return ret;
                } else {
                        pr_debug("Already setup manip %s for ct %p\n",
                                 maniptype == NF_NAT_MANIP_SRC ? "SRC" : "DST",
                                 ct);
-                       if (nf_nat_oif_changed(ops->hooknum, ctinfo, nat, state->out))
+                       if (nf_nat_oif_changed(state->hook, ctinfo, nat, state->out))
                                goto oif_changed;
                }
                break;
@@ -340,11 +340,11 @@ nf_nat_ipv6_fn(const struct nf_hook_ops *ops, struct sk_buff *skb,
                /* ESTABLISHED */
                NF_CT_ASSERT(ctinfo == IP_CT_ESTABLISHED ||
                             ctinfo == IP_CT_ESTABLISHED_REPLY);
-               if (nf_nat_oif_changed(ops->hooknum, ctinfo, nat, state->out))
+               if (nf_nat_oif_changed(state->hook, ctinfo, nat, state->out))
                        goto oif_changed;
        }
 
-       return nf_nat_packet(ct, ctinfo, ops->hooknum, skb);
+       return nf_nat_packet(ct, ctinfo, state->hook, skb);
 
 oif_changed:
        nf_ct_kill_acct(ct, ctinfo, skb);