diff options
author | Eric Dumazet <dada1@cosmosbay.com> | 2007-12-17 22:45:28 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-28 14:59:11 -0800 |
commit | 7b21e09d1c17ef0296ec5a6df231a6c5c87b2fd7 (patch) | |
tree | 97df5c5e4b8a9cc6a76cc432b39b321542634f44 /net | |
parent | e2f82ac3fcffffca59751b65124544d11ed8be4a (diff) | |
download | linux-7b21e09d1c17ef0296ec5a6df231a6c5c87b2fd7.tar.gz linux-7b21e09d1c17ef0296ec5a6df231a6c5c87b2fd7.tar.bz2 linux-7b21e09d1c17ef0296ec5a6df231a6c5c87b2fd7.zip |
[NETFILTER]: xt_hashlimit: reduce overhead without IPv6
This patch generalizes the (CONFIG_IP6_NF_IPTABLES || CONFIG_IP6_NF_IPTABLES_MODULE)
test done in hashlimit_init_dst() to all the xt_hashlimit module.
This permits a size reduction of "struct dsthash_dst". This saves memory and
cpu for IPV4 only hosts.
Signed-off-by: Eric Dumazet <dada1@cosmosbay.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/xt_hashlimit.c | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index 651c1d26564a..c35d220a7ae2 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c @@ -20,8 +20,11 @@ #include <linux/mm.h> #include <linux/in.h> #include <linux/ip.h> +#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) #include <linux/ipv6.h> #include <net/ipv6.h> +#endif + #include <net/net_namespace.h> #include <linux/netfilter/x_tables.h> @@ -48,10 +51,12 @@ struct dsthash_dst { __be32 src; __be32 dst; } ip; +#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) struct { __be32 src[4]; __be32 dst[4]; } ip6; +#endif } addr; __be16 src_port; __be16 dst_port; @@ -599,6 +604,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = { .destroy = hashlimit_mt_destroy, .me = THIS_MODULE }, +#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) { .name = "hashlimit", .family = AF_INET6, @@ -613,6 +619,7 @@ static struct xt_match hashlimit_mt_reg[] __read_mostly = { .destroy = hashlimit_mt_destroy, .me = THIS_MODULE }, +#endif }; /* PROC stuff */ @@ -675,6 +682,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, int family, ntohs(ent->dst.dst_port), ent->rateinfo.credit, ent->rateinfo.credit_cap, ent->rateinfo.cost); +#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) case AF_INET6: return seq_printf(s, "%ld " NIP6_FMT ":%u->" NIP6_FMT ":%u %u %u %u\n", @@ -685,6 +693,7 @@ static int dl_seq_real_show(struct dsthash_ent *ent, int family, ntohs(ent->dst.dst_port), ent->rateinfo.credit, ent->rateinfo.credit_cap, ent->rateinfo.cost); +#endif default: BUG(); return 0; @@ -756,14 +765,17 @@ static int __init hashlimit_mt_init(void) "entry\n"); goto err3; } + err = 0; +#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) hashlimit_procdir6 = proc_mkdir("ip6t_hashlimit", init_net.proc_net); if (!hashlimit_procdir6) { printk(KERN_ERR "xt_hashlimit: unable to create proc dir " "entry\n"); - goto err4; + err = -ENOMEM; } - return 0; -err4: +#endif + if (!err) + return 0; remove_proc_entry("ipt_hashlimit", init_net.proc_net); err3: kmem_cache_destroy(hashlimit_cachep); @@ -777,7 +789,9 @@ err1: static void __exit hashlimit_mt_exit(void) { remove_proc_entry("ipt_hashlimit", init_net.proc_net); +#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE) remove_proc_entry("ip6t_hashlimit", init_net.proc_net); +#endif kmem_cache_destroy(hashlimit_cachep); xt_unregister_matches(hashlimit_mt_reg, ARRAY_SIZE(hashlimit_mt_reg)); } |