From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nf-next 1/2] netfilter: nf_tables: add chain to pktinfo structure
Date: Mon, 28 Nov 2016 12:27:21 +0100 [thread overview]
Message-ID: <20161128112721.GC1024@salvia> (raw)
In-Reply-To: <20161128103224.GA28510@breakpoint.cc>
On Mon, Nov 28, 2016 at 11:32:24AM +0100, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > On Mon, Nov 28, 2016 at 01:56:49AM +0100, Florian Westphal wrote:
> > > Pablo Neira Ayuso <pablo@netfilter.org> wrote:
> > > > This patch adds the chain object to the pktinfo structure. This
> > > > potentially allow us to know what basechain this packet is walking over
> > > > from the expression evaluation path.
> > >
> > > ... for what? Why...?
> >
> > Quota depletion event notification needs to know from what table
> > delivery is happening, so this one actually belongs to the stateful
> > object patchset..
>
> Which patch uses this?
>
> I see nft_chain() call in patch 8, but it doesn't need the chain object
> but uses it to fetch the table pointer.
That's the only client for this new thing so far.
> However, table is available at init() time so this could also be stored
> in ->priv area afaics.
>
> [ I am not opposed to this chain store thing, but after getting rid of
> a lot of members from pktinfo it seems to me we should not add
> new ones without a compelling reason ]
OK, nft_pktinfo is still on the 64 bytes cacheline bound. pahole
reports a couple of holes there. Actually we can provide avoid those
holes by reordering. better not to increase pressure there only for
this.
I'll follow a different path: I can store the table pointer in struct
nft_object. Actually, this would be better since I can pass struct
nft_object to obj->type->foo() functions instead of the ugly void * I
have now, then fetch the object data area via something like
nft_data_priv(obj).
Thanks.
prev parent reply other threads:[~2016-11-28 11:27 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-28 0:00 [PATCH nf-next 1/2] netfilter: nf_tables: add chain to pktinfo structure Pablo Neira Ayuso
2016-11-28 0:00 ` [PATCH nf-next 2/2] netfilter: nf_tables: add numeric expression type definitions Pablo Neira Ayuso
2016-11-28 0:56 ` [PATCH nf-next 1/2] netfilter: nf_tables: add chain to pktinfo structure Florian Westphal
2016-11-28 8:44 ` Pablo Neira Ayuso
2016-11-28 10:32 ` Florian Westphal
2016-11-28 11:27 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161128112721.GC1024@salvia \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.