From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org
Subject: [PATCH net-next 10/32] netfilter: flowtable: remove ipv4/ipv6 modules
Date: Mon, 10 Jan 2022 00:16:18 +0100 [thread overview]
Message-ID: <20220109231640.104123-11-pablo@netfilter.org> (raw)
In-Reply-To: <20220109231640.104123-1-pablo@netfilter.org>
From: Florian Westphal <fw@strlen.de>
Just place the structs and registration in the inet module.
nf_flow_table_ipv6, nf_flow_table_ipv4 and nf_flow_table_inet share
same module dependencies: nf_flow_table, nf_tables.
before:
text data bss dec hex filename
2278 1480 0 3758 eae nf_flow_table_inet.ko
1159 1352 0 2511 9cf nf_flow_table_ipv6.ko
1154 1352 0 2506 9ca nf_flow_table_ipv4.ko
after:
2369 1672 0 4041 fc9 nf_flow_table_inet.ko
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/ipv4/netfilter/Kconfig | 8 ++----
net/ipv4/netfilter/Makefile | 3 --
net/ipv4/netfilter/nf_flow_table_ipv4.c | 37 ------------------------
net/ipv6/netfilter/Kconfig | 8 ++----
net/ipv6/netfilter/nf_flow_table_ipv6.c | 38 -------------------------
net/netfilter/nf_flow_table_inet.c | 26 +++++++++++++++++
6 files changed, 30 insertions(+), 90 deletions(-)
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 63cb953bd019..67087f95579f 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -59,12 +59,8 @@ config NF_TABLES_ARP
endif # NF_TABLES
config NF_FLOW_TABLE_IPV4
- tristate "Netfilter flow table IPv4 module"
- depends on NF_FLOW_TABLE
- help
- This option adds the flow table IPv4 support.
-
- To compile it as a module, choose M here.
+ tristate
+ select NF_FLOW_TABLE_INET
config NF_DUP_IPV4
tristate "Netfilter IPv4 packet duplication to alternate destination"
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index f38fb1368ddb..93bad1184251 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -24,9 +24,6 @@ obj-$(CONFIG_NFT_REJECT_IPV4) += nft_reject_ipv4.o
obj-$(CONFIG_NFT_FIB_IPV4) += nft_fib_ipv4.o
obj-$(CONFIG_NFT_DUP_IPV4) += nft_dup_ipv4.o
-# flow table support
-obj-$(CONFIG_NF_FLOW_TABLE_IPV4) += nf_flow_table_ipv4.o
-
# generic IP tables
obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o
diff --git a/net/ipv4/netfilter/nf_flow_table_ipv4.c b/net/ipv4/netfilter/nf_flow_table_ipv4.c
index aba65fe90345..e69de29bb2d1 100644
--- a/net/ipv4/netfilter/nf_flow_table_ipv4.c
+++ b/net/ipv4/netfilter/nf_flow_table_ipv4.c
@@ -1,37 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-only
-#include <linux/kernel.h>
-#include <linux/init.h>
-#include <linux/module.h>
-#include <linux/netfilter.h>
-#include <net/netfilter/nf_flow_table.h>
-#include <net/netfilter/nf_tables.h>
-
-static struct nf_flowtable_type flowtable_ipv4 = {
- .family = NFPROTO_IPV4,
- .init = nf_flow_table_init,
- .setup = nf_flow_table_offload_setup,
- .action = nf_flow_rule_route_ipv4,
- .free = nf_flow_table_free,
- .hook = nf_flow_offload_ip_hook,
- .owner = THIS_MODULE,
-};
-
-static int __init nf_flow_ipv4_module_init(void)
-{
- nft_register_flowtable_type(&flowtable_ipv4);
-
- return 0;
-}
-
-static void __exit nf_flow_ipv4_module_exit(void)
-{
- nft_unregister_flowtable_type(&flowtable_ipv4);
-}
-
-module_init(nf_flow_ipv4_module_init);
-module_exit(nf_flow_ipv4_module_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
-MODULE_ALIAS_NF_FLOWTABLE(AF_INET);
-MODULE_DESCRIPTION("Netfilter flow table support");
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index f22233e44ee9..97d3d1b36dbc 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -48,12 +48,8 @@ endif # NF_TABLES_IPV6
endif # NF_TABLES
config NF_FLOW_TABLE_IPV6
- tristate "Netfilter flow table IPv6 module"
- depends on NF_FLOW_TABLE
- help
- This option adds the flow table IPv6 support.
-
- To compile it as a module, choose M here.
+ tristate
+ select NF_FLOW_TABLE_INET
config NF_DUP_IPV6
tristate "Netfilter IPv6 packet duplication to alternate destination"
diff --git a/net/ipv6/netfilter/nf_flow_table_ipv6.c b/net/ipv6/netfilter/nf_flow_table_ipv6.c
index 667b8af2546a..e69de29bb2d1 100644
--- a/net/ipv6/netfilter/nf_flow_table_ipv6.c
+++ b/net/ipv6/netfilter/nf_flow_table_ipv6.c
@@ -1,38 +0,0 @@
-// SPDX-License-Identifier: GPL-2.0-only
-#include <linux/kernel.h>
-#include <linux/init.h>
-#include <linux/module.h>
-#include <linux/netfilter.h>
-#include <linux/rhashtable.h>
-#include <net/netfilter/nf_flow_table.h>
-#include <net/netfilter/nf_tables.h>
-
-static struct nf_flowtable_type flowtable_ipv6 = {
- .family = NFPROTO_IPV6,
- .init = nf_flow_table_init,
- .setup = nf_flow_table_offload_setup,
- .action = nf_flow_rule_route_ipv6,
- .free = nf_flow_table_free,
- .hook = nf_flow_offload_ipv6_hook,
- .owner = THIS_MODULE,
-};
-
-static int __init nf_flow_ipv6_module_init(void)
-{
- nft_register_flowtable_type(&flowtable_ipv6);
-
- return 0;
-}
-
-static void __exit nf_flow_ipv6_module_exit(void)
-{
- nft_unregister_flowtable_type(&flowtable_ipv6);
-}
-
-module_init(nf_flow_ipv6_module_init);
-module_exit(nf_flow_ipv6_module_exit);
-
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
-MODULE_ALIAS_NF_FLOWTABLE(AF_INET6);
-MODULE_DESCRIPTION("Netfilter flow table IPv6 module");
diff --git a/net/netfilter/nf_flow_table_inet.c b/net/netfilter/nf_flow_table_inet.c
index bc4126d8ef65..5c57ade6bd05 100644
--- a/net/netfilter/nf_flow_table_inet.c
+++ b/net/netfilter/nf_flow_table_inet.c
@@ -54,8 +54,30 @@ static struct nf_flowtable_type flowtable_inet = {
.owner = THIS_MODULE,
};
+static struct nf_flowtable_type flowtable_ipv4 = {
+ .family = NFPROTO_IPV4,
+ .init = nf_flow_table_init,
+ .setup = nf_flow_table_offload_setup,
+ .action = nf_flow_rule_route_ipv4,
+ .free = nf_flow_table_free,
+ .hook = nf_flow_offload_ip_hook,
+ .owner = THIS_MODULE,
+};
+
+static struct nf_flowtable_type flowtable_ipv6 = {
+ .family = NFPROTO_IPV6,
+ .init = nf_flow_table_init,
+ .setup = nf_flow_table_offload_setup,
+ .action = nf_flow_rule_route_ipv6,
+ .free = nf_flow_table_free,
+ .hook = nf_flow_offload_ipv6_hook,
+ .owner = THIS_MODULE,
+};
+
static int __init nf_flow_inet_module_init(void)
{
+ nft_register_flowtable_type(&flowtable_ipv4);
+ nft_register_flowtable_type(&flowtable_ipv6);
nft_register_flowtable_type(&flowtable_inet);
return 0;
@@ -64,6 +86,8 @@ static int __init nf_flow_inet_module_init(void)
static void __exit nf_flow_inet_module_exit(void)
{
nft_unregister_flowtable_type(&flowtable_inet);
+ nft_unregister_flowtable_type(&flowtable_ipv6);
+ nft_unregister_flowtable_type(&flowtable_ipv4);
}
module_init(nf_flow_inet_module_init);
@@ -71,5 +95,7 @@ module_exit(nf_flow_inet_module_exit);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Pablo Neira Ayuso <pablo@netfilter.org>");
+MODULE_ALIAS_NF_FLOWTABLE(AF_INET);
+MODULE_ALIAS_NF_FLOWTABLE(AF_INET6);
MODULE_ALIAS_NF_FLOWTABLE(1); /* NFPROTO_INET */
MODULE_DESCRIPTION("Netfilter flow table mixed IPv4/IPv6 module");
--
2.30.2
next prev parent reply other threads:[~2022-01-09 23:17 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-09 23:16 [PATCH net-next 00/32] Netfilter updates for net-next Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 01/32] netfilter: nfnetlink: add netns refcount tracker to struct nfulnl_instance Pablo Neira Ayuso
2022-01-10 0:30 ` patchwork-bot+netdevbpf
2022-01-09 23:16 ` [PATCH net-next 02/32] netfilter: nf_nat_masquerade: add netns refcount tracker to masq_dev_work Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 03/32] netfilter: nf_tables: remove rcu read-size lock Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 04/32] netfilter: nft_payload: WARN_ON_ONCE instead of BUG Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 05/32] netfilter: nf_tables: consolidate rule verdict trace call Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 06/32] netfilter: nf_tables: replace WARN_ON by WARN_ON_ONCE for unknown verdicts Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 07/32] netfilter: nf_tables: make counter support built-in Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 08/32] netfilter: conntrack: tag conntracks picked up in local out hook Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 09/32] netfilter: nat: force port remap to prevent shadowing well-known ports Pablo Neira Ayuso
2022-01-09 23:16 ` Pablo Neira Ayuso [this message]
2022-01-11 9:01 ` [PATCH net-next 10/32] netfilter: flowtable: remove ipv4/ipv6 modules Geert Uytterhoeven
2022-01-09 23:16 ` [PATCH net-next 11/32] netfilter: nft_set_pipapo_avx2: remove redundant pointer lt Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 12/32] netfilter: conntrack: Use max() instead of doing it manually Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 13/32] netfilter: conntrack: convert to refcount_t api Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 14/32] netfilter: core: move ip_ct_attach indirection to struct nf_ct_hook Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 15/32] netfilter: make function op structures const Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 16/32] netfilter: conntrack: avoid useless indirection during conntrack destruction Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 17/32] net: prefer nf_ct_put instead of nf_conntrack_put Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 18/32] netfilter: egress: avoid a lockdep splat Pablo Neira Ayuso
2022-02-28 2:13 ` Eric Dumazet
2022-02-28 2:32 ` Florian Westphal
2022-01-09 23:16 ` [PATCH net-next 19/32] netfilter: nft_connlimit: move stateful fields out of expression data Pablo Neira Ayuso
2022-01-10 18:20 ` Julian Wiedmann
2022-01-10 19:25 ` Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 20/32] netfilter: nft_last: " Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 21/32] netfilter: nft_quota: " Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 22/32] netfilter: nft_numgen: " Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 23/32] netfilter: nft_limit: rename stateful structure Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 24/32] netfilter: nft_limit: move stateful fields out of expression data Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 25/32] netfilter: nf_tables: add rule blob layout Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 26/32] netfilter: nf_tables: add NFT_REG32_NUM Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 27/32] netfilter: nf_tables: add register tracking infrastructure Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 28/32] netfilter: nft_payload: track register operations Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 29/32] netfilter: nft_meta: " Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 30/32] netfilter: nft_bitwise: " Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 31/32] netfilter: nft_payload: cancel register tracking after payload update Pablo Neira Ayuso
2022-01-09 23:16 ` [PATCH net-next 32/32] netfilter: nft_meta: cancel register tracking after meta update Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220109231640.104123-11-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.