From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nf-next 0/7] nf_tables: remove struct nft_af_info
Date: Tue, 9 Jan 2018 19:07:50 +0100 [thread overview]
Message-ID: <20180109180757.6104-1-pablo@netfilter.org> (raw)
This is a follow up after the RFC patchset posted in late December [1].
This patch gets rid of quite a bit of complexity by removing the family
layer and it saves us 64 bytes per netns. Families are basically
defining the default filter chain hooks, that can be placed in the
filter chain definition instead. Then, there is already a hook
validation field that is redundant these days and some fields that are
very much specific of NFPROTO_NETDEV that we can also remove.
Result is less code to maintain (~500 LOC), and hence more simple
infrastructure.
No functional changes after this patchset.
[1] https://marc.info/?l=netfilter-devel&m=151467563814063&w=2
Pablo Neira Ayuso (7):
netfilter: nf_tables: remove nhooks field from struct nft_af_info
netfilter: nf_tables: remove flag field from struct nft_af_info
netfilter: nf_tables: no need for struct nft_af_info to enable/disable table
netfilter: nf_tables: remove struct nft_af_info parameter in nf_tables_chain_type_lookup()
netfilter: nf_tables: add single table list for all families
netfilter: nf_tables: get rid of pernet families
netfilter: nf_tables: get rid of struct nft_af_info abstraction
include/net/netfilter/nf_tables.h | 37 +-
include/net/netns/nftables.h | 8 +-
net/bridge/netfilter/nf_tables_bridge.c | 54 +--
net/ipv4/netfilter/nf_tables_arp.c | 49 +-
net/ipv4/netfilter/nf_tables_ipv4.c | 49 +-
net/ipv6/netfilter/nf_tables_ipv6.c | 49 +-
net/netfilter/nf_tables_api.c | 787 ++++++++++++--------------------
net/netfilter/nf_tables_inet.c | 49 +-
net/netfilter/nf_tables_netdev.c | 70 +--
net/netfilter/nft_compat.c | 16 +-
net/netfilter/nft_ct.c | 16 +-
net/netfilter/nft_flow_offload.c | 4 +-
net/netfilter/nft_log.c | 4 +-
net/netfilter/nft_masq.c | 2 +-
net/netfilter/nft_meta.c | 4 +-
net/netfilter/nft_nat.c | 2 +-
net/netfilter/nft_redir.c | 2 +-
17 files changed, 348 insertions(+), 854 deletions(-)
--
2.11.0
next reply other threads:[~2018-01-09 18:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-09 18:07 Pablo Neira Ayuso [this message]
2018-01-09 18:07 ` [PATCH nf-next 1/7] netfilter: nf_tables: remove nhooks field from struct nft_af_info Pablo Neira Ayuso
2018-01-09 18:07 ` [PATCH nf-next 2/7] netfilter: nf_tables: remove flag " Pablo Neira Ayuso
2018-01-09 18:07 ` [PATCH nf-next 3/7] netfilter: nf_tables: no need for struct nft_af_info to enable/disable table Pablo Neira Ayuso
2018-01-09 18:07 ` [PATCH nf-next 4/7] netfilter: nf_tables: remove struct nft_af_info parameter in nf_tables_chain_type_lookup() Pablo Neira Ayuso
2018-01-09 18:07 ` [PATCH nf-next 5/7] netfilter: nf_tables: add single table list for all families Pablo Neira Ayuso
2018-01-09 18:07 ` [PATCH nf-next 6/7] netfilter: nf_tables: get rid of pernet families Pablo Neira Ayuso
2018-01-09 18:07 ` [PATCH nf-next 7/7] netfilter: nf_tables: get rid of struct nft_af_info abstraction Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180109180757.6104-1-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).