From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 6/6] netfilter: xtables: generate initial table on-demand
Date: Mon, 24 Aug 2009 15:12:44 +0200 [thread overview]
Message-ID: <4A9291CC.3000606@trash.net> (raw)
In-Reply-To: <1249931992-18761-7-git-send-email-jengelh@medozas.de>
Jan Engelhardt wrote:
> The static initial tables are pretty large, and after the net
> namespace has been instantiated, they just hang around for nothing.
> This commit removes them and creates tables on-demand at runtime when
> needed.
>
> Some numbers:
> text data bss dec hex filename
> -4043674 563169 512000 5118843 4e1b7b ./vmlinux[x86_64](before)
> +4045071 550177 512000 5107248 4dee30 ./vmlinux[x86_64](after)
> = +1397 -12992
> === -11595
They are actually freed when no network namespaces are used.
But I agree that this makes sense since distributors are going
to enable them.
> +/*
> + * Today's hack: quantum tunneling in structs
> + *
> + * 'entries' and 'term' are never anywhere referenced by word in code. In fact,
> + * they serve as the hanging-off data accessed through repl.data[]!
> + */
> +#define xt_repldata_mk(type, typ2) \
> + struct { \
> + struct type##_replace repl; \
> + struct type##_standard entries[nhooks]; \
> + struct type##_error term; \
> + } *tbl = kzalloc(sizeof(*tbl), GFP_KERNEL); \
> + if (tbl == NULL) \
> + return NULL; \
> + strncpy(tbl->repl.name, info->name, sizeof(tbl->repl.name)); \
> + tbl->term = (struct type##_error)typ2##_ERROR_INIT; \
> + tbl->repl.valid_hooks = hook_mask; \
> + tbl->repl.num_entries = nhooks + 1; \
> + tbl->repl.size = nhooks * sizeof(struct type##_standard) + \
> + sizeof(struct type##_error); \
> + for (; hook_mask != 0; hook_mask >>= 1, ++hooknum) { \
> + if (!(hook_mask & 1)) \
> + continue; \
> + tbl->repl.hook_entry[hooknum] = bytes; \
> + tbl->repl.underflow[hooknum] = bytes; \
> + tbl->entries[i++] = (struct type##_standard) \
> + typ2##_STANDARD_INIT(NF_ACCEPT); \
> + bytes += sizeof(struct type##_standard); \
> + }
> +
> +void *xt_repldata_create(const struct xt_table *info)
> +{
> + unsigned int hook_mask = info->valid_hooks;
> + unsigned int nhooks = xt_hookmask_bitcount(hook_mask);
> + unsigned int bytes = 0, hooknum = 0, i = 0;
> +
> + if (info->af == NFPROTO_IPV6) {
> + xt_repldata_mk(ip6t, IP6T);
> + return tbl;
Would look slightly nicer if the above macro would "return"
the table, then you could simply do "return xt_repldata_mk(..);"
without using variables declared within the macro.
> + } else if (info->af == NFPROTO_IPV4) {
> + xt_repldata_mk(ipt, IPT);
> + return tbl;
> + } else if (info->af == NFPROTO_ARP) {
> + xt_repldata_mk(arpt, ARPT);
> + return tbl;
> + }
> + return NULL;
> +}
> +EXPORT_SYMBOL_GPL(xt_repldata_create);
How about adding this beauty to the respective address-family
specific files (ip_tables.c etc)? That would avoid some of the
bloat of the new function (apparently almost 1300bytes) when
only some of those modules are used.
I also would prefer a nicer name, something like
xt_alloc_initial_table().
next prev parent reply other threads:[~2009-08-24 13:12 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-10 19:19 Pull request for Stomping Static Data Jan Engelhardt
2009-08-10 19:19 ` [PATCH 1/6] netfilter: xtables: consolidate table hook functions Jan Engelhardt
2009-08-10 20:12 ` Jan Engelhardt
2009-08-24 12:53 ` Patrick McHardy
2009-08-25 15:50 ` Jan Engelhardt
2009-08-26 12:53 ` Patrick McHardy
2009-08-10 19:19 ` [PATCH 2/6] netfilter: xtables: compact " Jan Engelhardt
2009-08-10 19:19 ` [PATCH 3/6] netfilter: xtables: generate nf_hook_ops on-demand Jan Engelhardt
2009-08-10 19:19 ` [PATCH 4/6] netfilter: xtables: mark initial tables constant Jan Engelhardt
2009-08-24 12:57 ` Patrick McHardy
2009-08-10 19:19 ` [PATCH 5/6] netfilter: xtables: use xt_table for hook instantiation Jan Engelhardt
2009-08-10 19:19 ` [PATCH 6/6] netfilter: xtables: generate initial table on-demand Jan Engelhardt
2009-08-24 13:12 ` Patrick McHardy [this message]
2009-08-16 10:19 ` Pull request for Stomping Static Data Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A9291CC.3000606@trash.net \
--to=kaber@trash.net \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).