diff options
author | Eric Dumazet <edumazet@google.com> | 2015-06-15 09:57:30 -0700 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-06-15 20:19:20 +0200 |
commit | 711bdde6a884354ddae8da2fcb495b2a9364cc90 (patch) | |
tree | 3d1053945cd05a3fdcc45fa74c73b226dcf80bb3 /net/ipv6 | |
parent | 53b8762727cfc81212fd7073618cb2609bd2fd60 (diff) | |
download | op-kernel-dev-711bdde6a884354ddae8da2fcb495b2a9364cc90.zip op-kernel-dev-711bdde6a884354ddae8da2fcb495b2a9364cc90.tar.gz |
netfilter: x_tables: remove XT_TABLE_INFO_SZ and a dereference.
After Florian patches, there is no need for XT_TABLE_INFO_SZ anymore :
Only one copy of table is kept, instead of one copy per cpu.
We also can avoid a dereference if we put table data right after
xt_table_info. It reduces register pressure and helps compiler.
Then, we attempt a kmalloc() if total size is under order-3 allocation,
to reduce TLB pressure, as in many cases, rules fit in 32 KB.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 80a7f0d..3c35ced 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -951,7 +951,7 @@ copy_entries_to_user(unsigned int total_size, struct xt_counters *counters; const struct xt_table_info *private = table->private; int ret = 0; - void *loc_cpu_entry; + const void *loc_cpu_entry; counters = alloc_counters(table); if (IS_ERR(counters)) @@ -1065,7 +1065,7 @@ static int compat_table_info(const struct xt_table_info *info, struct xt_table_info *newinfo) { struct ip6t_entry *iter; - void *loc_cpu_entry; + const void *loc_cpu_entry; int ret; if (!newinfo || !info) |