netfilter: xtables: compute exact size needed for jumpstack

The {arp,ip,ip6tables} jump stack is currently sized based on the number of user chains. However, its rather unlikely that every user defined chain jumps to the next, so lets use the existing loop detection logic to also track the chain depths. The stacksize is then set to the largest chain depth seen. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2015-07-14 17:51:06 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-07-15 18:18:04 +0200
commit: 98d1bd802cdbc8f56868fae51edec13e86b59515 (patch)
tree: 6f16cde1d04c7f4b7f91303a886c714fe90a0de1 /net/netfilter
parent: fd2ecda0341960d0ce361d648cf4dd98187afb06 (diff)
download: op-kernel-dev-98d1bd802cdbc8f56868fae51edec13e86b59515.zip
op-kernel-dev-98d1bd802cdbc8f56868fae51edec13e86b59515.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index d324fe7..4db7d60 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -749,6 +749,10 @@ static int xt_jumpstack_alloc(struct xt_table_info *i)
 	if (i->jumpstack == NULL)
 		return -ENOMEM;
 
+	/* ruleset without jumps -- no stack needed */
+	if (i->stacksize == 0)
+		return 0;
+
 	i->stacksize *= xt_jumpstack_multiplier;
 	size = sizeof(void *) * i->stacksize;
 	for_each_possible_cpu(cpu) {
author	Florian Westphal <fw@strlen.de>	2015-07-14 17:51:06 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-07-15 18:18:04 +0200
commit	98d1bd802cdbc8f56868fae51edec13e86b59515 (patch)
tree	6f16cde1d04c7f4b7f91303a886c714fe90a0de1 /net/netfilter
parent	fd2ecda0341960d0ce361d648cf4dd98187afb06 (diff)
download	op-kernel-dev-98d1bd802cdbc8f56868fae51edec13e86b59515.zip op-kernel-dev-98d1bd802cdbc8f56868fae51edec13e86b59515.tar.gz