iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: x_tables: reduce xt_action_param by 8 byte

Browse Source 
The fragment offset in ipv4/ipv6 is a 16bit field, so use
u16 instead of unsigned int.

On 64bit: 40 bytes to 32 bytes. By extension this also reduces
nft_pktinfo (56 to 48 byte).

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal
2021-05-28 12:30:03 +02:00
committed by Pablo Neira Ayuso
parent e0241ae6ac
commit 586d5a8bce
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/linux/netfilter/x_tables.h
View File

@@ -36,8 +36,8 @@ struct xt_action_param {
const void *matchinfo, *targinfo; const void *matchinfo, *targinfo;
}; };
const struct nf_hook_state *state; const struct nf_hook_state *state;
int fragoff;
unsigned int thoff; unsigned int thoff;
u16 fragoff;
bool hotdrop; bool hotdrop;
}; };

2
net/ipv6/netfilter/ip6_tables.c
View File

@@ -51,7 +51,7 @@ ip6_packet_match(const struct sk_buff *skb,
const char *outdev, const char *outdev,
const struct ip6t_ip6 *ip6info, const struct ip6t_ip6 *ip6info,
unsigned int *protoff, unsigned int *protoff,
int *fragoff, bool *hotdrop) u16 *fragoff, bool *hotdrop)
{ {
unsigned long ret; unsigned long ret;
const struct ipv6hdr *ipv6 = ipv6_hdr(skb); const struct ipv6hdr *ipv6 = ipv6_hdr(skb);