netfilter: don't allocate space for decnet hooks unless needed
authorFlorian Westphal <fw@strlen.de>
Thu, 7 Dec 2017 15:28:25 +0000 (16:28 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 8 Jan 2018 17:01:10 +0000 (18:01 +0100)
no need to define hook points if the family isn't supported.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/linux/netfilter.h
include/net/netns/netfilter.h
net/netfilter/core.c

index 9dcbcdfa3b824fa74f2ebbc9b8de6a1d6c8dda5c..ce4e91df8b5642596c4bfcc4d70ee894855cf68c 100644 (file)
@@ -219,9 +219,11 @@ static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net,
        case NFPROTO_BRIDGE:
                hook_head = rcu_dereference(net->nf.hooks_bridge[hook]);
                break;
+#if IS_ENABLED(CONFIG_DECNET)
        case NFPROTO_DECNET:
                hook_head = rcu_dereference(net->nf.hooks_decnet[hook]);
                break;
+#endif
        default:
                WARN_ON_ONCE(1);
                break;
index 8f756a4b920512f247448e76ee24c2fd715e52a4..432609fd98995e701086d032eb04b2fff113cbfe 100644 (file)
@@ -21,7 +21,9 @@ struct netns_nf {
        struct nf_hook_entries __rcu *hooks_ipv6[NF_INET_NUMHOOKS];
        struct nf_hook_entries __rcu *hooks_arp[NF_ARP_NUMHOOKS];
        struct nf_hook_entries __rcu *hooks_bridge[NF_INET_NUMHOOKS];
+#if IS_ENABLED(CONFIG_DECNET)
        struct nf_hook_entries __rcu *hooks_decnet[NF_DN_NUMHOOKS];
+#endif
 #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV4)
        bool                    defrag_ipv4;
 #endif
index 43643427b560fdea96df7cb89b8f6c42c3181efd..4738d0d0ebacba5ca9f0e865e3732d24ed97051a 100644 (file)
@@ -283,10 +283,12 @@ static struct nf_hook_entries __rcu **nf_hook_entry_head(struct net *net, const
                if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_ipv6) <= reg->hooknum))
                        return NULL;
                return net->nf.hooks_ipv6 + reg->hooknum;
+#if IS_ENABLED(CONFIG_DECNET)
        case NFPROTO_DECNET:
                if (WARN_ON_ONCE(ARRAY_SIZE(net->nf.hooks_decnet) <= reg->hooknum))
                        return NULL;
                return net->nf.hooks_decnet + reg->hooknum;
+#endif
        default:
                WARN_ON_ONCE(1);
                return NULL;
@@ -573,7 +575,9 @@ static int __net_init netfilter_net_init(struct net *net)
        __netfilter_net_init(net->nf.hooks_ipv6, ARRAY_SIZE(net->nf.hooks_ipv6));
        __netfilter_net_init(net->nf.hooks_arp, ARRAY_SIZE(net->nf.hooks_arp));
        __netfilter_net_init(net->nf.hooks_bridge, ARRAY_SIZE(net->nf.hooks_bridge));
+#if IS_ENABLED(CONFIG_DECNET)
        __netfilter_net_init(net->nf.hooks_decnet, ARRAY_SIZE(net->nf.hooks_decnet));
+#endif
 
 #ifdef CONFIG_PROC_FS
        net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter",