From 46df417544f4f7fa3438caada0dc0e534a694343 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Fri, 14 Apr 2023 15:01:34 +0200 Subject: netfilter: nf_tables: do not store rule in traceinfo structure pass it as argument instead. This reduces size of traceinfo to 16 bytes. Total stack usage: nf_tables_core.c:252 nft_do_chain 304 static While its possible to also pass basechain as argument, doing so increases nft_do_chaininfo function size. Unlike pktinfo/verdict/rule the basechain info isn't used in the expression evaluation path. gcc places it on the stack, which results in extra push/pop when it gets passed to the trace helpers as argument rather than as part of the traceinfo structure. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/nf_tables.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'include/net') diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 693469ecfa54..58a4d217faaf 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -1409,7 +1409,6 @@ void nft_unregister_flowtable_type(struct nf_flowtable_type *type); * @skbid: hash of skb to be used as trace id * @packet_dumped: packet headers sent in a previous traceinfo message * @basechain: base chain currently processed - * @rule: rule that was evaluated */ struct nft_traceinfo { bool trace; @@ -1418,7 +1417,6 @@ struct nft_traceinfo { enum nft_trace_types type:8; u32 skbid; const struct nft_base_chain *basechain; - const struct nft_rule_dp *rule; }; void nft_trace_init(struct nft_traceinfo *info, const struct nft_pktinfo *pkt, @@ -1426,6 +1424,7 @@ void nft_trace_init(struct nft_traceinfo *info, const struct nft_pktinfo *pkt, void nft_trace_notify(const struct nft_pktinfo *pkt, const struct nft_verdict *verdict, + const struct nft_rule_dp *rule, struct nft_traceinfo *info); #define MODULE_ALIAS_NFT_CHAIN(family, name) \ -- cgit v1.2.3