Message ID | 1437329861-11758-1-git-send-email-minipli@googlemail.com |
---|---|
State | Awaiting Upstream, archived |
Delegated to: | David Miller |
Headers | show |
From: Mathias Krause <minipli@googlemail.com> Date: Sun, 19 Jul 2015 20:17:41 +0200 > The sk_classid member is only required when CONFIG_CGROUP_NET_CLASSID is > enabled. #ifdefify it to reduce the size of struct sock on 32 bit > systems, at least. > > Signed-off-by: Mathias Krause <minipli@googlemail.com> Are you sure NFT_META_CGROUP cannot enter nft_meta_get_eval()? If so it'll WARN_ON(). I really don't like changes like this. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On 19 July 2015 at 20:42, David Miller <davem@davemloft.net> wrote: > From: Mathias Krause <minipli@googlemail.com> > Date: Sun, 19 Jul 2015 20:17:41 +0200 > >> The sk_classid member is only required when CONFIG_CGROUP_NET_CLASSID is >> enabled. #ifdefify it to reduce the size of struct sock on 32 bit >> systems, at least. >> >> Signed-off-by: Mathias Krause <minipli@googlemail.com> > > Are you sure NFT_META_CGROUP cannot enter nft_meta_get_eval()? If so it'll > WARN_ON(). I just tried to bring the code in line as it already is for NFT_META_RTCLASSID and NFT_META_SECMARK. But, obviously, I messed it up by missing the nft_meta_get_init() function. Sorry for that! The init function gets called prior to the eval function (see nft_expr_init() and nf_tables_newrule()). If it returns an error, the latter won't be called. So the fix is, to add the #ifdef to nft_meta_get_init() as well. Another direct caller of nft_meta_get_eval() is nft_meta_bridge_get_eval(). However, it also complies to the init / eval rule by calling nft_meta_get_init() in its init function, so will error out in the case, too. I'll send a v2 soon. Thanks for the review! > I really don't like changes like this. Sorry. I should have taken more attention. Thanks, Mathias -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/include/net/sock.h b/include/net/sock.h index 05a8c1aea251..4353ef70bf48 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -429,7 +429,9 @@ struct sock { void *sk_security; #endif __u32 sk_mark; +#ifdef CONFIG_CGROUP_NET_CLASSID u32 sk_classid; +#endif struct cg_proto *sk_cgrp; void (*sk_state_change)(struct sock *sk); void (*sk_data_ready)(struct sock *sk); diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index 52561e1c31e2..005b374d1967 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -166,11 +166,13 @@ void nft_meta_get_eval(const struct nft_expr *expr, goto err; *dest = out->group; break; +#ifdef CONFIG_CGROUP_NET_CLASSID case NFT_META_CGROUP: if (skb->sk == NULL || !sk_fullsock(skb->sk)) goto err; *dest = skb->sk->sk_classid; break; +#endif default: WARN_ON(1); goto err;
The sk_classid member is only required when CONFIG_CGROUP_NET_CLASSID is enabled. #ifdefify it to reduce the size of struct sock on 32 bit systems, at least. Signed-off-by: Mathias Krause <minipli@googlemail.com> --- include/net/sock.h | 2 ++ net/netfilter/nft_meta.c | 2 ++ 2 files changed, 4 insertions(+)