From patchwork Mon Nov 16 04:17:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Wang Shanker X-Patchwork-Id: 1400641 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org (client-ip=23.128.96.18; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=E3jvs/ue; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by ozlabs.org (Postfix) with ESMTP id 4CZG595zrjz9sRR for ; Mon, 16 Nov 2020 15:17:49 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726532AbgKPER3 (ORCPT ); Sun, 15 Nov 2020 23:17:29 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34892 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726198AbgKPER2 (ORCPT ); Sun, 15 Nov 2020 23:17:28 -0500 Received: from mail-pf1-x443.google.com (mail-pf1-x443.google.com [IPv6:2607:f8b0:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2CDBC0613CF for ; Sun, 15 Nov 2020 20:17:28 -0800 (PST) Received: by mail-pf1-x443.google.com with SMTP id c20so12893325pfr.8 for ; Sun, 15 Nov 2020 20:17:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=c+YgiFuqUqxZjjhybldaEzc4ruOux+6tvGR785TpMKs=; b=E3jvs/ueRLR+X5t8/2BaDY4RIFR5dYqCUqZcgkCw5syGmm3kBidu4ZFtE0EDxVQEpF nZWXgZQW8eItUQeHKGVdGsyXyQ73/ngbPMRXSNldEEtgARAMGtZxerX8EDJP/PrU8ed6 VuO1xg9iVNAYmyCXqKoFZbeIaacLB+vDNsRoNhpjAx29zq1ns6VxJrGZdYAjuw/I9ZtU MyiYVG6Tuwi39iUWu2lh5cHFLp2z3bGV+RUkUSq/Rep/59U39ViFKi9qt5wpx4uONzS7 r8q0LyySrxwl6sCBIbF9m1Ab+SR5X/tKNRU+Id7VAw7AARQMOCBXBTT+kxeHOJHFgaDL Xt+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=c+YgiFuqUqxZjjhybldaEzc4ruOux+6tvGR785TpMKs=; b=uPcb9T0zlhy6zjZjkul9HTJ/+fYdiCJ7iSvbllK0oZ+InUul9rY2Kmhdm+XJZgKBIA ixzYDE/xq1aODW0u1Ci4Pk6A+rGgC9VMgYPgu5h0thZNo+wxf3XHDmIF9C1HzAT9eohG G8l3htWJ4+R7qiVD45LgSd7TJHDO80uK64MKReznm73dS3dIO+Cq5NeG0X7vzb8AHPL+ XJUTLYnDCIjP6+w3IIaplf3Oi4EWefGMZEeWUCeHg4MBcR9suc9osDC7j5V+a5bXbEgD Q1yjLFj9yow6OutRn8GoA9eEMWOL8/p9pUSvyne/15urE5rzXBll9OhLwOdGOtEXUqgH uQuA== X-Gm-Message-State: AOAM532jRXGZ+d1V0Wdm2+FRg3lvEhGRC9fmrd33dFoR8oTMZE0h1RDs mh80NysI+x7AVYzLpciLiXXayFZrPudu1w== X-Google-Smtp-Source: ABdhPJwRLwO5JkJrXeFuY2kW02NXbg5U9V5dN+QddQoyX59giFnx7sNppP1edtmJwppVIUyL+Fa6BA== X-Received: by 2002:a17:90a:7c03:: with SMTP id v3mr14122204pjf.28.1605500248006; Sun, 15 Nov 2020 20:17:28 -0800 (PST) Received: from [10.7.3.1] ([133.130.111.179]) by smtp.gmail.com with ESMTPSA id r2sm16155880pji.55.2020.11.15.20.17.24 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 15 Nov 2020 20:17:27 -0800 (PST) Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\)) Subject: [PATCH v2] netfilter: nfnl_acct: remove data from struct net From: Wang Shanker In-Reply-To: <20201115110432.GA23896@salvia> Date: Mon, 16 Nov 2020 12:17:24 +0800 Cc: netfilter-devel@vger.kernel.org, Jozsef Kadlecsik , Florian Westphal Message-Id: References: <2D679487-4F6A-405E-AC4E-B47539F1969A@gmail.com> <20201115110432.GA23896@salvia> To: Pablo Neira Ayuso X-Mailer: Apple Mail (2.3608.120.23.2.4) Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org This patch removes nfnl_acct_list from struct net, making it possible to compile nfacct module out of tree and reducing the default memory footprint for the netns structure. Signed-off-by: Miao Wang --- include/net/net_namespace.h | 3 --- net/netfilter/nfnetlink_acct.c | 38 ++++++++++++++++++++++++++-------- 2 files changed, 29 insertions(+), 12 deletions(-) diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index 22bc07f4b043..dc20a47e3828 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h @@ -151,9 +151,6 @@ struct net { #endif struct sock *nfnl; struct sock *nfnl_stash; -#if IS_ENABLED(CONFIG_NETFILTER_NETLINK_ACCT) - struct list_head nfnl_acct_list; -#endif #if IS_ENABLED(CONFIG_NF_CT_NETLINK_TIMEOUT) struct list_head nfct_timeout_list; #endif diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c index 5bfec829c12f..dbc2fc8940c8 100644 --- a/net/netfilter/nfnetlink_acct.c +++ b/net/netfilter/nfnetlink_acct.c @@ -16,6 +16,7 @@ #include #include #include +#include #include #include @@ -41,6 +42,17 @@ struct nfacct_filter { u32 mask; }; +struct nfnl_acct_net { + struct list_head nfnl_acct_list; +}; + +static unsigned int nfnl_acct_net_id __read_mostly; + +static inline struct nfnl_acct_net *nfnl_acct_pernet(struct net *net) +{ + return net_generic(net, nfnl_acct_net_id); +} + #define NFACCT_F_QUOTA (NFACCT_F_QUOTA_PKTS | NFACCT_F_QUOTA_BYTES) #define NFACCT_OVERQUOTA_BIT 2 /* NFACCT_F_OVERQUOTA */ @@ -49,6 +61,7 @@ static int nfnl_acct_new(struct net *net, struct sock *nfnl, const struct nlattr * const tb[], struct netlink_ext_ack *extack) { + struct nfnl_acct_net *nfnl_acct_net = nfnl_acct_pernet(net); struct nf_acct *nfacct, *matching = NULL; char *acct_name; unsigned int size = 0; @@ -61,7 +74,7 @@ static int nfnl_acct_new(struct net *net, struct sock *nfnl, if (strlen(acct_name) == 0) return -EINVAL; - list_for_each_entry(nfacct, &net->nfnl_acct_list, head) { + list_for_each_entry(nfacct, &nfnl_acct_net->nfnl_acct_list, head) { if (strncmp(nfacct->name, acct_name, NFACCT_NAME_MAX) != 0) continue; @@ -123,7 +136,7 @@ static int nfnl_acct_new(struct net *net, struct sock *nfnl, be64_to_cpu(nla_get_be64(tb[NFACCT_PKTS]))); } refcount_set(&nfacct->refcnt, 1); - list_add_tail_rcu(&nfacct->head, &net->nfnl_acct_list); + list_add_tail_rcu(&nfacct->head, &nfnl_acct_net->nfnl_acct_list); return 0; } @@ -188,6 +201,7 @@ static int nfnl_acct_dump(struct sk_buff *skb, struct netlink_callback *cb) { struct net *net = sock_net(skb->sk); + struct nfnl_acct_net *nfnl_acct_net = nfnl_acct_pernet(net); struct nf_acct *cur, *last; const struct nfacct_filter *filter = cb->data; @@ -199,7 +213,7 @@ nfnl_acct_dump(struct sk_buff *skb, struct netlink_callback *cb) cb->args[1] = 0; rcu_read_lock(); - list_for_each_entry_rcu(cur, &net->nfnl_acct_list, head) { + list_for_each_entry_rcu(cur, &nfnl_acct_net->nfnl_acct_list, head) { if (last) { if (cur != last) continue; @@ -269,6 +283,7 @@ static int nfnl_acct_get(struct net *net, struct sock *nfnl, const struct nlattr * const tb[], struct netlink_ext_ack *extack) { + struct nfnl_acct_net *nfnl_acct_net = nfnl_acct_pernet(net); int ret = -ENOENT; struct nf_acct *cur; char *acct_name; @@ -288,7 +303,7 @@ static int nfnl_acct_get(struct net *net, struct sock *nfnl, return -EINVAL; acct_name = nla_data(tb[NFACCT_NAME]); - list_for_each_entry(cur, &net->nfnl_acct_list, head) { + list_for_each_entry(cur, &nfnl_acct_net->nfnl_acct_list, head) { struct sk_buff *skb2; if (strncmp(cur->name, acct_name, NFACCT_NAME_MAX)!= 0) @@ -342,19 +357,20 @@ static int nfnl_acct_del(struct net *net, struct sock *nfnl, const struct nlattr * const tb[], struct netlink_ext_ack *extack) { + struct nfnl_acct_net *nfnl_acct_net = nfnl_acct_pernet(net); struct nf_acct *cur, *tmp; int ret = -ENOENT; char *acct_name; if (!tb[NFACCT_NAME]) { - list_for_each_entry_safe(cur, tmp, &net->nfnl_acct_list, head) + list_for_each_entry_safe(cur, tmp, &nfnl_acct_net->nfnl_acct_list, head) nfnl_acct_try_del(cur); return 0; } acct_name = nla_data(tb[NFACCT_NAME]); - list_for_each_entry(cur, &net->nfnl_acct_list, head) { + list_for_each_entry(cur, &nfnl_acct_net->nfnl_acct_list, head) { if (strncmp(cur->name, acct_name, NFACCT_NAME_MAX) != 0) continue; @@ -402,10 +418,11 @@ MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_ACCT); struct nf_acct *nfnl_acct_find_get(struct net *net, const char *acct_name) { + struct nfnl_acct_net *nfnl_acct_net = nfnl_acct_pernet(net); struct nf_acct *cur, *acct = NULL; rcu_read_lock(); - list_for_each_entry_rcu(cur, &net->nfnl_acct_list, head) { + list_for_each_entry_rcu(cur, &nfnl_acct_net->nfnl_acct_list, head) { if (strncmp(cur->name, acct_name, NFACCT_NAME_MAX)!= 0) continue; @@ -488,16 +505,17 @@ EXPORT_SYMBOL_GPL(nfnl_acct_overquota); static int __net_init nfnl_acct_net_init(struct net *net) { - INIT_LIST_HEAD(&net->nfnl_acct_list); + INIT_LIST_HEAD(&nfnl_acct_pernet(net)->nfnl_acct_list); return 0; } static void __net_exit nfnl_acct_net_exit(struct net *net) { + struct nfnl_acct_net *nfnl_acct_net = nfnl_acct_pernet(net); struct nf_acct *cur, *tmp; - list_for_each_entry_safe(cur, tmp, &net->nfnl_acct_list, head) { + list_for_each_entry_safe(cur, tmp, &nfnl_acct_net->nfnl_acct_list, head) { list_del_rcu(&cur->head); if (refcount_dec_and_test(&cur->refcnt)) @@ -508,6 +526,8 @@ static void __net_exit nfnl_acct_net_exit(struct net *net) static struct pernet_operations nfnl_acct_ops = { .init = nfnl_acct_net_init, .exit = nfnl_acct_net_exit, + .id = &nfnl_acct_net_id, + .size = sizeof(struct nfnl_acct_net), }; static int __init nfnl_acct_init(void)