netfilter: nf_tables: dynamically allocate hooks per net_device in flowtables

Use a list of hooks per device instead an array. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2019-10-16 14:24:01 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-10-23 13:01:22 +0200
commit: 3f0465a9ef02624e0a36db9e7c9bedcafcd6f6fe (patch)
tree: bf57a237202738613e17acbe6a02652cc30e1c0e /include/net/netfilter
parent: netfilter: nf_flow_table: move priority to struct nf_flowtable (diff)
download: linux-dev-3f0465a9ef02624e0a36db9e7c9bedcafcd6f6fe.tar.xz
linux-dev-3f0465a9ef02624e0a36db9e7c9bedcafcd6f6fe.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index d529dfb5aa64..7a2ac82ee0ad 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -963,6 +963,12 @@ struct nft_stats {
 	struct u64_stats_sync	syncp;
 };
 
+struct nft_hook {
+	struct list_head	list;
+	struct nf_hook_ops	ops;
+	struct rcu_head		rcu;
+};
+
 /**
  *	struct nft_base_chain - nf_tables base chain
  *
@@ -1173,7 +1179,7 @@ struct nft_flowtable {
 					use:30;
 	u64				handle;
 	/* runtime data below here */
-	struct nf_hook_ops		*ops ____cacheline_aligned;
+	struct list_head		hook_list ____cacheline_aligned;
 	struct nf_flowtable		data;
 };
author	Pablo Neira Ayuso <pablo@netfilter.org>	2019-10-16 14:24:01 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-10-23 13:01:22 +0200
commit	3f0465a9ef02624e0a36db9e7c9bedcafcd6f6fe (patch)
tree	bf57a237202738613e17acbe6a02652cc30e1c0e /include/net/netfilter
parent	netfilter: nf_flow_table: move priority to struct nf_flowtable (diff)
download	linux-dev-3f0465a9ef02624e0a36db9e7c9bedcafcd6f6fe.tar.xz linux-dev-3f0465a9ef02624e0a36db9e7c9bedcafcd6f6fe.zip