netfilter: nf_tables: expression ops overloading
Split the expression ops into two parts and support overloading of
the runtime expression ops based on the requested function through
a ->select_ops() callback.
This can be used to provide optimized implementations, for instance
for loading small aligned amounts of data from the packet or inlining
frequently used operations into the main evaluation loop.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
diff --git a/net/ipv4/netfilter/nf_table_nat_ipv4.c b/net/ipv4/netfilter/nf_table_nat_ipv4.c
index 2a6f184..2ecce39 100644
--- a/net/ipv4/netfilter/nf_table_nat_ipv4.c
+++ b/net/ipv4/netfilter/nf_table_nat_ipv4.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2008 Patrick McHardy <kaber@trash.net>
+ * Copyright (c) 2008-2009 Patrick McHardy <kaber@trash.net>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
@@ -149,15 +149,21 @@
return -1;
}
-static struct nft_expr_ops nft_nat_ops __read_mostly = {
- .name = "nat",
+static struct nft_expr_type nft_nat_type;
+static const struct nft_expr_ops nft_nat_ops = {
+ .type = &nft_nat_type,
.size = NFT_EXPR_SIZE(sizeof(struct nft_nat)),
- .owner = THIS_MODULE,
.eval = nft_nat_eval,
.init = nft_nat_init,
.dump = nft_nat_dump,
+};
+
+static struct nft_expr_type nft_nat_type __read_mostly = {
+ .name = "nat",
+ .ops = &nft_nat_ops,
.policy = nft_nat_policy,
.maxattr = NFTA_NAT_MAX,
+ .owner = THIS_MODULE,
};
/*
@@ -382,7 +388,7 @@
if (err < 0)
goto err1;
- err = nft_register_expr(&nft_nat_ops);
+ err = nft_register_expr(&nft_nat_type);
if (err < 0)
goto err2;
@@ -396,7 +402,7 @@
static void __exit nf_table_nat_exit(void)
{
- nft_unregister_expr(&nft_nat_ops);
+ nft_unregister_expr(&nft_nat_type);
nft_unregister_table(&nf_table_nat_ipv4, AF_INET);
}