[Devel] Re: [PATCH 1/3] netns netfilter: semi-rewrite of /proc/net/foo_tables_*

Patrick McHardy kaber at trash.net
Wed Jan 30 07:17:10 PST 2008


Alexey Dobriyan wrote:
> Argh, there are many small but still wrong things with /proc/net/*_tables_*
> so I decided to do overhaul simultaneously making it more suitable for
> per-netns /proc/net/*_tables_* implementation.
> 
> Fix
> a) xt_get_idx() duplicating now standard seq_list_start/seq_list_next
>    iterators
> b) tables/matches/targets list was chosen again and again on every ->next
> c) multiple useless "af >= NPROTO" checks -- we simple don't supply invalid
>    AFs there and registration function should BUG_ON instead.
>    
>    Regardless, the one in ->next() is the most useless -- ->next doesn't
>    run at all if ->start fails.
> d) Don't use mutex_lock_interruptible() -- it can fail and ->stop is
>    executed even if ->start failed, so unlock without lock is possible.
> 
> As side effect, streamline code by splitting xt_tgt_ops into xt_target_ops,
> xt_matches_ops, xt_tables_ops.
> 
> xt_tables_ops hooks will be changed by per-netns code. Code of
> xt_matches_ops, xt_target_ops is identical except the list chosen for
> iterating, but I think consolidating code for two files not worth it
> given "<< 16" hacks needed for it.
> 
> Signed-off-by: Alexey Dobriyan <adobriyan at sw.ru>

Applied, and I also removed the now unused TABLE/TARGET/MATCH enum.




More information about the Devel mailing list