• F
    netfilter: nat: merge nf_nat_ipv4,6 into nat core · 3bf195ae
    Florian Westphal 提交于
    before:
       text    data     bss     dec     hex filename
      16566    1576    4136   22278    5706 nf_nat.ko
       3598	    844	      0	   4442	   115a	nf_nat_ipv6.ko
       3187	    844	      0	   4031	    fbf	nf_nat_ipv4.ko
    
    after:
       text    data     bss     dec     hex filename
      22948    1612    4136   28696    7018 nf_nat.ko
    
    ... with ipv4/v6 nat now provided directly via nf_nat.ko.
    
    Also changes:
           ret = nf_nat_ipv4_fn(priv, skb, state);
           if (ret != NF_DROP && ret != NF_STOLEN &&
    into
    	if (ret != NF_ACCEPT)
    		return ret;
    
    everywhere.
    
    The nat hooks never should return anything other than
    ACCEPT or DROP (and the latter only in rare error cases).
    
    The original code uses multi-line ANDing including assignment-in-if:
            if (ret != NF_DROP && ret != NF_STOLEN &&
               !(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
                (ct = nf_ct_get(skb, &ctinfo)) != NULL) {
    
    I removed this while moving, breaking those in separate conditionals
    and moving the assignments into extra lines.
    
    checkpatch still generates some warnings:
     1. Overly long lines (of moved code).
        Breaking them is even more ugly. so I kept this as-is.
     2. use of extern function declarations in a .c file.
        This is necessary evil, we must call
        nf_nat_l3proto_register() from the nat core now.
        All l3proto related functions are removed later in this series,
        those prototypes are then removed as well.
    
    v2: keep empty nf_nat_ipv6_csum_update stub for CONFIG_IPV6=n case.
    v3: remove IS_ENABLED(NF_NAT_IPV4/6) tests, NF_NAT_IPVx toggles
        are removed here.
    v4: also get rid of the assignments in conditionals.
    Signed-off-by: NFlorian Westphal <fw@strlen.de>
    Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
    3bf195ae
conntrack.c 57.9 KB