git.samba.org - sfrench/cifs-2.6.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 16 Oct 2023 12:29:27 +0000 (14:29 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 24 Oct 2023 11:37:42 +0000 (13:37 +0200)
commit	0e1ea651c9717ddcd8e0648d8468477a31867b0a
tree	a3ab72b4f693fbede02f45c2d324e39174012f20	tree
parent	9dad402b89e81a0516bad5e0ac009b7a0a80898f	commit \| diff

netfilter: nf_tables: shrink memory consumption of set elements

Instead of copying struct nft_set_elem into struct nft_trans_elem, store
the pointer to the opaque set element object in the transaction. Adapt
set backend API (and set backend implementations) to take the pointer to
opaque set element representation whenever required.

This patch deconstifies .remove() and .activate() set backend API since
these modify the set element opaque object. And it also constify
nft_set_elem_ext() this provides access to the nft_set_ext struct
without updating the object.

According to pahole on x86_64, this patch shrinks struct nft_trans_elem
size from 216 to 24 bytes.

This patch also reduces stack memory consumption by removing the
template struct nft_set_elem object, using the opaque set element object
instead such as from the set iterator API, catchall elements and the get
element command.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables.h		diff \| blob \| history
net/netfilter/nf_tables_api.c		diff \| blob \| history
net/netfilter/nft_set_bitmap.c		diff \| blob \| history
net/netfilter/nft_set_hash.c		diff \| blob \| history
net/netfilter/nft_set_pipapo.c		diff \| blob \| history
net/netfilter/nft_set_rbtree.c		diff \| blob \| history