leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netfilter: nf_tables: remove old nf_log based tracing

Browse Source 
nfnetlink tracing is available since nft 0.6 (June 2016).
Remove old nf_log based tracing to avoid rule counter in main loop.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal 2018-05-11 21:55:39 +02:00 committed by Pablo Neira Ayuso
parent 01cd267bff
commit e65eebec9c
1 changed files with 7 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
net/netfilter/nf_tables_core.c
View File

@ -41,7 +41,7 @@ static const struct nf_loginfo trace_loginfo = {
static noinline void __nft_trace_packet(struct nft_traceinfo *info, static noinline void __nft_trace_packet(struct nft_traceinfo *info,
const struct nft_chain *chain, const struct nft_chain *chain,
int rulenum, enum nft_trace_types type) enum nft_trace_types type)
{ {
const struct nft_pktinfo *pkt = info->pkt; const struct nft_pktinfo *pkt = info->pkt;
@ -52,22 +52,16 @@ static noinline void __nft_trace_packet(struct nft_traceinfo *info,
info->type = type; info->type = type;
nft_trace_notify(info); nft_trace_notify(info);
nf_log_trace(nft_net(pkt), nft_pf(pkt), nft_hook(pkt), pkt->skb,
nft_in(pkt), nft_out(pkt), &trace_loginfo,
"TRACE: %s:%s:%s:%u ",
chain->table->name, chain->name, comments[type], rulenum);
} }
static inline void nft_trace_packet(struct nft_traceinfo *info, static inline void nft_trace_packet(struct nft_traceinfo *info,
const struct nft_chain *chain, const struct nft_chain *chain,
const struct nft_rule *rule, const struct nft_rule *rule,
int rulenum,
enum nft_trace_types type) enum nft_trace_types type)
{ {
if (static_branch_unlikely(&nft_trace_enabled)) { if (static_branch_unlikely(&nft_trace_enabled)) {
info->rule = rule; info->rule = rule;
__nft_trace_packet(info, chain, rulenum, type); __nft_trace_packet(info, chain, type);
} }
} }
@ -133,7 +127,6 @@ static noinline void nft_update_chain_stats(const struct nft_chain *chain,
struct nft_jumpstack { struct nft_jumpstack {
const struct nft_chain *chain; const struct nft_chain *chain;
const struct nft_rule *rule; const struct nft_rule *rule;
int rulenum;
}; };
unsigned int unsigned int
@ -146,7 +139,6 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv)
struct nft_regs regs; struct nft_regs regs;
unsigned int stackptr = 0; unsigned int stackptr = 0;
struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE]; struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE];
int rulenum;
unsigned int gencursor = nft_genmask_cur(net); unsigned int gencursor = nft_genmask_cur(net);
struct nft_traceinfo info; struct nft_traceinfo info;
@ -154,7 +146,6 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv)
if (static_branch_unlikely(&nft_trace_enabled)) if (static_branch_unlikely(&nft_trace_enabled))
nft_trace_init(&info, pkt, &regs.verdict, basechain); nft_trace_init(&info, pkt, &regs.verdict, basechain);
do_chain: do_chain:
rulenum = 0;
rule = list_entry(&chain->rules, struct nft_rule, list); rule = list_entry(&chain->rules, struct nft_rule, list);
next_rule: next_rule:
regs.verdict.code = NFT_CONTINUE; regs.verdict.code = NFT_CONTINUE;
@ -164,8 +155,6 @@ next_rule:
if (unlikely(rule->genmask & gencursor)) if (unlikely(rule->genmask & gencursor))
continue; continue;
rulenum++;
nft_rule_for_each_expr(expr, last, rule) { nft_rule_for_each_expr(expr, last, rule) {
if (expr->ops == &nft_cmp_fast_ops) if (expr->ops == &nft_cmp_fast_ops)
nft_cmp_fast_eval(expr, &regs); nft_cmp_fast_eval(expr, &regs);
@ -183,7 +172,7 @@ next_rule:
continue; continue;
case NFT_CONTINUE: case NFT_CONTINUE:
nft_trace_packet(&info, chain, rule, nft_trace_packet(&info, chain, rule,
rulenum, NFT_TRACETYPE_RULE); NFT_TRACETYPE_RULE);
continue; continue;
} }
break; break;
@ -195,7 +184,7 @@ next_rule:
case NF_QUEUE: case NF_QUEUE:
case NF_STOLEN: case NF_STOLEN:
nft_trace_packet(&info, chain, rule, nft_trace_packet(&info, chain, rule,
rulenum, NFT_TRACETYPE_RULE); NFT_TRACETYPE_RULE);
return regs.verdict.code; return regs.verdict.code;
} }
@ -204,21 +193,19 @@ next_rule:
BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE); BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE);
jumpstack[stackptr].chain = chain; jumpstack[stackptr].chain = chain;
jumpstack[stackptr].rule = rule; jumpstack[stackptr].rule = rule;
jumpstack[stackptr].rulenum = rulenum;
stackptr++; stackptr++;
/* fall through */ /* fall through */
case NFT_GOTO: case NFT_GOTO:
nft_trace_packet(&info, chain, rule, nft_trace_packet(&info, chain, rule,
rulenum, NFT_TRACETYPE_RULE); NFT_TRACETYPE_RULE);
chain = regs.verdict.chain; chain = regs.verdict.chain;
goto do_chain; goto do_chain;
case NFT_CONTINUE: case NFT_CONTINUE:
rulenum++;
/* fall through */ /* fall through */
case NFT_RETURN: case NFT_RETURN:
nft_trace_packet(&info, chain, rule, nft_trace_packet(&info, chain, rule,
rulenum, NFT_TRACETYPE_RETURN); NFT_TRACETYPE_RETURN);
break; break;
default: default:
WARN_ON(1); WARN_ON(1);
@ -228,12 +215,10 @@ next_rule:
stackptr--; stackptr--;
chain = jumpstack[stackptr].chain; chain = jumpstack[stackptr].chain;
rule = jumpstack[stackptr].rule; rule = jumpstack[stackptr].rule;
rulenum = jumpstack[stackptr].rulenum;
goto next_rule; goto next_rule;
} }
nft_trace_packet(&info, basechain, NULL, -1, nft_trace_packet(&info, basechain, NULL, NFT_TRACETYPE_POLICY);
NFT_TRACETYPE_POLICY);
if (static_branch_unlikely(&nft_counters_enabled)) if (static_branch_unlikely(&nft_counters_enabled))
nft_update_chain_stats(basechain, pkt); nft_update_chain_stats(basechain, pkt);