Commit 5f31edc0 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: conntrack: move extension sizes into core 



No need to specify this in the registration modules, we already
collect all sizes for build-time checks on the maximum combined size.

After this change, all extensions except nat have no meaningful content
in their nf_ct_ext_type struct definition.

Next patch handles nat, this will then allow to remove the dynamic
register api completely.

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent bb62a765

include/net/netfilter/nf_conntrack_extend.h

+0 −1
Original line number Diff line number Diff line
@@ -83,7 +83,6 @@ struct nf_ct_ext_type { 
	void (*destroy)(struct nf_conn *ct);



	enum nf_ct_ext_id id;

	u8 len;

};



int nf_ct_extend_register(const struct nf_ct_ext_type *type);

net/netfilter/nf_conntrack_acct.c

+0 −1
Original line number Diff line number Diff line
@@ -23,7 +23,6 @@ module_param_named(acct, nf_ct_acct, bool, 0644); 
MODULE_PARM_DESC(acct, "Enable connection tracking flow accounting.");



static const struct nf_ct_ext_type acct_extend = {

	.len	= sizeof(struct nf_conn_acct),

	.id	= NF_CT_EXT_ACCT,

};

net/netfilter/nf_conntrack_core.c

+0 −37
Original line number Diff line number Diff line
@@ -48,7 +48,6 @@ 
#include <net/netfilter/nf_conntrack_timeout.h>

#include <net/netfilter/nf_conntrack_labels.h>

#include <net/netfilter/nf_conntrack_synproxy.h>

#include <net/netfilter/nf_conntrack_act_ct.h>

#include <net/netfilter/nf_nat.h>

#include <net/netfilter/nf_nat_helper.h>

#include <net/netns/hash.h>
@@ -2629,39 +2628,6 @@ int nf_conntrack_set_hashsize(const char *val, const struct kernel_param *kp) 
	return nf_conntrack_hash_resize(hashsize);

}



static __always_inline unsigned int total_extension_size(void)

{

	/* remember to add new extensions below */

	BUILD_BUG_ON(NF_CT_EXT_NUM > 10);



	return sizeof(struct nf_ct_ext) +

	       sizeof(struct nf_conn_help)

#if IS_ENABLED(CONFIG_NF_NAT)

		+ sizeof(struct nf_conn_nat)

#endif

		+ sizeof(struct nf_conn_seqadj)

		+ sizeof(struct nf_conn_acct)

#ifdef CONFIG_NF_CONNTRACK_EVENTS

		+ sizeof(struct nf_conntrack_ecache)

#endif

#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP

		+ sizeof(struct nf_conn_tstamp)

#endif

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

		+ sizeof(struct nf_conn_timeout)

#endif

#ifdef CONFIG_NF_CONNTRACK_LABELS

		+ sizeof(struct nf_conn_labels)

#endif

#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)

		+ sizeof(struct nf_conn_synproxy)

#endif

#if IS_ENABLED(CONFIG_NET_ACT_CT)

		+ sizeof(struct nf_conn_act_ct_ext)

#endif

	;

};



int nf_conntrack_init_start(void)

{

	unsigned long nr_pages = totalram_pages();
@@ -2669,9 +2635,6 @@ int nf_conntrack_init_start(void) 
	int ret = -ENOMEM;

	int i;



	/* struct nf_ct_ext uses u8 to store offsets/size */

	BUILD_BUG_ON(total_extension_size() > 255u);



	seqcount_spinlock_init(&nf_conntrack_generation,

			       &nf_conntrack_locks_all_lock);

net/netfilter/nf_conntrack_ecache.c

+0 −1
Original line number Diff line number Diff line
@@ -305,7 +305,6 @@ void nf_conntrack_ecache_work(struct net *net, enum nf_ct_ecache_state state) 
static int nf_ct_events __read_mostly = NF_CT_EVENTS_DEFAULT;



static const struct nf_ct_ext_type event_extend = {

	.len	= sizeof(struct nf_conntrack_ecache),

	.id	= NF_CT_EXT_ECACHE,

};

net/netfilter/nf_conntrack_extend.c

+76 −10
Original line number Diff line number Diff line
@@ -13,10 +13,82 @@ 
#include <linux/skbuff.h>

#include <net/netfilter/nf_conntrack_extend.h>



#include <net/netfilter/nf_conntrack_helper.h>

#include <net/netfilter/nf_conntrack_acct.h>

#include <net/netfilter/nf_conntrack_seqadj.h>

#include <net/netfilter/nf_conntrack_ecache.h>

#include <net/netfilter/nf_conntrack_zones.h>

#include <net/netfilter/nf_conntrack_timestamp.h>

#include <net/netfilter/nf_conntrack_timeout.h>

#include <net/netfilter/nf_conntrack_labels.h>

#include <net/netfilter/nf_conntrack_synproxy.h>

#include <net/netfilter/nf_conntrack_act_ct.h>

#include <net/netfilter/nf_nat.h>



static struct nf_ct_ext_type __rcu *nf_ct_ext_types[NF_CT_EXT_NUM];

static DEFINE_MUTEX(nf_ct_ext_type_mutex);

#define NF_CT_EXT_PREALLOC	128u /* conntrack events are on by default */



static const u8 nf_ct_ext_type_len[NF_CT_EXT_NUM] = {

	[NF_CT_EXT_HELPER] = sizeof(struct nf_conn_help),

#if IS_ENABLED(CONFIG_NF_NAT)

	[NF_CT_EXT_NAT] = sizeof(struct nf_conn_nat),

#endif

	[NF_CT_EXT_SEQADJ] = sizeof(struct nf_conn_seqadj),

	[NF_CT_EXT_ACCT] = sizeof(struct nf_conn_acct),

#ifdef CONFIG_NF_CONNTRACK_EVENTS

	[NF_CT_EXT_ECACHE] = sizeof(struct nf_conntrack_ecache),

#endif

#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP

	[NF_CT_EXT_TSTAMP] = sizeof(struct nf_conn_acct),

#endif

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

	[NF_CT_EXT_TIMEOUT] = sizeof(struct nf_conn_tstamp),

#endif

#ifdef CONFIG_NF_CONNTRACK_LABELS

	[NF_CT_EXT_LABELS] = sizeof(struct nf_conn_labels),

#endif

#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)

	[NF_CT_EXT_SYNPROXY] = sizeof(struct nf_conn_synproxy),

#endif

#if IS_ENABLED(CONFIG_NET_ACT_CT)

	[NF_CT_EXT_ACT_CT] = sizeof(struct nf_conn_act_ct_ext),

#endif

};



static __always_inline unsigned int total_extension_size(void)

{

	/* remember to add new extensions below */

	BUILD_BUG_ON(NF_CT_EXT_NUM > 10);



	return sizeof(struct nf_ct_ext) +

	       sizeof(struct nf_conn_help)

#if IS_ENABLED(CONFIG_NF_NAT)

		+ sizeof(struct nf_conn_nat)

#endif

		+ sizeof(struct nf_conn_seqadj)

		+ sizeof(struct nf_conn_acct)

#ifdef CONFIG_NF_CONNTRACK_EVENTS

		+ sizeof(struct nf_conntrack_ecache)

#endif

#ifdef CONFIG_NF_CONNTRACK_TIMESTAMP

		+ sizeof(struct nf_conn_tstamp)

#endif

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT

		+ sizeof(struct nf_conn_timeout)

#endif

#ifdef CONFIG_NF_CONNTRACK_LABELS

		+ sizeof(struct nf_conn_labels)

#endif

#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)

		+ sizeof(struct nf_conn_synproxy)

#endif

#if IS_ENABLED(CONFIG_NET_ACT_CT)

		+ sizeof(struct nf_conn_act_ct_ext)

#endif

	;

}



void nf_ct_ext_destroy(struct nf_conn *ct)

{

	unsigned int i;
@@ -41,7 +113,6 @@ void nf_ct_ext_destroy(struct nf_conn *ct) 
void *nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp)

{

	unsigned int newlen, newoff, oldlen, alloc;

	struct nf_ct_ext_type *t;

	struct nf_ct_ext *new;



	/* Conntrack must not be confirmed to avoid races on reallocation. */
@@ -58,16 +129,8 @@ void *nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp) 
		oldlen = sizeof(*new);

	}



	rcu_read_lock();

	t = rcu_dereference(nf_ct_ext_types[id]);

	if (!t) {

		rcu_read_unlock();

		return NULL;

	}



	newoff = ALIGN(oldlen, __alignof__(struct nf_ct_ext));

	newlen = newoff + t->len;

	rcu_read_unlock();

	newlen = newoff + nf_ct_ext_type_len[id];



	alloc = max(newlen, NF_CT_EXT_PREALLOC);

	new = krealloc(ct->ext, alloc, gfp);
@@ -91,6 +154,9 @@ int nf_ct_extend_register(const struct nf_ct_ext_type *type) 
{

	int ret = 0;



	/* struct nf_ct_ext uses u8 to store offsets/size */

	BUILD_BUG_ON(total_extension_size() > 255u);



	mutex_lock(&nf_ct_ext_type_mutex);

	if (nf_ct_ext_types[type->id]) {

		ret = -EBUSY;