Commit 08911475d1d0921401e37d83292b217e1411d10b
1 parent
8fc0278168
Exists in
smarc-l5.0.0_1.0.0-ga
and in
5 other branches
netfilter: nf_conntrack: generalize nf_ct_l4proto_net
This patch generalizes nf_ct_l4proto_net by splitting it into chunks and moving the corresponding protocol part to where it really belongs to. To clarify, note that we follow two different approaches to support per-net depending if it's built-in or run-time loadable protocol tracker. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Gao feng <gaofeng@cn.fujitsu.com>
Showing 7 changed files with 41 additions and 16 deletions Side-by-side Diff
include/net/netfilter/nf_conntrack_l4proto.h
... | ... | @@ -99,6 +99,9 @@ |
99 | 99 | /* Init l4proto pernet data */ |
100 | 100 | int (*init_net)(struct net *net, u_int16_t proto); |
101 | 101 | |
102 | + /* Return the per-net protocol part. */ | |
103 | + struct nf_proto_net *(*get_net_proto)(struct net *net); | |
104 | + | |
102 | 105 | /* Protocol name */ |
103 | 106 | const char *name; |
104 | 107 |
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
... | ... | @@ -388,6 +388,11 @@ |
388 | 388 | return ret; |
389 | 389 | } |
390 | 390 | |
391 | +static struct nf_proto_net *icmp_get_net_proto(struct net *net) | |
392 | +{ | |
393 | + return &net->ct.nf_ct_proto.icmp.pn; | |
394 | +} | |
395 | + | |
391 | 396 | struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly = |
392 | 397 | { |
393 | 398 | .l3proto = PF_INET, |
... | ... | @@ -418,5 +423,6 @@ |
418 | 423 | }, |
419 | 424 | #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ |
420 | 425 | .init_net = icmp_init_net, |
426 | + .get_net_proto = icmp_get_net_proto, | |
421 | 427 | }; |
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
... | ... | @@ -358,6 +358,11 @@ |
358 | 358 | return icmpv6_kmemdup_sysctl_table(pn, in); |
359 | 359 | } |
360 | 360 | |
361 | +static struct nf_proto_net *icmpv6_get_net_proto(struct net *net) | |
362 | +{ | |
363 | + return &net->ct.nf_ct_proto.icmpv6.pn; | |
364 | +} | |
365 | + | |
361 | 366 | struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 __read_mostly = |
362 | 367 | { |
363 | 368 | .l3proto = PF_INET6, |
... | ... | @@ -386,5 +391,6 @@ |
386 | 391 | }, |
387 | 392 | #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ |
388 | 393 | .init_net = icmpv6_init_net, |
394 | + .get_net_proto = icmpv6_get_net_proto, | |
389 | 395 | }; |
net/netfilter/nf_conntrack_proto.c
... | ... | @@ -303,22 +303,12 @@ |
303 | 303 | static struct nf_proto_net *nf_ct_l4proto_net(struct net *net, |
304 | 304 | struct nf_conntrack_l4proto *l4proto) |
305 | 305 | { |
306 | - switch (l4proto->l4proto) { | |
307 | - case IPPROTO_TCP: | |
308 | - return (struct nf_proto_net *)&net->ct.nf_ct_proto.tcp; | |
309 | - case IPPROTO_UDP: | |
310 | - return (struct nf_proto_net *)&net->ct.nf_ct_proto.udp; | |
311 | - case IPPROTO_ICMP: | |
312 | - return (struct nf_proto_net *)&net->ct.nf_ct_proto.icmp; | |
313 | - case IPPROTO_ICMPV6: | |
314 | - return (struct nf_proto_net *)&net->ct.nf_ct_proto.icmpv6; | |
315 | - case 255: /* l4proto_generic */ | |
316 | - return (struct nf_proto_net *)&net->ct.nf_ct_proto.generic; | |
317 | - default: | |
318 | - if (l4proto->net_id) | |
319 | - return net_generic(net, *l4proto->net_id); | |
320 | - else | |
321 | - return NULL; | |
306 | + if (l4proto->get_net_proto) { | |
307 | + /* statically built-in protocols use static per-net */ | |
308 | + return l4proto->get_net_proto(net); | |
309 | + } else if (l4proto->net_id) { | |
310 | + /* ... and loadable protocols use dynamic per-net */ | |
311 | + return net_generic(net, *l4proto->net_id); | |
322 | 312 | } |
323 | 313 | return NULL; |
324 | 314 | } |
net/netfilter/nf_conntrack_proto_generic.c
... | ... | @@ -186,6 +186,11 @@ |
186 | 186 | return ret; |
187 | 187 | } |
188 | 188 | |
189 | +static struct nf_proto_net *generic_get_net_proto(struct net *net) | |
190 | +{ | |
191 | + return &net->ct.nf_ct_proto.generic.pn; | |
192 | +} | |
193 | + | |
189 | 194 | struct nf_conntrack_l4proto nf_conntrack_l4proto_generic __read_mostly = |
190 | 195 | { |
191 | 196 | .l3proto = PF_UNSPEC, |
... | ... | @@ -207,5 +212,6 @@ |
207 | 212 | }, |
208 | 213 | #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ |
209 | 214 | .init_net = generic_init_net, |
215 | + .get_net_proto = generic_get_net_proto, | |
210 | 216 | }; |
net/netfilter/nf_conntrack_proto_tcp.c
... | ... | @@ -1623,6 +1623,11 @@ |
1623 | 1623 | return ret; |
1624 | 1624 | } |
1625 | 1625 | |
1626 | +static struct nf_proto_net *tcp_get_net_proto(struct net *net) | |
1627 | +{ | |
1628 | + return &net->ct.nf_ct_proto.tcp.pn; | |
1629 | +} | |
1630 | + | |
1626 | 1631 | struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 __read_mostly = |
1627 | 1632 | { |
1628 | 1633 | .l3proto = PF_INET, |
... | ... | @@ -1656,6 +1661,7 @@ |
1656 | 1661 | }, |
1657 | 1662 | #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ |
1658 | 1663 | .init_net = tcp_init_net, |
1664 | + .get_net_proto = tcp_get_net_proto, | |
1659 | 1665 | }; |
1660 | 1666 | EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp4); |
1661 | 1667 | |
... | ... | @@ -1692,6 +1698,7 @@ |
1692 | 1698 | }, |
1693 | 1699 | #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ |
1694 | 1700 | .init_net = tcp_init_net, |
1701 | + .get_net_proto = tcp_get_net_proto, | |
1695 | 1702 | }; |
1696 | 1703 | EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp6); |
net/netfilter/nf_conntrack_proto_udp.c
... | ... | @@ -297,6 +297,11 @@ |
297 | 297 | return ret; |
298 | 298 | } |
299 | 299 | |
300 | +static struct nf_proto_net *udp_get_net_proto(struct net *net) | |
301 | +{ | |
302 | + return &net->ct.nf_ct_proto.udp.pn; | |
303 | +} | |
304 | + | |
300 | 305 | struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 __read_mostly = |
301 | 306 | { |
302 | 307 | .l3proto = PF_INET, |
... | ... | @@ -325,6 +330,7 @@ |
325 | 330 | }, |
326 | 331 | #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ |
327 | 332 | .init_net = udp_init_net, |
333 | + .get_net_proto = udp_get_net_proto, | |
328 | 334 | }; |
329 | 335 | EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp4); |
330 | 336 | |
... | ... | @@ -356,6 +362,7 @@ |
356 | 362 | }, |
357 | 363 | #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */ |
358 | 364 | .init_net = udp_init_net, |
365 | + .get_net_proto = udp_get_net_proto, | |
359 | 366 | }; |
360 | 367 | EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp6); |