Commit 08911475d1d0921401e37d83292b217e1411d10b

Authored by Pablo Neira Ayuso
1 parent 8fc0278168

netfilter: nf_conntrack: generalize nf_ct_l4proto_net

This patch generalizes nf_ct_l4proto_net by splitting it into chunks and
moving the corresponding protocol part to where it really belongs to.

To clarify, note that we follow two different approaches to support per-net
depending if it's built-in or run-time loadable protocol tracker.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Acked-by: Gao feng <gaofeng@cn.fujitsu.com>

Showing 7 changed files with 41 additions and 16 deletions Side-by-side Diff

include/net/netfilter/nf_conntrack_l4proto.h
... ... @@ -99,6 +99,9 @@
99 99 /* Init l4proto pernet data */
100 100 int (*init_net)(struct net *net, u_int16_t proto);
101 101  
  102 + /* Return the per-net protocol part. */
  103 + struct nf_proto_net *(*get_net_proto)(struct net *net);
  104 +
102 105 /* Protocol name */
103 106 const char *name;
104 107  
net/ipv4/netfilter/nf_conntrack_proto_icmp.c
... ... @@ -388,6 +388,11 @@
388 388 return ret;
389 389 }
390 390  
  391 +static struct nf_proto_net *icmp_get_net_proto(struct net *net)
  392 +{
  393 + return &net->ct.nf_ct_proto.icmp.pn;
  394 +}
  395 +
391 396 struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly =
392 397 {
393 398 .l3proto = PF_INET,
... ... @@ -418,5 +423,6 @@
418 423 },
419 424 #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
420 425 .init_net = icmp_init_net,
  426 + .get_net_proto = icmp_get_net_proto,
421 427 };
net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
... ... @@ -358,6 +358,11 @@
358 358 return icmpv6_kmemdup_sysctl_table(pn, in);
359 359 }
360 360  
  361 +static struct nf_proto_net *icmpv6_get_net_proto(struct net *net)
  362 +{
  363 + return &net->ct.nf_ct_proto.icmpv6.pn;
  364 +}
  365 +
361 366 struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 __read_mostly =
362 367 {
363 368 .l3proto = PF_INET6,
... ... @@ -386,5 +391,6 @@
386 391 },
387 392 #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
388 393 .init_net = icmpv6_init_net,
  394 + .get_net_proto = icmpv6_get_net_proto,
389 395 };
net/netfilter/nf_conntrack_proto.c
... ... @@ -303,22 +303,12 @@
303 303 static struct nf_proto_net *nf_ct_l4proto_net(struct net *net,
304 304 struct nf_conntrack_l4proto *l4proto)
305 305 {
306   - switch (l4proto->l4proto) {
307   - case IPPROTO_TCP:
308   - return (struct nf_proto_net *)&net->ct.nf_ct_proto.tcp;
309   - case IPPROTO_UDP:
310   - return (struct nf_proto_net *)&net->ct.nf_ct_proto.udp;
311   - case IPPROTO_ICMP:
312   - return (struct nf_proto_net *)&net->ct.nf_ct_proto.icmp;
313   - case IPPROTO_ICMPV6:
314   - return (struct nf_proto_net *)&net->ct.nf_ct_proto.icmpv6;
315   - case 255: /* l4proto_generic */
316   - return (struct nf_proto_net *)&net->ct.nf_ct_proto.generic;
317   - default:
318   - if (l4proto->net_id)
319   - return net_generic(net, *l4proto->net_id);
320   - else
321   - return NULL;
  306 + if (l4proto->get_net_proto) {
  307 + /* statically built-in protocols use static per-net */
  308 + return l4proto->get_net_proto(net);
  309 + } else if (l4proto->net_id) {
  310 + /* ... and loadable protocols use dynamic per-net */
  311 + return net_generic(net, *l4proto->net_id);
322 312 }
323 313 return NULL;
324 314 }
net/netfilter/nf_conntrack_proto_generic.c
... ... @@ -186,6 +186,11 @@
186 186 return ret;
187 187 }
188 188  
  189 +static struct nf_proto_net *generic_get_net_proto(struct net *net)
  190 +{
  191 + return &net->ct.nf_ct_proto.generic.pn;
  192 +}
  193 +
189 194 struct nf_conntrack_l4proto nf_conntrack_l4proto_generic __read_mostly =
190 195 {
191 196 .l3proto = PF_UNSPEC,
... ... @@ -207,5 +212,6 @@
207 212 },
208 213 #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
209 214 .init_net = generic_init_net,
  215 + .get_net_proto = generic_get_net_proto,
210 216 };
net/netfilter/nf_conntrack_proto_tcp.c
... ... @@ -1623,6 +1623,11 @@
1623 1623 return ret;
1624 1624 }
1625 1625  
  1626 +static struct nf_proto_net *tcp_get_net_proto(struct net *net)
  1627 +{
  1628 + return &net->ct.nf_ct_proto.tcp.pn;
  1629 +}
  1630 +
1626 1631 struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 __read_mostly =
1627 1632 {
1628 1633 .l3proto = PF_INET,
... ... @@ -1656,6 +1661,7 @@
1656 1661 },
1657 1662 #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
1658 1663 .init_net = tcp_init_net,
  1664 + .get_net_proto = tcp_get_net_proto,
1659 1665 };
1660 1666 EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp4);
1661 1667  
... ... @@ -1692,6 +1698,7 @@
1692 1698 },
1693 1699 #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
1694 1700 .init_net = tcp_init_net,
  1701 + .get_net_proto = tcp_get_net_proto,
1695 1702 };
1696 1703 EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp6);
net/netfilter/nf_conntrack_proto_udp.c
... ... @@ -297,6 +297,11 @@
297 297 return ret;
298 298 }
299 299  
  300 +static struct nf_proto_net *udp_get_net_proto(struct net *net)
  301 +{
  302 + return &net->ct.nf_ct_proto.udp.pn;
  303 +}
  304 +
300 305 struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 __read_mostly =
301 306 {
302 307 .l3proto = PF_INET,
... ... @@ -325,6 +330,7 @@
325 330 },
326 331 #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
327 332 .init_net = udp_init_net,
  333 + .get_net_proto = udp_get_net_proto,
328 334 };
329 335 EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp4);
330 336  
... ... @@ -356,6 +362,7 @@
356 362 },
357 363 #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
358 364 .init_net = udp_init_net,
  365 + .get_net_proto = udp_get_net_proto,
359 366 };
360 367 EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp6);