netfilter: nf_ct_helper: allocate 16 bytes for the helper and policy names

This patch modifies the struct nf_conntrack_helper to allocate the room for the helper name. The maximum length is 16 bytes (this was already introduced in 2.6.24). For the maximum length for expectation policy names, I have also selected 16 bytes. This patch is required by the follow-up patch to support user-space connection tracking helpers. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nf_ct_helper: allocate 16 bytes for the helper and policy names
This patch modifies the struct nf_conntrack_helper to allocate the room for the helper name. The maximum length is 16 bytes (this was already introduced in 2.6.24). For the maximum length for expectation policy names, I have also selected 16 bytes. This patch is required by the follow-up patch to support user-space connection tracking helpers. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Pablo Neira Ayuso · Eric Lee · Eric Lee · Eric Lee · Eric Lee · Eric Lee
1 parent d0daebc3d6
Showing 7 changed files with 14 additions and 31 deletions Side-by-side Diff
include/net/netfilter/nf_conntrack_expect.h
include/net/netfilter/nf_conntrack_helper.h
net/netfilter/nf_conntrack_ftp.c
net/netfilter/nf_conntrack_irc.c
net/netfilter/nf_conntrack_sane.c
net/netfilter/nf_conntrack_sip.c
net/netfilter/nf_conntrack_tftp.c
@@ -59,10 +59,12 @@
 	return nf_ct_net(exp->master);
 }
  
+#define NF_CT_EXP_POLICY_NAME_LEN	16
+
 struct nf_conntrack_expect_policy {
 	unsigned int	max_expected;
 	unsigned int	timeout;
-	const char	*name;
+	char		name[NF_CT_EXP_POLICY_NAME_LEN];
 };
  
 #define NF_CT_EXPECT_CLASS_DEFAULT	0
@@ -19,7 +19,7 @@
 struct nf_conntrack_helper {
 	struct hlist_node hnode;	/* Internal use. */
  
-	const char *name;		/* name of the module */
+	char name[NF_CT_HELPER_NAME_LEN]; /* name of the module */
 	struct module *me;		/* pointer to self */
 	const struct nf_conntrack_expect_policy *expect_policy;
  
@@ -512,7 +512,6 @@
 }
  
 static struct nf_conntrack_helper ftp[MAX_PORTS][2] __read_mostly;
-static char ftp_names[MAX_PORTS][2][sizeof("ftp-65535")] __read_mostly;
  
 static const struct nf_conntrack_expect_policy ftp_exp_policy = {
 	.max_expected	= 1,
@@ -541,7 +540,6 @@
 static int __init nf_conntrack_ftp_init(void)
 {
 	int i, j = -1, ret = 0;
-	char *tmpname;
  
 	ftp_buffer = kmalloc(65536, GFP_KERNEL);
 	if (!ftp_buffer)
  
  
@@ -561,12 +559,10 @@
 			ftp[i][j].expect_policy = &ftp_exp_policy;
 			ftp[i][j].me = THIS_MODULE;
 			ftp[i][j].help = help;
-			tmpname = &ftp_names[i][j][0];
 			if (ports[i] == FTP_PORT)
-				sprintf(tmpname, "ftp");
+				sprintf(ftp[i][j].name, "ftp");
 			else
-				sprintf(tmpname, "ftp-%d", ports[i]);
-			ftp[i][j].name = tmpname;
+				sprintf(ftp[i][j].name, "ftp-%d", ports[i]);
  
 			pr_debug("nf_ct_ftp: registering helper for pf: %d "
 				 "port: %d\n",
@@ -221,7 +221,6 @@
 }
  
 static struct nf_conntrack_helper irc[MAX_PORTS] __read_mostly;
-static char irc_names[MAX_PORTS][sizeof("irc-65535")] __read_mostly;
 static struct nf_conntrack_expect_policy irc_exp_policy;
  
 static void nf_conntrack_irc_fini(void);
@@ -229,7 +228,6 @@
 static int __init nf_conntrack_irc_init(void)
 {
 	int i, ret;
-	char *tmpname;
  
 	if (max_dcc_channels < 1) {
 		printk(KERN_ERR "nf_ct_irc: max_dcc_channels must not be zero\n");
  
  
@@ -255,12 +253,10 @@
 		irc[i].me = THIS_MODULE;
 		irc[i].help = help;
  
-		tmpname = &irc_names[i][0];
 		if (ports[i] == IRC_PORT)
-			sprintf(tmpname, "irc");
+			sprintf(irc[i].name, "irc");
 		else
-			sprintf(tmpname, "irc-%u", i);
-		irc[i].name = tmpname;
+			sprintf(irc[i].name, "irc-%u", i);
  
 		ret = nf_conntrack_helper_register(&irc[i]);
 		if (ret) {
@@ -163,7 +163,6 @@
 }
  
 static struct nf_conntrack_helper sane[MAX_PORTS][2] __read_mostly;
-static char sane_names[MAX_PORTS][2][sizeof("sane-65535")] __read_mostly;
  
 static const struct nf_conntrack_expect_policy sane_exp_policy = {
 	.max_expected	= 1,
@@ -190,7 +189,6 @@
 static int __init nf_conntrack_sane_init(void)
 {
 	int i, j = -1, ret = 0;
-	char *tmpname;
  
 	sane_buffer = kmalloc(65536, GFP_KERNEL);
 	if (!sane_buffer)
  
  
@@ -210,12 +208,10 @@
 			sane[i][j].expect_policy = &sane_exp_policy;
 			sane[i][j].me = THIS_MODULE;
 			sane[i][j].help = help;
-			tmpname = &sane_names[i][j][0];
 			if (ports[i] == SANE_PORT)
-				sprintf(tmpname, "sane");
+				sprintf(sane[i][j].name, "sane");
 			else
-				sprintf(tmpname, "sane-%d", ports[i]);
-			sane[i][j].name = tmpname;
+				sprintf(sane[i][j].name, "sane-%d", ports[i]);
  
 			pr_debug("nf_ct_sane: registering helper for pf: %d "
 				 "port: %d\n",
@@ -1556,7 +1556,6 @@
 static int __init nf_conntrack_sip_init(void)
 {
 	int i, j, ret;
-	char *tmpname;
  
 	if (ports_c == 0)
 		ports[ports_c++] = SIP_PORT;
  
  
@@ -1584,12 +1583,10 @@
 			sip[i][j].expect_class_max = SIP_EXPECT_MAX;
 			sip[i][j].me = THIS_MODULE;
  
-			tmpname = &sip_names[i][j][0];
 			if (ports[i] == SIP_PORT)
-				sprintf(tmpname, "sip");
+				sprintf(sip_names[i][j], "sip");
 			else
-				sprintf(tmpname, "sip-%u", i);
-			sip[i][j].name = tmpname;
+				sprintf(sip_names[i][j], "sip-%u", i);
  
 			pr_debug("port #%u: %u\n", i, ports[i]);
  
@@ -92,7 +92,6 @@
 }
  
 static struct nf_conntrack_helper tftp[MAX_PORTS][2] __read_mostly;
-static char tftp_names[MAX_PORTS][2][sizeof("tftp-65535")] __read_mostly;
  
 static const struct nf_conntrack_expect_policy tftp_exp_policy = {
 	.max_expected	= 1,
@@ -112,7 +111,6 @@
 static int __init nf_conntrack_tftp_init(void)
 {
 	int i, j, ret;
-	char *tmpname;
  
 	if (ports_c == 0)
 		ports[ports_c++] = TFTP_PORT;
  
  
@@ -129,12 +127,10 @@
 			tftp[i][j].me = THIS_MODULE;
 			tftp[i][j].help = tftp_help;
  
-			tmpname = &tftp_names[i][j][0];
 			if (ports[i] == TFTP_PORT)
-				sprintf(tmpname, "tftp");
+				sprintf(tftp[i][j].name, "tftp");
 			else
-				sprintf(tmpname, "tftp-%u", i);
-			tftp[i][j].name = tmpname;
+				sprintf(tftp[i][j].name, "tftp-%u", i);
  
 			ret = nf_conntrack_helper_register(&tftp[i][j]);
 			if (ret) {
...	...	@@ -59,10 +59,12 @@
59	59	return nf_ct_net(exp->master);
60	60	}
61	61
	62	+#define NF_CT_EXP_POLICY_NAME_LEN 16
	63	+
62	64	struct nf_conntrack_expect_policy {
63	65	unsigned int max_expected;
64	66	unsigned int timeout;
65		- const char *name;
	67	+ char name[NF_CT_EXP_POLICY_NAME_LEN];
66	68	};
67	69
68	70	#define NF_CT_EXPECT_CLASS_DEFAULT 0
...	...	@@ -19,7 +19,7 @@
19	19	struct nf_conntrack_helper {
20	20	struct hlist_node hnode; /* Internal use. */
21	21
22		- const char name; / name of the module */
	22	+ char name[NF_CT_HELPER_NAME_LEN]; /* name of the module */
23	23	struct module me; / pointer to self */
24	24	const struct nf_conntrack_expect_policy *expect_policy;
25	25
...	...	@@ -512,7 +512,6 @@
512	512	}
513	513
514	514	static struct nf_conntrack_helper ftp[MAX_PORTS][2] __read_mostly;
515		-static char ftp_names[MAX_PORTS][2][sizeof("ftp-65535")] __read_mostly;
516	515
517	516	static const struct nf_conntrack_expect_policy ftp_exp_policy = {
518	517	.max_expected = 1,
...	...	@@ -541,7 +540,6 @@
541	540	static int __init nf_conntrack_ftp_init(void)
542	541	{
543	542	int i, j = -1, ret = 0;
544		- char *tmpname;
545	543
546	544	ftp_buffer = kmalloc(65536, GFP_KERNEL);
547	545	if (!ftp_buffer)
548	546
549	547
...	...	@@ -561,12 +559,10 @@
561	559	ftp[i][j].expect_policy = &ftp_exp_policy;
562	560	ftp[i][j].me = THIS_MODULE;
563	561	ftp[i][j].help = help;
564		- tmpname = &ftp_names[i][j][0];
565	562	if (ports[i] == FTP_PORT)
566		- sprintf(tmpname, "ftp");
	563	+ sprintf(ftp[i][j].name, "ftp");
567	564	else
568		- sprintf(tmpname, "ftp-%d", ports[i]);
569		- ftp[i][j].name = tmpname;
	565	+ sprintf(ftp[i][j].name, "ftp-%d", ports[i]);
570	566
571	567	pr_debug("nf_ct_ftp: registering helper for pf: %d "
572	568	"port: %d\n",
...	...	@@ -221,7 +221,6 @@
221	221	}
222	222
223	223	static struct nf_conntrack_helper irc[MAX_PORTS] __read_mostly;
224		-static char irc_names[MAX_PORTS][sizeof("irc-65535")] __read_mostly;
225	224	static struct nf_conntrack_expect_policy irc_exp_policy;
226	225
227	226	static void nf_conntrack_irc_fini(void);
...	...	@@ -229,7 +228,6 @@
229	228	static int __init nf_conntrack_irc_init(void)
230	229	{
231	230	int i, ret;
232		- char *tmpname;
233	231
234	232	if (max_dcc_channels < 1) {
235	233	printk(KERN_ERR "nf_ct_irc: max_dcc_channels must not be zero\n");
236	234
237	235
...	...	@@ -255,12 +253,10 @@
255	253	irc[i].me = THIS_MODULE;
256	254	irc[i].help = help;
257	255
258		- tmpname = &irc_names[i][0];
259	256	if (ports[i] == IRC_PORT)
260		- sprintf(tmpname, "irc");
	257	+ sprintf(irc[i].name, "irc");
261	258	else
262		- sprintf(tmpname, "irc-%u", i);
263		- irc[i].name = tmpname;
	259	+ sprintf(irc[i].name, "irc-%u", i);
264	260
265	261	ret = nf_conntrack_helper_register(&irc[i]);
266	262	if (ret) {
...	...	@@ -163,7 +163,6 @@
163	163	}
164	164
165	165	static struct nf_conntrack_helper sane[MAX_PORTS][2] __read_mostly;
166		-static char sane_names[MAX_PORTS][2][sizeof("sane-65535")] __read_mostly;
167	166
168	167	static const struct nf_conntrack_expect_policy sane_exp_policy = {
169	168	.max_expected = 1,
...	...	@@ -190,7 +189,6 @@
190	189	static int __init nf_conntrack_sane_init(void)
191	190	{
192	191	int i, j = -1, ret = 0;
193		- char *tmpname;
194	192
195	193	sane_buffer = kmalloc(65536, GFP_KERNEL);
196	194	if (!sane_buffer)
197	195
198	196
...	...	@@ -210,12 +208,10 @@
210	208	sane[i][j].expect_policy = &sane_exp_policy;
211	209	sane[i][j].me = THIS_MODULE;
212	210	sane[i][j].help = help;
213		- tmpname = &sane_names[i][j][0];
214	211	if (ports[i] == SANE_PORT)
215		- sprintf(tmpname, "sane");
	212	+ sprintf(sane[i][j].name, "sane");
216	213	else
217		- sprintf(tmpname, "sane-%d", ports[i]);
218		- sane[i][j].name = tmpname;
	214	+ sprintf(sane[i][j].name, "sane-%d", ports[i]);
219	215
220	216	pr_debug("nf_ct_sane: registering helper for pf: %d "
221	217	"port: %d\n",
...	...	@@ -1556,7 +1556,6 @@
1556	1556	static int __init nf_conntrack_sip_init(void)
1557	1557	{
1558	1558	int i, j, ret;
1559		- char *tmpname;
1560	1559
1561	1560	if (ports_c == 0)
1562	1561	ports[ports_c++] = SIP_PORT;
1563	1562
1564	1563
...	...	@@ -1584,12 +1583,10 @@
1584	1583	sip[i][j].expect_class_max = SIP_EXPECT_MAX;
1585	1584	sip[i][j].me = THIS_MODULE;
1586	1585
1587		- tmpname = &sip_names[i][j][0];
1588	1586	if (ports[i] == SIP_PORT)
1589		- sprintf(tmpname, "sip");
	1587	+ sprintf(sip_names[i][j], "sip");
1590	1588	else
1591		- sprintf(tmpname, "sip-%u", i);
1592		- sip[i][j].name = tmpname;
	1589	+ sprintf(sip_names[i][j], "sip-%u", i);
1593	1590
1594	1591	pr_debug("port #%u: %u\n", i, ports[i]);
1595	1592
...	...	@@ -92,7 +92,6 @@
92	92	}
93	93
94	94	static struct nf_conntrack_helper tftp[MAX_PORTS][2] __read_mostly;
95		-static char tftp_names[MAX_PORTS][2][sizeof("tftp-65535")] __read_mostly;
96	95
97	96	static const struct nf_conntrack_expect_policy tftp_exp_policy = {
98	97	.max_expected = 1,
...	...	@@ -112,7 +111,6 @@
112	111	static int __init nf_conntrack_tftp_init(void)
113	112	{
114	113	int i, j, ret;
115		- char *tmpname;
116	114
117	115	if (ports_c == 0)
118	116	ports[ports_c++] = TFTP_PORT;
119	117
120	118
...	...	@@ -129,12 +127,10 @@
129	127	tftp[i][j].me = THIS_MODULE;
130	128	tftp[i][j].help = tftp_help;
131	129
132		- tmpname = &tftp_names[i][j][0];
133	130	if (ports[i] == TFTP_PORT)
134		- sprintf(tmpname, "tftp");
	131	+ sprintf(tftp[i][j].name, "tftp");
135	132	else
136		- sprintf(tmpname, "tftp-%u", i);
137		- tftp[i][j].name = tmpname;
	133	+ sprintf(tftp[i][j].name, "tftp-%u", i);
138	134
139	135	ret = nf_conntrack_helper_register(&tftp[i][j]);
140	136	if (ret) {