Re: [PATCH 1/2] netfilter: nf_conntrack: generalize nf_ct_l4proto_net

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Gao feng <gaofeng@cn.fujitsu.com>
To: pablo@netfilter.org
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 1/2] netfilter: nf_conntrack: generalize nf_ct_l4proto_net
Date: Sat, 30 Jun 2012 20:29:06 +0800	[thread overview]
Message-ID: <4FEEF112.1080004@cn.fujitsu.com> (raw)
In-Reply-To: <1340983405-32118-1-git-send-email-pablo@netfilter.org>

于 2012年06月29日 23:23, pablo@netfilter.org 写道:
> From: Pablo Neira Ayuso <pablo@netfilter.org>
> 
> This patch generalizes nf_ct_l4proto_net by splitting it into chunks and
> moving the corresponding protocol part to where it really belongs to.
> 
> To clarify, note that we follow two different approaches to support per-net
> depending if it's built-in or run-time loadable protocol tracker.
> 
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
>  include/net/netfilter/nf_conntrack_l4proto.h   |    3 +++
>  net/ipv4/netfilter/nf_conntrack_proto_icmp.c   |    6 ++++++
>  net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c |    6 ++++++
>  net/netfilter/nf_conntrack_proto.c             |   22 ++++++----------------
>  net/netfilter/nf_conntrack_proto_generic.c     |    6 ++++++
>  net/netfilter/nf_conntrack_proto_tcp.c         |    7 +++++++
>  net/netfilter/nf_conntrack_proto_udp.c         |    7 +++++++
>  7 files changed, 41 insertions(+), 16 deletions(-)

Yes,It looks better,thanks!

Acked-by: Gao feng <gaofeng@cn.fujitsu.com>

> 
> diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h
> index 08bb571..c3be4ae 100644
> --- a/include/net/netfilter/nf_conntrack_l4proto.h
> +++ b/include/net/netfilter/nf_conntrack_l4proto.h
> @@ -99,6 +99,9 @@ struct nf_conntrack_l4proto {
>  	/* Init l4proto pernet data */
>  	int (*init_net)(struct net *net, u_int16_t proto);
>  
> +	/* Return the per-net protocol part. */
> +	struct nf_proto_net *(*get_net_proto)(struct net *net);
> +
>  	/* Protocol name */
>  	const char *name;
>  
> diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
> index 9c2095c..5241d99 100644
> --- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
> +++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
> @@ -388,6 +388,11 @@ static int icmp_init_net(struct net *net, u_int16_t proto)
>  	return ret;
>  }
>  
> +static struct nf_proto_net *icmp_get_net_proto(struct net *net)
> +{
> +	return &net->ct.nf_ct_proto.icmp.pn;
> +}
> +
>  struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly =
>  {
>  	.l3proto		= PF_INET,
> @@ -418,4 +423,5 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly =
>  	},
>  #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
>  	.init_net		= icmp_init_net,
> +	.get_net_proto		= icmp_get_net_proto,
>  };
> diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
> index 9fc5cf5..2d54b20 100644
> --- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
> +++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
> @@ -358,6 +358,11 @@ static int icmpv6_init_net(struct net *net, u_int16_t proto)
>  	return icmpv6_kmemdup_sysctl_table(pn, in);
>  }
>  
> +static struct nf_proto_net *icmpv6_get_net_proto(struct net *net)
> +{
> +	return &net->ct.nf_ct_proto.icmpv6.pn;
> +}
> +
>  struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 __read_mostly =
>  {
>  	.l3proto		= PF_INET6,
> @@ -386,4 +391,5 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 __read_mostly =
>  	},
>  #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
>  	.init_net		= icmpv6_init_net,
> +	.get_net_proto		= icmpv6_get_net_proto,
>  };
> diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
> index 21b850c..0dc6385 100644
> --- a/net/netfilter/nf_conntrack_proto.c
> +++ b/net/netfilter/nf_conntrack_proto.c
> @@ -303,22 +303,12 @@ EXPORT_SYMBOL_GPL(nf_conntrack_l3proto_unregister);
>  static struct nf_proto_net *nf_ct_l4proto_net(struct net *net,
>  					      struct nf_conntrack_l4proto *l4proto)
>  {
> -	switch (l4proto->l4proto) {
> -	case IPPROTO_TCP:
> -		return (struct nf_proto_net *)&net->ct.nf_ct_proto.tcp;
> -	case IPPROTO_UDP:
> -		return (struct nf_proto_net *)&net->ct.nf_ct_proto.udp;
> -	case IPPROTO_ICMP:
> -		return (struct nf_proto_net *)&net->ct.nf_ct_proto.icmp;
> -	case IPPROTO_ICMPV6:
> -		return (struct nf_proto_net *)&net->ct.nf_ct_proto.icmpv6;
> -	case 255: /* l4proto_generic */
> -		return (struct nf_proto_net *)&net->ct.nf_ct_proto.generic;
> -	default:
> -		if (l4proto->net_id)
> -			return net_generic(net, *l4proto->net_id);
> -		else
> -			return NULL;
> +	if (l4proto->get_net_proto) {
> +		/* statically built-in protocols use static per-net */
> +		return l4proto->get_net_proto(net);
> +	} else if (l4proto->net_id) {
> +		/* ... and loadable protocols use dynamic per-net */
> +		return net_generic(net, *l4proto->net_id);
>  	}
>  	return NULL;
>  }
> diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c
> index 7c11c54..d25f293 100644
> --- a/net/netfilter/nf_conntrack_proto_generic.c
> +++ b/net/netfilter/nf_conntrack_proto_generic.c
> @@ -186,6 +186,11 @@ static int generic_init_net(struct net *net, u_int16_t proto)
>  	return ret;
>  }
>  
> +static struct nf_proto_net *generic_get_net_proto(struct net *net)
> +{
> +	return &net->ct.nf_ct_proto.generic.pn;
> +}
> +
>  struct nf_conntrack_l4proto nf_conntrack_l4proto_generic __read_mostly =
>  {
>  	.l3proto		= PF_UNSPEC,
> @@ -207,4 +212,5 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_generic __read_mostly =
>  	},
>  #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
>  	.init_net		= generic_init_net,
> +	.get_net_proto		= generic_get_net_proto,
>  };
> diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
> index 44f0da8..07e56ea 100644
> --- a/net/netfilter/nf_conntrack_proto_tcp.c
> +++ b/net/netfilter/nf_conntrack_proto_tcp.c
> @@ -1623,6 +1623,11 @@ static int tcp_init_net(struct net *net, u_int16_t proto)
>  	return ret;
>  }
>  
> +static struct nf_proto_net *tcp_get_net_proto(struct net *net)
> +{
> +	return &net->ct.nf_ct_proto.tcp.pn;
> +}
> +
>  struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 __read_mostly =
>  {
>  	.l3proto		= PF_INET,
> @@ -1656,6 +1661,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp4 __read_mostly =
>  	},
>  #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
>  	.init_net		= tcp_init_net,
> +	.get_net_proto		= tcp_get_net_proto,
>  };
>  EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp4);
>  
> @@ -1692,5 +1698,6 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_tcp6 __read_mostly =
>  	},
>  #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
>  	.init_net		= tcp_init_net,
> +	.get_net_proto		= tcp_get_net_proto,
>  };
>  EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_tcp6);
> diff --git a/net/netfilter/nf_conntrack_proto_udp.c b/net/netfilter/nf_conntrack_proto_udp.c
> index e7e0434..59623cc 100644
> --- a/net/netfilter/nf_conntrack_proto_udp.c
> +++ b/net/netfilter/nf_conntrack_proto_udp.c
> @@ -297,6 +297,11 @@ static int udp_init_net(struct net *net, u_int16_t proto)
>  	return ret;
>  }
>  
> +static struct nf_proto_net *udp_get_net_proto(struct net *net)
> +{
> +	return &net->ct.nf_ct_proto.udp.pn;
> +}
> +
>  struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 __read_mostly =
>  {
>  	.l3proto		= PF_INET,
> @@ -325,6 +330,7 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp4 __read_mostly =
>  	},
>  #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
>  	.init_net		= udp_init_net,
> +	.get_net_proto		= udp_get_net_proto,
>  };
>  EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp4);
>  
> @@ -356,5 +362,6 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_udp6 __read_mostly =
>  	},
>  #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
>  	.init_net		= udp_init_net,
> +	.get_net_proto		= udp_get_net_proto,
>  };
>  EXPORT_SYMBOL_GPL(nf_conntrack_l4proto_udp6);

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

     prev parent reply	other threads:[~2012-06-30 12:28 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-06-29 15:23 [PATCH 1/2] netfilter: nf_conntrack: generalize nf_ct_l4proto_net pablo
2012-06-29 15:23 ` [PATCH 2/2] netfilter: nf_ct_tcp: missing per-net support for cttimeout pablo
2012-06-30 12:32   ` Gao feng
2012-06-30 12:29 ` Gao feng [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4FEEF112.1080004@cn.fujitsu.com \
    --to=gaofeng@cn.fujitsu.com \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.