From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org
Subject: [PATCH 29/53] netfilter: helpers: remove data_len usage for inkernel helpers
Date: Mon, 1 May 2017 12:46:56 +0200 [thread overview]
Message-ID: <1493635640-24325-30-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1493635640-24325-1-git-send-email-pablo@netfilter.org>
From: Florian Westphal <fw@strlen.de>
No need to track this for inkernel helpers anymore as
NF_CT_HELPER_BUILD_BUG_ON checks do this now.
All inkernel helpers know what kind of structure they
stored in helper->data.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/net/netfilter/nf_conntrack_helper.h | 11 ++++++-----
net/netfilter/nf_conntrack_ftp.c | 6 ++----
net/netfilter/nf_conntrack_h323_main.c | 4 ----
net/netfilter/nf_conntrack_helper.c | 6 ++----
net/netfilter/nf_conntrack_irc.c | 2 +-
net/netfilter/nf_conntrack_pptp.c | 1 -
net/netfilter/nf_conntrack_sane.c | 6 ++----
net/netfilter/nf_conntrack_sip.c | 12 ++++--------
net/netfilter/nf_conntrack_tftp.c | 4 ++--
9 files changed, 19 insertions(+), 33 deletions(-)
diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h
index 29539ed1008f..e04fa7691e5d 100644
--- a/include/net/netfilter/nf_conntrack_helper.h
+++ b/include/net/netfilter/nf_conntrack_helper.h
@@ -29,9 +29,6 @@ struct nf_conntrack_helper {
struct module *me; /* pointer to self */
const struct nf_conntrack_expect_policy *expect_policy;
- /* length of internal data, ie. sizeof(struct nf_ct_*_master) */
- size_t data_len;
-
/* Tuple of things we will help (compared against server response) */
struct nf_conntrack_tuple tuple;
@@ -49,7 +46,11 @@ struct nf_conntrack_helper {
unsigned int expect_class_max;
unsigned int flags;
- unsigned int queue_num; /* For user-space helpers. */
+
+ /* For user-space helpers: */
+ unsigned int queue_num;
+ /* length of userspace private data stored in nf_conn_help->data */
+ u16 data_len;
};
/* Must be kept in sync with the classes defined by helpers */
@@ -82,7 +83,7 @@ void nf_ct_helper_init(struct nf_conntrack_helper *helper,
u16 l3num, u16 protonum, const char *name,
u16 default_port, u16 spec_port, u32 id,
const struct nf_conntrack_expect_policy *exp_pol,
- u32 expect_class_max, u32 data_len,
+ u32 expect_class_max,
int (*help)(struct sk_buff *skb, unsigned int protoff,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo),
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index 58e1256cd05d..f0e9a7511e1a 100644
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -591,12 +591,10 @@ static int __init nf_conntrack_ftp_init(void)
for (i = 0; i < ports_c; i++) {
nf_ct_helper_init(&ftp[2 * i], AF_INET, IPPROTO_TCP, "ftp",
FTP_PORT, ports[i], ports[i], &ftp_exp_policy,
- 0, sizeof(struct nf_ct_ftp_master), help,
- nf_ct_ftp_from_nlattr, THIS_MODULE);
+ 0, help, nf_ct_ftp_from_nlattr, THIS_MODULE);
nf_ct_helper_init(&ftp[2 * i + 1], AF_INET6, IPPROTO_TCP, "ftp",
FTP_PORT, ports[i], ports[i], &ftp_exp_policy,
- 0, sizeof(struct nf_ct_ftp_master), help,
- nf_ct_ftp_from_nlattr, THIS_MODULE);
+ 0, help, nf_ct_ftp_from_nlattr, THIS_MODULE);
}
ret = nf_conntrack_helpers_register(ftp, ports_c * 2);
diff --git a/net/netfilter/nf_conntrack_h323_main.c b/net/netfilter/nf_conntrack_h323_main.c
index e98204349efe..3bcdc718484e 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
@@ -637,7 +637,6 @@ static const struct nf_conntrack_expect_policy h245_exp_policy = {
static struct nf_conntrack_helper nf_conntrack_helper_h245 __read_mostly = {
.name = "H.245",
.me = THIS_MODULE,
- .data_len = sizeof(struct nf_ct_h323_master),
.tuple.src.l3num = AF_UNSPEC,
.tuple.dst.protonum = IPPROTO_UDP,
.help = h245_help,
@@ -1215,7 +1214,6 @@ static struct nf_conntrack_helper nf_conntrack_helper_q931[] __read_mostly = {
{
.name = "Q.931",
.me = THIS_MODULE,
- .data_len = sizeof(struct nf_ct_h323_master),
.tuple.src.l3num = AF_INET,
.tuple.src.u.tcp.port = cpu_to_be16(Q931_PORT),
.tuple.dst.protonum = IPPROTO_TCP,
@@ -1800,7 +1798,6 @@ static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = {
{
.name = "RAS",
.me = THIS_MODULE,
- .data_len = sizeof(struct nf_ct_h323_master),
.tuple.src.l3num = AF_INET,
.tuple.src.u.udp.port = cpu_to_be16(RAS_PORT),
.tuple.dst.protonum = IPPROTO_UDP,
@@ -1810,7 +1807,6 @@ static struct nf_conntrack_helper nf_conntrack_helper_ras[] __read_mostly = {
{
.name = "RAS",
.me = THIS_MODULE,
- .data_len = sizeof(struct nf_ct_h323_master),
.tuple.src.l3num = AF_INET6,
.tuple.src.u.udp.port = cpu_to_be16(RAS_PORT),
.tuple.dst.protonum = IPPROTO_UDP,
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index 33ebb78649f8..8239b4406f56 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -178,8 +178,7 @@ nf_ct_helper_ext_add(struct nf_conn *ct,
{
struct nf_conn_help *help;
- help = nf_ct_ext_add_length(ct, NF_CT_EXT_HELPER,
- helper->data_len, gfp);
+ help = nf_ct_ext_add(ct, NF_CT_EXT_HELPER, gfp);
if (help)
INIT_HLIST_HEAD(&help->expectations);
else
@@ -484,7 +483,7 @@ void nf_ct_helper_init(struct nf_conntrack_helper *helper,
u16 l3num, u16 protonum, const char *name,
u16 default_port, u16 spec_port, u32 id,
const struct nf_conntrack_expect_policy *exp_pol,
- u32 expect_class_max, u32 data_len,
+ u32 expect_class_max,
int (*help)(struct sk_buff *skb, unsigned int protoff,
struct nf_conn *ct,
enum ip_conntrack_info ctinfo),
@@ -497,7 +496,6 @@ void nf_ct_helper_init(struct nf_conntrack_helper *helper,
helper->tuple.src.u.all = htons(spec_port);
helper->expect_policy = exp_pol;
helper->expect_class_max = expect_class_max;
- helper->data_len = data_len;
helper->help = help;
helper->from_nlattr = from_nlattr;
helper->me = module;
diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c
index 1a5af4d4af2d..5523acce9d69 100644
--- a/net/netfilter/nf_conntrack_irc.c
+++ b/net/netfilter/nf_conntrack_irc.c
@@ -263,7 +263,7 @@ static int __init nf_conntrack_irc_init(void)
for (i = 0; i < ports_c; i++) {
nf_ct_helper_init(&irc[i], AF_INET, IPPROTO_TCP, "irc",
IRC_PORT, ports[i], i, &irc_exp_policy,
- 0, 0, help, NULL, THIS_MODULE);
+ 0, help, NULL, THIS_MODULE);
}
ret = nf_conntrack_helpers_register(&irc[0], ports_c);
diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c
index 34fac4c52c4c..126031909fc7 100644
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -596,7 +596,6 @@ static const struct nf_conntrack_expect_policy pptp_exp_policy = {
static struct nf_conntrack_helper pptp __read_mostly = {
.name = "pptp",
.me = THIS_MODULE,
- .data_len = sizeof(struct nf_ct_pptp_master),
.tuple.src.l3num = AF_INET,
.tuple.src.u.tcp.port = cpu_to_be16(PPTP_CONTROL_PORT),
.tuple.dst.protonum = IPPROTO_TCP,
diff --git a/net/netfilter/nf_conntrack_sane.c b/net/netfilter/nf_conntrack_sane.c
index 1121db08d048..ae457f39d5ce 100644
--- a/net/netfilter/nf_conntrack_sane.c
+++ b/net/netfilter/nf_conntrack_sane.c
@@ -198,13 +198,11 @@ static int __init nf_conntrack_sane_init(void)
for (i = 0; i < ports_c; i++) {
nf_ct_helper_init(&sane[2 * i], AF_INET, IPPROTO_TCP, "sane",
SANE_PORT, ports[i], ports[i],
- &sane_exp_policy, 0,
- sizeof(struct nf_ct_sane_master), help, NULL,
+ &sane_exp_policy, 0, help, NULL,
THIS_MODULE);
nf_ct_helper_init(&sane[2 * i + 1], AF_INET6, IPPROTO_TCP, "sane",
SANE_PORT, ports[i], ports[i],
- &sane_exp_policy, 0,
- sizeof(struct nf_ct_sane_master), help, NULL,
+ &sane_exp_policy, 0, help, NULL,
THIS_MODULE);
}
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 79bbcc4d52ee..d38af4274335 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -1630,23 +1630,19 @@ static int __init nf_conntrack_sip_init(void)
for (i = 0; i < ports_c; i++) {
nf_ct_helper_init(&sip[4 * i], AF_INET, IPPROTO_UDP, "sip",
SIP_PORT, ports[i], i, sip_exp_policy,
- SIP_EXPECT_MAX,
- sizeof(struct nf_ct_sip_master), sip_help_udp,
+ SIP_EXPECT_MAX, sip_help_udp,
NULL, THIS_MODULE);
nf_ct_helper_init(&sip[4 * i + 1], AF_INET, IPPROTO_TCP, "sip",
SIP_PORT, ports[i], i, sip_exp_policy,
- SIP_EXPECT_MAX,
- sizeof(struct nf_ct_sip_master), sip_help_tcp,
+ SIP_EXPECT_MAX, sip_help_tcp,
NULL, THIS_MODULE);
nf_ct_helper_init(&sip[4 * i + 2], AF_INET6, IPPROTO_UDP, "sip",
SIP_PORT, ports[i], i, sip_exp_policy,
- SIP_EXPECT_MAX,
- sizeof(struct nf_ct_sip_master), sip_help_udp,
+ SIP_EXPECT_MAX, sip_help_udp,
NULL, THIS_MODULE);
nf_ct_helper_init(&sip[4 * i + 3], AF_INET6, IPPROTO_TCP, "sip",
SIP_PORT, ports[i], i, sip_exp_policy,
- SIP_EXPECT_MAX,
- sizeof(struct nf_ct_sip_master), sip_help_tcp,
+ SIP_EXPECT_MAX, sip_help_tcp,
NULL, THIS_MODULE);
}
diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c
index 27e2f6f904dc..0ec6779fd5d9 100644
--- a/net/netfilter/nf_conntrack_tftp.c
+++ b/net/netfilter/nf_conntrack_tftp.c
@@ -121,10 +121,10 @@ static int __init nf_conntrack_tftp_init(void)
for (i = 0; i < ports_c; i++) {
nf_ct_helper_init(&tftp[2 * i], AF_INET, IPPROTO_UDP, "tftp",
TFTP_PORT, ports[i], i, &tftp_exp_policy,
- 0, 0, tftp_help, NULL, THIS_MODULE);
+ 0, tftp_help, NULL, THIS_MODULE);
nf_ct_helper_init(&tftp[2 * i + 1], AF_INET6, IPPROTO_UDP, "tftp",
TFTP_PORT, ports[i], i, &tftp_exp_policy,
- 0, 0, tftp_help, NULL, THIS_MODULE);
+ 0, tftp_help, NULL, THIS_MODULE);
}
ret = nf_conntrack_helpers_register(tftp, ports_c * 2);
--
2.1.4
next prev parent reply other threads:[~2017-05-01 10:46 UTC|newest]
Thread overview: 57+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-01 10:46 [PATCH 00/53] Netfilter/IPVS updates for net-next Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 01/53] netfilter: ipvs: don't check for presence of nat extension Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 02/53] netfilter: ipvs: Replace kzalloc with kcalloc Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 03/53] ipvs: remove unused variable Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 04/53] netfilter: nf_tables: add nft_is_base_chain() helper Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 05/53] netfilter: expect: Make sure the max_expected limit is effective Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 06/53] netfilter: nf_ct_expect: Add nf_ct_remove_expect() Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 07/53] netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 08/53] netfilter: nat: avoid use of nf_conn_nat extension Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 09/53] netfilter: ctnetlink: Expectations must have a conntrack helper area Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 10/53] netfilter: Add nfnl_msg_type() helper function Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 11/53] netfilter: Remove unnecessary cast on void pointer Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 12/53] netfilter: Use seq_puts()/seq_putc() where possible Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 13/53] net: netfilter: Use list_{next/prev}_entry instead of list_entry Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 14/53] netfilter: Remove exceptional & on function name Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 15/53] netfilter: ip6_tables: Remove unneccessary comments Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 16/53] netfilter: udplite: Remove duplicated udplite4/6 declaration Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 17/53] netfilter: nat: remove rcu_read_lock in __nf_nat_decode_session Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 18/53] netfilter: nf_tables: remove double return statement Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 19/53] netfilter: nf_conntrack: remove double assignment Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 20/53] ipset: remove unused function __ip_set_get_netlink Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 21/53] netfilter: nf_nat: Fix return NF_DROP in nfnetlink_parse_nat_setup Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 22/53] netfilter: ecache: Refine the nf_ct_deliver_cached_events Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 23/53] netfilter: kill the fake untracked conntrack objects Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 24/53] netfilter: remove nf_ct_is_untracked Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 25/53] netfilter: nft_ct: allow to set ctnetlink event types of a connection Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 26/53] netfilter: conntrack: move helper struct to nf_conntrack_helper.h Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 27/53] netfilter: helper: add build-time asserts for helper data size Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 28/53] netfilter: nfnetlink_cthelper: reject too large userspace allocation requests Pablo Neira Ayuso
2017-05-01 10:46 ` Pablo Neira Ayuso [this message]
2017-05-01 10:46 ` [PATCH 30/53] netfilter: remove last traces of variable-sized extensions Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 31/53] netfilter: conntrack: use u8 for extension sizes again Pablo Neira Ayuso
2017-05-01 10:46 ` [PATCH 32/53] netfilter: allow early drop of assured conntracks Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 33/53] nefilter: eache: reduce struct size from 32 to 24 byte Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 34/53] netfilter: ipvs: fix incorrect conflict resolution Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 35/53] netfilter: tcp: Use TCP_MAX_WSCALE instead of literal 14 Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 36/53] netfilter: synproxy: only register hooks when needed Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 37/53] ipvs: convert to use pernet nf_hook api Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 38/53] netfilter: decnet: only register hooks in init namespace Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 39/53] ebtables: remove nf_hook_register usage Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 40/53] netfilter: SYNPROXY: Return NF_STOLEN instead of NF_DROP during handshaking Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 41/53] netfilter: conntrack: remove prealloc support Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 42/53] netfilter: conntrack: mark extension structs as const Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 43/53] netfilter: conntrack: handle initial extension alloc via krealloc Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 44/53] netfilter: masquerade: attach nat extension if not present Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 45/53] netfilter: pptp: attach nat extension when needed Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 46/53] netfilter: don't attach a nat extension by default Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 47/53] ipvs: remove unused function ip_vs_set_state_timeout Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 48/53] ipvs: change comparison on sync_refresh_period Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 49/53] netfilter: batch synchronize_net calls during hook unregister Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 50/53] netfilter: nf_log: don't call synchronize_rcu in nf_log_unset Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 51/53] netfilter: nf_queue: only call synchronize_net twice if nf_queue is active Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 52/53] netfilter: snmp: avoid stack size warning Pablo Neira Ayuso
2017-05-01 10:47 ` [PATCH 53/53] netfilter: nf_ct_ext: invoke destroy even when ext is not attached Pablo Neira Ayuso
2017-05-01 10:53 ` [PATCH 00/53] Netfilter/IPVS updates for net-next Pablo Neira Ayuso
2017-05-01 14:48 ` David Miller
2017-05-01 14:47 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1493635640-24325-30-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).