{"id":809462,"url":"http://patchwork.ozlabs.org/api/1.2/patches/809462/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/1504478435-13160-10-git-send-email-pablo@netfilter.org/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/1.2/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<1504478435-13160-10-git-send-email-pablo@netfilter.org>","list_archive_url":null,"date":"2017-09-03T22:40:20","name":"[32/47] netfilter: conntrack: compute l3proto nla size at compile time","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"383f28ff61d6e08768d6dcf16fe2761b9e59ea14","submitter":{"id":1315,"url":"http://patchwork.ozlabs.org/api/1.2/people/1315/?format=json","name":"Pablo Neira Ayuso","email":"pablo@netfilter.org"},"delegate":{"id":6139,"url":"http://patchwork.ozlabs.org/api/1.2/users/6139/?format=json","username":"pablo","first_name":"Pablo","last_name":"Neira","email":"pablo@netfilter.org"},"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/1504478435-13160-10-git-send-email-pablo@netfilter.org/mbox/","series":[{"id":1282,"url":"http://patchwork.ozlabs.org/api/1.2/series/1282/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=1282","date":"2017-09-03T22:40:11","name":null,"version":1,"mbox":"http://patchwork.ozlabs.org/series/1282/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/809462/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/809462/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netfilter-devel-owner@vger.kernel.org>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netfilter-devel-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xlp2D1fVMz9s06\n\tfor <incoming@patchwork.ozlabs.org>;\n\tMon,  4 Sep 2017 08:44:36 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1753323AbdICWlH (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n\tSun, 3 Sep 2017 18:41:07 -0400","from mail.us.es ([193.147.175.20]:52762 \"EHLO mail.us.es\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1753303AbdICWlA (ORCPT <rfc822; netfilter-devel@vger.kernel.org>);\n\tSun, 3 Sep 2017 18:41:00 -0400","from antivirus1-rhel7.int (unknown [192.168.2.11])\n\tby mail.us.es (Postfix) with ESMTP id 65545190F62\n\tfor <netfilter-devel@vger.kernel.org>;\n\tMon,  4 Sep 2017 00:40:33 +0200 (CEST)","from antivirus1-rhel7.int (localhost [127.0.0.1])\n\tby antivirus1-rhel7.int (Postfix) with ESMTP id 52D0BB5030\n\tfor <netfilter-devel@vger.kernel.org>;\n\tMon,  4 Sep 2017 00:40:33 +0200 (CEST)","by antivirus1-rhel7.int (Postfix, from userid 99)\n\tid 489B5B502D; Mon,  4 Sep 2017 00:40:33 +0200 (CEST)","from antivirus1-rhel7.int (localhost [127.0.0.1])\n\tby antivirus1-rhel7.int (Postfix) with ESMTP id 1B1CBB5026;\n\tMon,  4 Sep 2017 00:40:31 +0200 (CEST)","from 192.168.1.97 (192.168.1.97) by antivirus1-rhel7.int\n\t(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int); \n\tMon, 04 Sep 2017 00:40:31 +0200 (CEST)","from salvia.here (unknown [31.4.193.113])\n\t(Authenticated sender: 1984lsi)\n\tby entrada.int (Postfix) with ESMTPA id B57864265A20;\n\tMon,  4 Sep 2017 00:40:30 +0200 (CEST)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.1 (2015-04-28) on\n\tantivirus1-rhel7.int","X-Spam-Level":"","X-Spam-Status":"No, score=-108.2 required=7.5 tests=ALL_TRUSTED,BAYES_50,\n\tSMTPAUTH_US2,USER_IN_WHITELIST autolearn=disabled version=3.4.1","X-Virus-Status":"clean(F-Secure/fsigk_smtp/550/antivirus1-rhel7.int)","X-SMTPAUTHUS":"auth mail.us.es","From":"Pablo Neira Ayuso <pablo@netfilter.org>","To":"netfilter-devel@vger.kernel.org","Cc":"davem@davemloft.net, netdev@vger.kernel.org","Subject":"[PATCH 32/47] netfilter: conntrack: compute l3proto nla size at\n\tcompile time","Date":"Mon,  4 Sep 2017 00:40:20 +0200","Message-Id":"<1504478435-13160-10-git-send-email-pablo@netfilter.org>","X-Mailer":"git-send-email 2.1.4","In-Reply-To":"<1504478435-13160-1-git-send-email-pablo@netfilter.org>","References":"<1504478435-13160-1-git-send-email-pablo@netfilter.org>","X-Virus-Scanned":"ClamAV using ClamSMTP","Sender":"netfilter-devel-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netfilter-devel.vger.kernel.org>","X-Mailing-List":"netfilter-devel@vger.kernel.org"},"content":"From: Florian Westphal <fw@strlen.de>\n\navoids a pointer and allows struct to be const later on.\n\nSigned-off-by: Florian Westphal <fw@strlen.de>\nSigned-off-by: Pablo Neira Ayuso <pablo@netfilter.org>\n---\n include/net/netfilter/nf_conntrack_l3proto.h   | 19 ++++++++-----------\n net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 13 +++++++------\n net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 14 ++++++++------\n net/netfilter/nf_conntrack_netlink.c           |  3 ++-\n net/netfilter/nf_conntrack_proto.c             |  9 +++------\n 5 files changed, 28 insertions(+), 30 deletions(-)","diff":"diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h\nindex 1b8de164d744..6a27ffea7480 100644\n--- a/include/net/netfilter/nf_conntrack_l3proto.h\n+++ b/include/net/netfilter/nf_conntrack_l3proto.h\n@@ -20,6 +20,9 @@ struct nf_conntrack_l3proto {\n \t/* L3 Protocol Family number. ex) PF_INET */\n \tu_int16_t l3proto;\n \n+\t/* size of tuple nlattr, fills a hole */\n+\tu16 nla_size;\n+\n \t/* Protocol name */\n \tconst char *name;\n \n@@ -49,23 +52,17 @@ struct nf_conntrack_l3proto {\n \tint (*get_l4proto)(const struct sk_buff *skb, unsigned int nhoff,\n \t\t\t   unsigned int *dataoff, u_int8_t *protonum);\n \n+#if IS_ENABLED(CONFIG_NF_CT_NETLINK)\n \tint (*tuple_to_nlattr)(struct sk_buff *skb,\n \t\t\t       const struct nf_conntrack_tuple *t);\n-\n-\t/* Called when netns wants to use connection tracking */\n-\tint (*net_ns_get)(struct net *);\n-\tvoid (*net_ns_put)(struct net *);\n-\n-\t/*\n-\t * Calculate size of tuple nlattr\n-\t */\n-\tint (*nlattr_tuple_size)(void);\n-\n \tint (*nlattr_to_tuple)(struct nlattr *tb[],\n \t\t\t       struct nf_conntrack_tuple *t);\n \tconst struct nla_policy *nla_policy;\n+#endif\n \n-\tsize_t nla_size;\n+\t/* Called when netns wants to use connection tracking */\n+\tint (*net_ns_get)(struct net *);\n+\tvoid (*net_ns_put)(struct net *);\n \n \t/* Module (if any) which this is connected to. */\n \tstruct module *me;\ndiff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c\nindex de5f0e6ddd1b..9fb8cb033d80 100644\n--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c\n+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c\n@@ -303,11 +303,6 @@ static int ipv4_nlattr_to_tuple(struct nlattr *tb[],\n \n \treturn 0;\n }\n-\n-static int ipv4_nlattr_tuple_size(void)\n-{\n-\treturn nla_policy_len(ipv4_nla_policy, CTA_IP_MAX + 1);\n-}\n #endif\n \n static struct nf_sockopt_ops so_getorigdst = {\n@@ -365,9 +360,10 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4 __read_mostly = {\n \t.get_l4proto\t = ipv4_get_l4proto,\n #if IS_ENABLED(CONFIG_NF_CT_NETLINK)\n \t.tuple_to_nlattr = ipv4_tuple_to_nlattr,\n-\t.nlattr_tuple_size = ipv4_nlattr_tuple_size,\n \t.nlattr_to_tuple = ipv4_nlattr_to_tuple,\n \t.nla_policy\t = ipv4_nla_policy,\n+\t.nla_size\t = NLA_ALIGN(NLA_HDRLEN + sizeof(u32)) + /* CTA_IP_V4_SRC */\n+\t\t\t   NLA_ALIGN(NLA_HDRLEN + sizeof(u32)),  /* CTA_IP_V4_DST */\n #endif\n \t.net_ns_get\t = ipv4_hooks_register,\n \t.net_ns_put\t = ipv4_hooks_unregister,\n@@ -421,6 +417,11 @@ static int __init nf_conntrack_l3proto_ipv4_init(void)\n \n \tneed_conntrack();\n \n+#if IS_ENABLED(CONFIG_NF_CT_NETLINK)\n+\tif (WARN_ON(nla_policy_len(ipv4_nla_policy, CTA_IP_MAX + 1) !=\n+\t    nf_conntrack_l3proto_ipv4.nla_size))\n+\t\treturn -EINVAL;\n+#endif\n \tret = nf_register_sockopt(&so_getorigdst);\n \tif (ret < 0) {\n \t\tpr_err(\"Unable to register netfilter socket option\\n\");\ndiff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c\nindex ddef5ee9e0a8..6b4d59fd0214 100644\n--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c\n+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c\n@@ -308,11 +308,6 @@ static int ipv6_nlattr_to_tuple(struct nlattr *tb[],\n \n \treturn 0;\n }\n-\n-static int ipv6_nlattr_tuple_size(void)\n-{\n-\treturn nla_policy_len(ipv6_nla_policy, CTA_IP_MAX + 1);\n-}\n #endif\n \n static int ipv6_hooks_register(struct net *net)\n@@ -360,9 +355,10 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv6 __read_mostly = {\n \t.get_l4proto\t\t= ipv6_get_l4proto,\n #if IS_ENABLED(CONFIG_NF_CT_NETLINK)\n \t.tuple_to_nlattr\t= ipv6_tuple_to_nlattr,\n-\t.nlattr_tuple_size\t= ipv6_nlattr_tuple_size,\n \t.nlattr_to_tuple\t= ipv6_nlattr_to_tuple,\n \t.nla_policy\t\t= ipv6_nla_policy,\n+\t.nla_size\t\t= NLA_ALIGN(NLA_HDRLEN + sizeof(u32[4])) +\n+\t\t\t\t  NLA_ALIGN(NLA_HDRLEN + sizeof(u32[4])),\n #endif\n \t.net_ns_get\t\t= ipv6_hooks_register,\n \t.net_ns_put\t\t= ipv6_hooks_unregister,\n@@ -421,6 +417,12 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)\n \n \tneed_conntrack();\n \n+#if IS_ENABLED(CONFIG_NF_CT_NETLINK)\n+\tif (WARN_ON(nla_policy_len(ipv6_nla_policy, CTA_IP_MAX + 1) !=\n+\t    nf_conntrack_l3proto_ipv6.nla_size))\n+\t\treturn -EINVAL;\n+#endif\n+\n \tret = nf_register_sockopt(&so_getorigdst6);\n \tif (ret < 0) {\n \t\tpr_err(\"Unable to register netfilter socket option\\n\");\ndiff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c\nindex f4ca48817f66..b59a453a0fd8 100644\n--- a/net/netfilter/nf_conntrack_netlink.c\n+++ b/net/netfilter/nf_conntrack_netlink.c\n@@ -540,7 +540,8 @@ static inline size_t ctnetlink_proto_size(const struct nf_conn *ct)\n \tsize_t len = 0;\n \n \tl3proto = __nf_ct_l3proto_find(nf_ct_l3num(ct));\n-\tlen += l3proto->nla_size;\n+\tlen = l3proto->nla_size;\n+\tlen *= 3u; /* ORIG, REPLY, MASTER */\n \n \tl4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct));\n \tlen += l4proto->nla_size;\ndiff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c\nindex 27810cf816a6..85104a27cc89 100644\n--- a/net/netfilter/nf_conntrack_proto.c\n+++ b/net/netfilter/nf_conntrack_proto.c\n@@ -214,10 +214,10 @@ int nf_ct_l3proto_register(struct nf_conntrack_l3proto *proto)\n \n \tif (proto->l3proto >= NFPROTO_NUMPROTO)\n \t\treturn -EBUSY;\n-\n-\tif (proto->tuple_to_nlattr && !proto->nlattr_tuple_size)\n+#if IS_ENABLED(CONFIG_NF_CT_NETLINK)\n+\tif (proto->tuple_to_nlattr && proto->nla_size == 0)\n \t\treturn -EINVAL;\n-\n+#endif\n \tmutex_lock(&nf_ct_proto_mutex);\n \told = rcu_dereference_protected(nf_ct_l3protos[proto->l3proto],\n \t\t\t\t\tlockdep_is_held(&nf_ct_proto_mutex));\n@@ -226,9 +226,6 @@ int nf_ct_l3proto_register(struct nf_conntrack_l3proto *proto)\n \t\tgoto out_unlock;\n \t}\n \n-\tif (proto->nlattr_tuple_size)\n-\t\tproto->nla_size = 3 * proto->nlattr_tuple_size();\n-\n \trcu_assign_pointer(nf_ct_l3protos[proto->l3proto], proto);\n \n out_unlock:\n","prefixes":["32/47"]}