Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dcf67740 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: helper: add build-time asserts for helper data size 



add a 32 byte scratch area in the helper struct instead of relying
on variable sized helpers plus compile-time asserts to let us know
if 32 bytes aren't enough anymore.

Not having variable sized helpers will later allow to add BUILD_BUG_ON
for the total size of conntrack extensions -- the helper extension is
the only one that doesn't have a fixed size.

The (useless!) NF_CT_HELPER_BUILD_BUG_ON(0); are added so that in case
someone adds a new helper and copy-pastes from one that doesn't store
private data at least some indication that this macro should be used
somehow is there...

Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 906535b0

include/net/netfilter/nf_conntrack_helper.h

+4 −1
Original line number Diff line number Diff line
@@ -66,9 +66,12 @@ struct nf_conn_help { 
	u8 expecting[NF_CT_MAX_EXPECT_CLASSES];



	/* private helper information. */

	char data[];

	char data[32] __aligned(8);

};



#define NF_CT_HELPER_BUILD_BUG_ON(structsize) \

	BUILD_BUG_ON((structsize) > FIELD_SIZEOF(struct nf_conn_help, data))



struct nf_conntrack_helper *__nf_conntrack_helper_find(const char *name,

						       u16 l3num, u8 protonum);

net/netfilter/nf_conntrack_amanda.c

+2 −0
Original line number Diff line number Diff line
@@ -207,6 +207,8 @@ static int __init nf_conntrack_amanda_init(void) 
{

	int ret, i;



	NF_CT_HELPER_BUILD_BUG_ON(0);



	for (i = 0; i < ARRAY_SIZE(search); i++) {

		search[i].ts = textsearch_prepare(ts_algo, search[i].string,

						  search[i].len,

net/netfilter/nf_conntrack_ftp.c

+2 −0
Original line number Diff line number Diff line
@@ -577,6 +577,8 @@ static int __init nf_conntrack_ftp_init(void) 
{

	int i, ret = 0;



	NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_ftp_master));



	ftp_buffer = kmalloc(65536, GFP_KERNEL);

	if (!ftp_buffer)

		return -ENOMEM;

net/netfilter/nf_conntrack_h323_main.c

+2 −0
Original line number Diff line number Diff line
@@ -1836,6 +1836,8 @@ static int __init nf_conntrack_h323_init(void) 
{

	int ret;



	NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_h323_master));



	h323_buffer = kmalloc(65536, GFP_KERNEL);

	if (!h323_buffer)

		return -ENOMEM;

net/netfilter/nf_conntrack_netbios_ns.c

+2 −0
Original line number Diff line number Diff line
@@ -58,6 +58,8 @@ static struct nf_conntrack_helper helper __read_mostly = { 


static int __init nf_conntrack_netbios_ns_init(void)

{

	NF_CT_HELPER_BUILD_BUG_ON(0);



	exp_policy.timeout = timeout;

	return nf_conntrack_helper_register(&helper);

}