Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3a8fc53a authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_ct_helper: allocate 16 bytes for the helper and policy names 



This patch modifies the struct nf_conntrack_helper to allocate
the room for the helper name. The maximum length is 16 bytes
(this was already introduced in 2.6.24).

For the maximum length for expectation policy names, I have
also selected 16 bytes.

This patch is required by the follow-up patch to support
user-space connection tracking helpers.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent d0daebc3

include/net/netfilter/nf_conntrack_expect.h

+3 −1
Original line number Original line Diff line number Diff line
@@ -59,10 +59,12 @@ static inline struct net *nf_ct_exp_net(struct nf_conntrack_expect *exp) 
	return nf_ct_net(exp->master);

	return nf_ct_net(exp->master);

}

}





#define NF_CT_EXP_POLICY_NAME_LEN	16



struct nf_conntrack_expect_policy {

struct nf_conntrack_expect_policy {

	unsigned int	max_expected;

	unsigned int	max_expected;

	unsigned int	timeout;

	unsigned int	timeout;

	const char	*name;

	char		name[NF_CT_EXP_POLICY_NAME_LEN];

};

};





#define NF_CT_EXPECT_CLASS_DEFAULT	0

#define NF_CT_EXPECT_CLASS_DEFAULT	0

include/net/netfilter/nf_conntrack_helper.h

+1 −1
Original line number Original line Diff line number Diff line
@@ -19,7 +19,7 @@ struct module; 
struct nf_conntrack_helper {

struct nf_conntrack_helper {

	struct hlist_node hnode;	/* Internal use. */

	struct hlist_node hnode;	/* Internal use. */





	const char *name;		/* name of the module */

	char name[NF_CT_HELPER_NAME_LEN]; /* name of the module */

	struct module *me;		/* pointer to self */

	struct module *me;		/* pointer to self */

	const struct nf_conntrack_expect_policy *expect_policy;

	const struct nf_conntrack_expect_policy *expect_policy;

net/netfilter/nf_conntrack_ftp.c

+2 −6
Original line number Original line Diff line number Diff line
@@ -512,7 +512,6 @@ out_update_nl: 
}

}





static struct nf_conntrack_helper ftp[MAX_PORTS][2] __read_mostly;

static struct nf_conntrack_helper ftp[MAX_PORTS][2] __read_mostly;

static char ftp_names[MAX_PORTS][2][sizeof("ftp-65535")] __read_mostly;





static const struct nf_conntrack_expect_policy ftp_exp_policy = {

static const struct nf_conntrack_expect_policy ftp_exp_policy = {

	.max_expected	= 1,

	.max_expected	= 1,
@@ -541,7 +540,6 @@ static void nf_conntrack_ftp_fini(void) 
static int __init nf_conntrack_ftp_init(void)

static int __init nf_conntrack_ftp_init(void)

{

{

	int i, j = -1, ret = 0;

	int i, j = -1, ret = 0;

	char *tmpname;





	ftp_buffer = kmalloc(65536, GFP_KERNEL);

	ftp_buffer = kmalloc(65536, GFP_KERNEL);

	if (!ftp_buffer)

	if (!ftp_buffer)
@@ -561,12 +559,10 @@ static int __init nf_conntrack_ftp_init(void) 
			ftp[i][j].expect_policy = &ftp_exp_policy;

			ftp[i][j].expect_policy = &ftp_exp_policy;

			ftp[i][j].me = THIS_MODULE;

			ftp[i][j].me = THIS_MODULE;

			ftp[i][j].help = help;

			ftp[i][j].help = help;

			tmpname = &ftp_names[i][j][0];

			if (ports[i] == FTP_PORT)

			if (ports[i] == FTP_PORT)

				sprintf(tmpname, "ftp");

				sprintf(ftp[i][j].name, "ftp");

			else

			else

				sprintf(tmpname, "ftp-%d", ports[i]);

				sprintf(ftp[i][j].name, "ftp-%d", ports[i]);

			ftp[i][j].name = tmpname;





			pr_debug("nf_ct_ftp: registering helper for pf: %d "

			pr_debug("nf_ct_ftp: registering helper for pf: %d "

				 "port: %d\n",

				 "port: %d\n",

net/netfilter/nf_conntrack_irc.c

+2 −6
Original line number Original line Diff line number Diff line
@@ -221,7 +221,6 @@ static int help(struct sk_buff *skb, unsigned int protoff, 
}

}





static struct nf_conntrack_helper irc[MAX_PORTS] __read_mostly;

static struct nf_conntrack_helper irc[MAX_PORTS] __read_mostly;

static char irc_names[MAX_PORTS][sizeof("irc-65535")] __read_mostly;

static struct nf_conntrack_expect_policy irc_exp_policy;

static struct nf_conntrack_expect_policy irc_exp_policy;





static void nf_conntrack_irc_fini(void);

static void nf_conntrack_irc_fini(void);
@@ -229,7 +228,6 @@ static void nf_conntrack_irc_fini(void); 
static int __init nf_conntrack_irc_init(void)

static int __init nf_conntrack_irc_init(void)

{

{

	int i, ret;

	int i, ret;

	char *tmpname;





	if (max_dcc_channels < 1) {

	if (max_dcc_channels < 1) {

		printk(KERN_ERR "nf_ct_irc: max_dcc_channels must not be zero\n");

		printk(KERN_ERR "nf_ct_irc: max_dcc_channels must not be zero\n");
@@ -255,12 +253,10 @@ static int __init nf_conntrack_irc_init(void) 
		irc[i].me = THIS_MODULE;

		irc[i].me = THIS_MODULE;

		irc[i].help = help;

		irc[i].help = help;





		tmpname = &irc_names[i][0];

		if (ports[i] == IRC_PORT)

		if (ports[i] == IRC_PORT)

			sprintf(tmpname, "irc");

			sprintf(irc[i].name, "irc");

		else

		else

			sprintf(tmpname, "irc-%u", i);

			sprintf(irc[i].name, "irc-%u", i);

		irc[i].name = tmpname;





		ret = nf_conntrack_helper_register(&irc[i]);

		ret = nf_conntrack_helper_register(&irc[i]);

		if (ret) {

		if (ret) {

net/netfilter/nf_conntrack_sane.c

+2 −6
Original line number Original line Diff line number Diff line
@@ -163,7 +163,6 @@ out: 
}

}





static struct nf_conntrack_helper sane[MAX_PORTS][2] __read_mostly;

static struct nf_conntrack_helper sane[MAX_PORTS][2] __read_mostly;

static char sane_names[MAX_PORTS][2][sizeof("sane-65535")] __read_mostly;





static const struct nf_conntrack_expect_policy sane_exp_policy = {

static const struct nf_conntrack_expect_policy sane_exp_policy = {

	.max_expected	= 1,

	.max_expected	= 1,
@@ -190,7 +189,6 @@ static void nf_conntrack_sane_fini(void) 
static int __init nf_conntrack_sane_init(void)

static int __init nf_conntrack_sane_init(void)

{

{

	int i, j = -1, ret = 0;

	int i, j = -1, ret = 0;

	char *tmpname;





	sane_buffer = kmalloc(65536, GFP_KERNEL);

	sane_buffer = kmalloc(65536, GFP_KERNEL);

	if (!sane_buffer)

	if (!sane_buffer)
@@ -210,12 +208,10 @@ static int __init nf_conntrack_sane_init(void) 
			sane[i][j].expect_policy = &sane_exp_policy;

			sane[i][j].expect_policy = &sane_exp_policy;

			sane[i][j].me = THIS_MODULE;

			sane[i][j].me = THIS_MODULE;

			sane[i][j].help = help;

			sane[i][j].help = help;

			tmpname = &sane_names[i][j][0];

			if (ports[i] == SANE_PORT)

			if (ports[i] == SANE_PORT)

				sprintf(tmpname, "sane");

				sprintf(sane[i][j].name, "sane");

			else

			else

				sprintf(tmpname, "sane-%d", ports[i]);

				sprintf(sane[i][j].name, "sane-%d", ports[i]);

			sane[i][j].name = tmpname;





			pr_debug("nf_ct_sane: registering helper for pf: %d "

			pr_debug("nf_ct_sane: registering helper for pf: %d "

				 "port: %d\n",

				 "port: %d\n",