[NETFILTER]: nf_conntrack: introduce extension infrastructure
Old space allocator of conntrack had problems about extensibility. - It required slab cache per combination of extensions. - It expected what extensions would be assigned, but it was impossible to expect that completely, then we allocated bigger memory object than really required. - It needed to search helper twice due to lock issue. Now basic informations of a connection are stored in 'struct nf_conn'. And a storage for extension (helper, NAT) is allocated by kmalloc. Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Yasuyuki Kozakai
committed by
David S. Miller
David S. Miller
parent
4ba887790c
commit
ecfab2c9fe
@ -131,6 +131,9 @@ struct nf_conn
|
||||
/* Storage reserved for other modules: */
|
||||
union nf_conntrack_proto proto;
|
||||
|
||||
/* Extensions */
|
||||
struct nf_ct_ext *ext;
|
||||
|
||||
/* features dynamically at the end: helper, nat (both optional) */
|
||||
char data[0];
|
||||
};
|
||||
|
||||
80
include/net/netfilter/nf_conntrack_extend.h
Normal file
80
include/net/netfilter/nf_conntrack_extend.h
Normal file
@ -0,0 +1,80 @@
|
||||
#ifndef _NF_CONNTRACK_EXTEND_H
|
||||
#define _NF_CONNTRACK_EXTEND_H
|
||||
|
||||
#include <net/netfilter/nf_conntrack.h>
|
||||
|
||||
enum nf_ct_ext_id
|
||||
{
|
||||
NF_CT_EXT_NUM,
|
||||
};
|
||||
|
||||
/* Extensions: optional stuff which isn't permanently in struct. */
|
||||
struct nf_ct_ext {
|
||||
u8 offset[NF_CT_EXT_NUM];
|
||||
u8 len;
|
||||
u8 real_len;
|
||||
char data[0];
|
||||
};
|
||||
|
||||
static inline int nf_ct_ext_exist(const struct nf_conn *ct, u8 id)
|
||||
{
|
||||
return (ct->ext && ct->ext->offset[id]);
|
||||
}
|
||||
|
||||
static inline void *__nf_ct_ext_find(const struct nf_conn *ct, u8 id)
|
||||
{
|
||||
if (!nf_ct_ext_exist(ct, id))
|
||||
return NULL;
|
||||
|
||||
return (void *)ct->ext + ct->ext->offset[id];
|
||||
}
|
||||
#define nf_ct_ext_find(ext, id) \
|
||||
((id##_TYPE *)__nf_ct_ext_find((ext), (id)))
|
||||
|
||||
/* Destroy all relationships */
|
||||
extern void __nf_ct_ext_destroy(struct nf_conn *ct);
|
||||
static inline void nf_ct_ext_destroy(struct nf_conn *ct)
|
||||
{
|
||||
if (ct->ext)
|
||||
__nf_ct_ext_destroy(ct);
|
||||
}
|
||||
|
||||
/* Free operation. If you want to free a object referred from private area,
|
||||
* please implement __nf_ct_ext_free() and call it.
|
||||
*/
|
||||
static inline void nf_ct_ext_free(struct nf_conn *ct)
|
||||
{
|
||||
if (ct->ext)
|
||||
kfree(ct->ext);
|
||||
}
|
||||
|
||||
/* Add this type, returns pointer to data or NULL. */
|
||||
void *
|
||||
__nf_ct_ext_add(struct nf_conn *ct, enum nf_ct_ext_id id, gfp_t gfp);
|
||||
#define nf_ct_ext_add(ct, id, gfp) \
|
||||
((id##_TYPE *)__nf_ct_ext_add((ct), (id), (gfp)))
|
||||
|
||||
#define NF_CT_EXT_F_PREALLOC 0x0001
|
||||
|
||||
struct nf_ct_ext_type
|
||||
{
|
||||
/* Destroys relationships (can be NULL). */
|
||||
void (*destroy)(struct nf_conn *ct);
|
||||
/* Called when realloacted (can be NULL).
|
||||
Contents has already been moved. */
|
||||
void (*move)(struct nf_conn *ct, void *old);
|
||||
|
||||
enum nf_ct_ext_id id;
|
||||
|
||||
unsigned int flags;
|
||||
|
||||
/* Length and min alignment. */
|
||||
u8 len;
|
||||
u8 align;
|
||||
/* initial size of nf_ct_ext. */
|
||||
u8 alloc_size;
|
||||
};
|
||||
|
||||
int nf_ct_extend_register(struct nf_ct_ext_type *type);
|
||||
void nf_ct_extend_unregister(struct nf_ct_ext_type *type);
|
||||
#endif /* _NF_CONNTRACK_EXTEND_H */
|
||||
Reference in New Issue
Block a user