tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: conntrack: gre: switch module to be built-in

This makes the last of the modular l4 trackers 'bool'.

After this, all infrastructure to handle dynamic l4 protocol registration
becomes obsolete and can be removed in followup patches.

Old:
302824 net/netfilter/nf_conntrack.ko
21504 net/netfilter/nf_conntrack_proto_gre.ko

New:
313728 net/netfilter/nf_conntrack.ko

Old:
text data bss dec hex filename
6281 1732 4 8017 1f51 nf_conntrack_proto_gre.ko
108356 20613 236 129205 1f8b5 nf_conntrack.ko
New:
112095 21381 240 133716 20a54 nf_conntrack.ko

The size increase is only temporary.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by
Pablo Neira Ayuso 22fc4c4c 202e651c

+55 -98
+1 -13
include/linux/netfilter/nf_conntrack_proto_gre.h
··· 22 22 struct rcu_head rcu; 23 23 }; 24 24 25 - enum grep_conntrack { 26 - GRE_CT_UNREPLIED, 27 - GRE_CT_REPLIED, 28 - GRE_CT_MAX 29 - }; 30 - 31 - struct netns_proto_gre { 32 - struct nf_proto_net nf; 33 - rwlock_t keymap_lock; 34 - struct list_head keymap_list; 35 - unsigned int gre_timeouts[GRE_CT_MAX]; 36 - }; 37 - 38 25 /* add new tuple->key_reply pair to keymap */ 39 26 int nf_ct_gre_keymap_add(struct nf_conn *ct, enum ip_conntrack_dir dir, 40 27 struct nf_conntrack_tuple *t); 41 28 29 + void nf_ct_gre_keymap_flush(struct net *net); 42 30 /* delete keymap entries */ 43 31 void nf_ct_gre_keymap_destroy(struct nf_conn *ct); 44 32
+3
include/net/netfilter/ipv4/nf_conntrack_ipv4.h
··· 22 22 #ifdef CONFIG_NF_CT_PROTO_UDPLITE 23 23 extern const struct nf_conntrack_l4proto nf_conntrack_l4proto_udplite; 24 24 #endif 25 + #ifdef CONFIG_NF_CT_PROTO_GRE 26 + extern const struct nf_conntrack_l4proto nf_conntrack_l4proto_gre; 27 + #endif 25 28 26 29 #endif /*_NF_CONNTRACK_IPV4_H*/
+7
include/net/netfilter/nf_conntrack_l4proto.h
··· 239 239 } 240 240 #endif 241 241 242 + #ifdef CONFIG_NF_CT_PROTO_GRE 243 + static inline struct nf_gre_net *nf_gre_pernet(struct net *net) 244 + { 245 + return &net->ct.nf_ct_proto.gre; 246 + } 247 + #endif 248 + 242 249 #endif /*_NF_CONNTRACK_PROTOCOL_H*/
+17
include/net/netns/conntrack.h
··· 70 70 }; 71 71 #endif 72 72 73 + #ifdef CONFIG_NF_CT_PROTO_GRE 74 + enum gre_conntrack { 75 + GRE_CT_UNREPLIED, 76 + GRE_CT_REPLIED, 77 + GRE_CT_MAX 78 + }; 79 + 80 + struct nf_gre_net { 81 + struct nf_proto_net nf; 82 + struct list_head keymap_list; 83 + unsigned int timeouts[GRE_CT_MAX]; 84 + }; 85 + #endif 86 + 73 87 struct nf_ip_net { 74 88 struct nf_generic_net generic; 75 89 struct nf_tcp_net tcp; ··· 95 81 #endif 96 82 #ifdef CONFIG_NF_CT_PROTO_SCTP 97 83 struct nf_sctp_net sctp; 84 + #endif 85 + #ifdef CONFIG_NF_CT_PROTO_GRE 86 + struct nf_gre_net gre; 98 87 #endif 99 88 }; 100 89
+1 -1
net/netfilter/Kconfig
··· 174 174 If unsure, say Y. 175 175 176 176 config NF_CT_PROTO_GRE 177 - tristate 177 + bool 178 178 179 179 config NF_CT_PROTO_SCTP 180 180 bool 'SCTP protocol connection tracking support'
+1 -2
net/netfilter/Makefile
··· 13 13 nf_conntrack-$(CONFIG_NF_CONNTRACK_LABELS) += nf_conntrack_labels.o 14 14 nf_conntrack-$(CONFIG_NF_CT_PROTO_DCCP) += nf_conntrack_proto_dccp.o 15 15 nf_conntrack-$(CONFIG_NF_CT_PROTO_SCTP) += nf_conntrack_proto_sctp.o 16 + nf_conntrack-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o 16 17 17 18 obj-$(CONFIG_NETFILTER) = netfilter.o 18 19 ··· 25 24 26 25 # connection tracking 27 26 obj-$(CONFIG_NF_CONNTRACK) += nf_conntrack.o 28 - 29 - obj-$(CONFIG_NF_CT_PROTO_GRE) += nf_conntrack_proto_gre.o 30 27 31 28 # netlink interface for nf_conntrack 32 29 obj-$(CONFIG_NF_CT_NETLINK) += nf_conntrack_netlink.o
+6 -1
net/netfilter/nf_conntrack_proto.c
··· 817 817 #ifdef CONFIG_NF_CT_PROTO_UDPLITE 818 818 &nf_conntrack_l4proto_udplite, 819 819 #endif 820 + #ifdef CONFIG_NF_CT_PROTO_GRE 821 + &nf_conntrack_l4proto_gre, 822 + #endif 820 823 #if IS_ENABLED(CONFIG_IPV6) 821 824 &nf_conntrack_l4proto_icmpv6, 822 825 #endif /* CONFIG_IPV6 */ ··· 900 897 ARRAY_SIZE(builtin_l4proto)); 901 898 pn->users--; 902 899 nf_ct_l4proto_unregister_sysctl(pn); 900 + #ifdef CONFIG_NF_CT_PROTO_GRE 901 + nf_ct_gre_keymap_flush(net); 902 + #endif 903 903 } 904 - 905 904 906 905 module_param_call(hashsize, nf_conntrack_set_hashsize, param_get_uint, 907 906 &nf_conntrack_htable_size, 0600);
+18 -75
net/netfilter/nf_conntrack_proto_gre.c
··· 48 48 [GRE_CT_REPLIED] = 180*HZ, 49 49 }; 50 50 51 - static unsigned int proto_gre_net_id __read_mostly; 52 51 /* used when expectation is added */ 53 52 static DEFINE_SPINLOCK(keymap_lock); 54 53 55 - static inline struct netns_proto_gre *gre_pernet(struct net *net) 54 + static inline struct nf_gre_net *gre_pernet(struct net *net) 56 55 { 57 - return net_generic(net, proto_gre_net_id); 56 + return &net->ct.nf_ct_proto.gre; 58 57 } 59 58 60 - static void nf_ct_gre_keymap_flush(struct net *net) 59 + void nf_ct_gre_keymap_flush(struct net *net) 61 60 { 62 - struct netns_proto_gre *net_gre = gre_pernet(net); 61 + struct nf_gre_net *net_gre = gre_pernet(net); 63 62 struct nf_ct_gre_keymap *km, *tmp; 64 63 65 64 spin_lock_bh(&keymap_lock); ··· 82 83 /* look up the source key for a given tuple */ 83 84 static __be16 gre_keymap_lookup(struct net *net, struct nf_conntrack_tuple *t) 84 85 { 85 - struct netns_proto_gre *net_gre = gre_pernet(net); 86 + struct nf_gre_net *net_gre = gre_pernet(net); 86 87 struct nf_ct_gre_keymap *km; 87 88 __be16 key = 0; 88 89 ··· 104 105 struct nf_conntrack_tuple *t) 105 106 { 106 107 struct net *net = nf_ct_net(ct); 107 - struct netns_proto_gre *net_gre = gre_pernet(net); 108 + struct nf_gre_net *net_gre = gre_pernet(net); 108 109 struct nf_ct_pptp_master *ct_pptp_info = nfct_help_data(ct); 109 110 struct nf_ct_gre_keymap **kmp, *km; 110 111 ··· 209 210 210 211 static unsigned int *gre_get_timeouts(struct net *net) 211 212 { 212 - return gre_pernet(net)->gre_timeouts; 213 + return gre_pernet(net)->timeouts; 213 214 } 214 215 215 216 /* Returns verdict for packet, and may modify conntrack */ ··· 271 272 struct net *net, void *data) 272 273 { 273 274 unsigned int *timeouts = data; 274 - struct netns_proto_gre *net_gre = gre_pernet(net); 275 + struct nf_gre_net *net_gre = gre_pernet(net); 275 276 276 277 if (!timeouts) 277 278 timeouts = gre_get_timeouts(net); 278 279 /* set default timeouts for GRE. */ 279 - timeouts[GRE_CT_UNREPLIED] = net_gre->gre_timeouts[GRE_CT_UNREPLIED]; 280 - timeouts[GRE_CT_REPLIED] = net_gre->gre_timeouts[GRE_CT_REPLIED]; 280 + timeouts[GRE_CT_UNREPLIED] = net_gre->timeouts[GRE_CT_UNREPLIED]; 281 + timeouts[GRE_CT_REPLIED] = net_gre->timeouts[GRE_CT_REPLIED]; 281 282 282 283 if (tb[CTA_TIMEOUT_GRE_UNREPLIED]) { 283 284 timeouts[GRE_CT_UNREPLIED] = ··· 331 332 }; 332 333 #endif 333 334 334 - static int gre_kmemdup_sysctl_table(struct net *net, struct nf_proto_net *nf, 335 - struct netns_proto_gre *net_gre) 335 + static int gre_kmemdup_sysctl_table(struct net *net) 336 336 { 337 337 #ifdef CONFIG_SYSCTL 338 + struct nf_gre_net *net_gre = gre_pernet(net); 339 + struct nf_proto_net *nf = &net_gre->nf; 338 340 int i; 339 341 340 342 if (nf->ctl_table) ··· 348 348 return -ENOMEM; 349 349 350 350 for (i = 0; i < GRE_CT_MAX; i++) 351 - nf->ctl_table[i].data = &net_gre->gre_timeouts[i]; 351 + nf->ctl_table[i].data = &net_gre->timeouts[i]; 352 352 #endif 353 353 return 0; 354 354 } 355 355 356 356 static int gre_init_net(struct net *net) 357 357 { 358 - struct netns_proto_gre *net_gre = gre_pernet(net); 359 - struct nf_proto_net *nf = &net_gre->nf; 358 + struct nf_gre_net *net_gre = gre_pernet(net); 360 359 int i; 361 360 362 361 INIT_LIST_HEAD(&net_gre->keymap_list); 363 362 for (i = 0; i < GRE_CT_MAX; i++) 364 - net_gre->gre_timeouts[i] = gre_timeouts[i]; 363 + net_gre->timeouts[i] = gre_timeouts[i]; 365 364 366 - return gre_kmemdup_sysctl_table(net, nf, net_gre); 365 + return gre_kmemdup_sysctl_table(net); 367 366 } 368 367 369 368 /* protocol helper struct */ 370 - static const struct nf_conntrack_l4proto nf_conntrack_l4proto_gre4 = { 369 + const struct nf_conntrack_l4proto nf_conntrack_l4proto_gre = { 371 370 .l4proto = IPPROTO_GRE, 372 371 .pkt_to_tuple = gre_pkt_to_tuple, 373 372 #ifdef CONFIG_NF_CONNTRACK_PROCFS ··· 390 391 .nla_policy = gre_timeout_nla_policy, 391 392 }, 392 393 #endif /* CONFIG_NF_CONNTRACK_TIMEOUT */ 393 - .net_id = &proto_gre_net_id, 394 394 .init_net = gre_init_net, 395 395 }; 396 - 397 - static int proto_gre_net_init(struct net *net) 398 - { 399 - int ret = 0; 400 - 401 - ret = nf_ct_l4proto_pernet_register_one(net, 402 - &nf_conntrack_l4proto_gre4); 403 - if (ret < 0) 404 - pr_err("nf_conntrack_gre4: pernet registration failed.\n"); 405 - return ret; 406 - } 407 - 408 - static void proto_gre_net_exit(struct net *net) 409 - { 410 - nf_ct_l4proto_pernet_unregister_one(net, &nf_conntrack_l4proto_gre4); 411 - nf_ct_gre_keymap_flush(net); 412 - } 413 - 414 - static struct pernet_operations proto_gre_net_ops = { 415 - .init = proto_gre_net_init, 416 - .exit = proto_gre_net_exit, 417 - .id = &proto_gre_net_id, 418 - .size = sizeof(struct netns_proto_gre), 419 - }; 420 - 421 - static int __init nf_ct_proto_gre_init(void) 422 - { 423 - int ret; 424 - 425 - BUILD_BUG_ON(offsetof(struct netns_proto_gre, nf) != 0); 426 - 427 - ret = register_pernet_subsys(&proto_gre_net_ops); 428 - if (ret < 0) 429 - goto out_pernet; 430 - ret = nf_ct_l4proto_register_one(&nf_conntrack_l4proto_gre4); 431 - if (ret < 0) 432 - goto out_gre4; 433 - 434 - return 0; 435 - out_gre4: 436 - unregister_pernet_subsys(&proto_gre_net_ops); 437 - out_pernet: 438 - return ret; 439 - } 440 - 441 - static void __exit nf_ct_proto_gre_fini(void) 442 - { 443 - nf_ct_l4proto_unregister_one(&nf_conntrack_l4proto_gre4); 444 - unregister_pernet_subsys(&proto_gre_net_ops); 445 - } 446 - 447 - module_init(nf_ct_proto_gre_init); 448 - module_exit(nf_ct_proto_gre_fini); 449 - 450 - MODULE_LICENSE("GPL");