netfilter: helper: add build-time asserts for helper data size
add a 32 byte scratch area in the helper struct instead of relying on variable sized helpers plus compile-time asserts to let us know if 32 bytes aren't enough anymore. Not having variable sized helpers will later allow to add BUILD_BUG_ON for the total size of conntrack extensions -- the helper extension is the only one that doesn't have a fixed size. The (useless!) NF_CT_HELPER_BUILD_BUG_ON(0); are added so that in case someone adds a new helper and copy-pastes from one that doesn't store private data at least some indication that this macro should be used somehow is there... Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>zero-colors
parent
906535b046
commit
dcf67740f2
|
@ -66,9 +66,12 @@ struct nf_conn_help {
|
||||||
u8 expecting[NF_CT_MAX_EXPECT_CLASSES];
|
u8 expecting[NF_CT_MAX_EXPECT_CLASSES];
|
||||||
|
|
||||||
/* private helper information. */
|
/* private helper information. */
|
||||||
char data[];
|
char data[32] __aligned(8);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#define NF_CT_HELPER_BUILD_BUG_ON(structsize) \
|
||||||
|
BUILD_BUG_ON((structsize) > FIELD_SIZEOF(struct nf_conn_help, data))
|
||||||
|
|
||||||
struct nf_conntrack_helper *__nf_conntrack_helper_find(const char *name,
|
struct nf_conntrack_helper *__nf_conntrack_helper_find(const char *name,
|
||||||
u16 l3num, u8 protonum);
|
u16 l3num, u8 protonum);
|
||||||
|
|
||||||
|
|
|
@ -207,6 +207,8 @@ static int __init nf_conntrack_amanda_init(void)
|
||||||
{
|
{
|
||||||
int ret, i;
|
int ret, i;
|
||||||
|
|
||||||
|
NF_CT_HELPER_BUILD_BUG_ON(0);
|
||||||
|
|
||||||
for (i = 0; i < ARRAY_SIZE(search); i++) {
|
for (i = 0; i < ARRAY_SIZE(search); i++) {
|
||||||
search[i].ts = textsearch_prepare(ts_algo, search[i].string,
|
search[i].ts = textsearch_prepare(ts_algo, search[i].string,
|
||||||
search[i].len,
|
search[i].len,
|
||||||
|
|
|
@ -577,6 +577,8 @@ static int __init nf_conntrack_ftp_init(void)
|
||||||
{
|
{
|
||||||
int i, ret = 0;
|
int i, ret = 0;
|
||||||
|
|
||||||
|
NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_ftp_master));
|
||||||
|
|
||||||
ftp_buffer = kmalloc(65536, GFP_KERNEL);
|
ftp_buffer = kmalloc(65536, GFP_KERNEL);
|
||||||
if (!ftp_buffer)
|
if (!ftp_buffer)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
|
@ -1836,6 +1836,8 @@ static int __init nf_conntrack_h323_init(void)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
|
NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_h323_master));
|
||||||
|
|
||||||
h323_buffer = kmalloc(65536, GFP_KERNEL);
|
h323_buffer = kmalloc(65536, GFP_KERNEL);
|
||||||
if (!h323_buffer)
|
if (!h323_buffer)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
|
@ -58,6 +58,8 @@ static struct nf_conntrack_helper helper __read_mostly = {
|
||||||
|
|
||||||
static int __init nf_conntrack_netbios_ns_init(void)
|
static int __init nf_conntrack_netbios_ns_init(void)
|
||||||
{
|
{
|
||||||
|
NF_CT_HELPER_BUILD_BUG_ON(0);
|
||||||
|
|
||||||
exp_policy.timeout = timeout;
|
exp_policy.timeout = timeout;
|
||||||
return nf_conntrack_helper_register(&helper);
|
return nf_conntrack_helper_register(&helper);
|
||||||
}
|
}
|
||||||
|
|
|
@ -607,6 +607,8 @@ static struct nf_conntrack_helper pptp __read_mostly = {
|
||||||
|
|
||||||
static int __init nf_conntrack_pptp_init(void)
|
static int __init nf_conntrack_pptp_init(void)
|
||||||
{
|
{
|
||||||
|
NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_pptp_master));
|
||||||
|
|
||||||
return nf_conntrack_helper_register(&pptp);
|
return nf_conntrack_helper_register(&pptp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -184,6 +184,8 @@ static int __init nf_conntrack_sane_init(void)
|
||||||
{
|
{
|
||||||
int i, ret = 0;
|
int i, ret = 0;
|
||||||
|
|
||||||
|
NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_sane_master));
|
||||||
|
|
||||||
sane_buffer = kmalloc(65536, GFP_KERNEL);
|
sane_buffer = kmalloc(65536, GFP_KERNEL);
|
||||||
if (!sane_buffer)
|
if (!sane_buffer)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
|
@ -1622,6 +1622,8 @@ static int __init nf_conntrack_sip_init(void)
|
||||||
{
|
{
|
||||||
int i, ret;
|
int i, ret;
|
||||||
|
|
||||||
|
NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_sip_master));
|
||||||
|
|
||||||
if (ports_c == 0)
|
if (ports_c == 0)
|
||||||
ports[ports_c++] = SIP_PORT;
|
ports[ports_c++] = SIP_PORT;
|
||||||
|
|
||||||
|
|
|
@ -113,6 +113,8 @@ static int __init nf_conntrack_tftp_init(void)
|
||||||
{
|
{
|
||||||
int i, ret;
|
int i, ret;
|
||||||
|
|
||||||
|
NF_CT_HELPER_BUILD_BUG_ON(0);
|
||||||
|
|
||||||
if (ports_c == 0)
|
if (ports_c == 0)
|
||||||
ports[ports_c++] = TFTP_PORT;
|
ports[ports_c++] = TFTP_PORT;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue