git://ftp.safe.ca / safe / jmp / linux-2.6 / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a400c30)
ctnetlink: compute generic part of event more acurately
authorHolger Eitzenberger <holger@eitzenberger.org>
Thu, 26 Mar 2009 12:37:14 +0000 (13:37 +0100)
committerPatrick McHardy <kaber@trash.net>
Thu, 26 Mar 2009 12:37:14 +0000 (13:37 +0100)
On a box with most of the optional Netfilter switches turned off some
of the NLAs are never send, e. g. secmark, mark or the conntrack
byte/packet counters.  As a worst case scenario this may possibly
still lead to ctnetlink skbs being reallocated in netlink_trim()
later, loosing all the nice effects from the previous patches.

I try to solve that (at least partly) by correctly #ifdef'ing the
NLAs in the computation.

Signed-off-by: Holger Eitzenberger <holger@eitzenberger.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
net/netfilter/nf_conntrack_netlink.c patch | blob | history

diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 03547c6..2fb833b 100644 (file)
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -441,19 +441,28 @@ ctnetlink_alloc_skb(const struct nf_conntrack_tuple *tuple, gfp_t gfp)
                + 3 * NLA_TYPE_SIZE(u_int8_t)   /* CTA_PROTO_NUM */
                + NLA_TYPE_SIZE(u_int32_t)      /* CTA_ID */
                + NLA_TYPE_SIZE(u_int32_t)      /* CTA_STATUS */
+#ifdef CONFIG_NF_CT_ACCT
                + 2 * nla_total_size(0)         /* CTA_COUNTERS_ORIG|REPL */
                + 2 * NLA_TYPE_SIZE(uint64_t)   /* CTA_COUNTERS_PACKETS */
                + 2 * NLA_TYPE_SIZE(uint64_t)   /* CTA_COUNTERS_BYTES */
+#endif
                + NLA_TYPE_SIZE(u_int32_t)      /* CTA_TIMEOUT */
                + nla_total_size(0)             /* CTA_PROTOINFO */
                + nla_total_size(0)             /* CTA_HELP */
                + nla_total_size(NF_CT_HELPER_NAME_LEN) /* CTA_HELP_NAME */
+#ifdef CONFIG_NF_CONNTRACK_SECMARK
                + NLA_TYPE_SIZE(u_int32_t)      /* CTA_SECMARK */
+#endif
+#ifdef CONFIG_NF_NAT_NEEDED
                + 2 * nla_total_size(0)         /* CTA_NAT_SEQ_ADJ_ORIG|REPL */
                + 2 * NLA_TYPE_SIZE(u_int32_t)  /* CTA_NAT_SEQ_CORRECTION_POS */
                + 2 * NLA_TYPE_SIZE(u_int32_t)  /* CTA_NAT_SEQ_CORRECTION_BEFORE */
                + 2 * NLA_TYPE_SIZE(u_int32_t)  /* CTA_NAT_SEQ_CORRECTION_AFTER */
-               + NLA_TYPE_SIZE(u_int32_t);     /* CTA_MARK */
+#endif
+#ifdef CONFIG_NF_CONNTRACK_MARK
+               + NLA_TYPE_SIZE(u_int32_t)      /* CTA_MARK */
+#endif
+               ;
 
 #undef NLA_TYPE_SIZE
 
Full containers within linux kernel