mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-06 04:35:12 +02:00
xt_ACCOUNT: make table limit configurable
Add parameter option in module xt_ACCOUNT.ko to accept. Change in the ACCOUN_MAX_TABLES table without the need to recompile the module. References: MR-8
This commit is contained in:
Nataniel Santos
committed by
Jan Engelhardt
Jan Engelhardt
parent
5903f4bcfc
commit
ed10cb9c17
@@ -40,6 +40,9 @@
|
|||||||
#error "ipt_ACCOUNT needs at least a PAGE_SIZE of 4096"
|
#error "ipt_ACCOUNT needs at least a PAGE_SIZE of 4096"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
static unsigned int max_tables_limit = 128;
|
||||||
|
module_param(max_tables_limit, uint, 0);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Internal table structure, generated by check_entry()
|
* Internal table structure, generated by check_entry()
|
||||||
* @name: name of the table
|
* @name: name of the table
|
||||||
@@ -185,7 +188,7 @@ static int ipt_acc_table_insert(struct ipt_acc_table *ipt_acc_tables,
|
|||||||
name, NIPQUAD(ip), NIPQUAD(netmask));
|
name, NIPQUAD(ip), NIPQUAD(netmask));
|
||||||
|
|
||||||
/* Look for existing table */
|
/* Look for existing table */
|
||||||
for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
|
for (i = 0; i < max_tables_limit; i++) {
|
||||||
if (strncmp(ipt_acc_tables[i].name, name,
|
if (strncmp(ipt_acc_tables[i].name, name,
|
||||||
ACCOUNT_TABLE_NAME_LEN) == 0) {
|
ACCOUNT_TABLE_NAME_LEN) == 0) {
|
||||||
pr_debug("ACCOUNT: Found existing slot: %d - "
|
pr_debug("ACCOUNT: Found existing slot: %d - "
|
||||||
@@ -209,7 +212,7 @@ static int ipt_acc_table_insert(struct ipt_acc_table *ipt_acc_tables,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Insert new table */
|
/* Insert new table */
|
||||||
for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
|
for (i = 0; i < max_tables_limit; i++) {
|
||||||
/* Found free slot */
|
/* Found free slot */
|
||||||
if (ipt_acc_tables[i].name[0] == 0) {
|
if (ipt_acc_tables[i].name[0] == 0) {
|
||||||
unsigned int netsize = 0;
|
unsigned int netsize = 0;
|
||||||
@@ -258,7 +261,7 @@ static int ipt_acc_table_insert(struct ipt_acc_table *ipt_acc_tables,
|
|||||||
|
|
||||||
/* No free slot found */
|
/* No free slot found */
|
||||||
printk("ACCOUNT: No free table slot found (max: %d). "
|
printk("ACCOUNT: No free table slot found (max: %d). "
|
||||||
"Please increase ACCOUNT_MAX_TABLES.\n", ACCOUNT_MAX_TABLES);
|
"Please increase the \"max_tables_limit\" module parameter.\n", max_tables_limit);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -299,7 +302,7 @@ static void ipt_acc_destroy(const struct xt_tgdtor_param *par)
|
|||||||
info->table_nr = -1; /* Set back to original state */
|
info->table_nr = -1; /* Set back to original state */
|
||||||
|
|
||||||
/* Look for table */
|
/* Look for table */
|
||||||
for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
|
for (i = 0; i < max_tables_limit; i++) {
|
||||||
if (strncmp(ian->ipt_acc_tables[i].name, info->table_name,
|
if (strncmp(ian->ipt_acc_tables[i].name, info->table_name,
|
||||||
ACCOUNT_TABLE_NAME_LEN) == 0) {
|
ACCOUNT_TABLE_NAME_LEN) == 0) {
|
||||||
pr_debug("ACCOUNT: Found table at slot: %d\n", i);
|
pr_debug("ACCOUNT: Found table at slot: %d\n", i);
|
||||||
@@ -604,12 +607,12 @@ static int ipt_acc_handle_prepare_read(struct ipt_acc_table *ipt_acc_tables,
|
|||||||
int table_nr = -1;
|
int table_nr = -1;
|
||||||
uint8_t depth;
|
uint8_t depth;
|
||||||
|
|
||||||
for (table_nr = 0; table_nr < ACCOUNT_MAX_TABLES; table_nr++)
|
for (table_nr = 0; table_nr < max_tables_limit; table_nr++)
|
||||||
if (strncmp(ipt_acc_tables[table_nr].name, tablename,
|
if (strncmp(ipt_acc_tables[table_nr].name, tablename,
|
||||||
ACCOUNT_TABLE_NAME_LEN) == 0)
|
ACCOUNT_TABLE_NAME_LEN) == 0)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
if (table_nr == ACCOUNT_MAX_TABLES) {
|
if (table_nr == max_tables_limit) {
|
||||||
printk("ACCOUNT: ipt_acc_handle_prepare_read(): "
|
printk("ACCOUNT: ipt_acc_handle_prepare_read(): "
|
||||||
"Table %s not found\n", tablename);
|
"Table %s not found\n", tablename);
|
||||||
return -1;
|
return -1;
|
||||||
@@ -707,12 +710,12 @@ static int ipt_acc_handle_prepare_read_flush(struct ipt_acc_table *ipt_acc_table
|
|||||||
int table_nr;
|
int table_nr;
|
||||||
void *new_data_page;
|
void *new_data_page;
|
||||||
|
|
||||||
for (table_nr = 0; table_nr < ACCOUNT_MAX_TABLES; table_nr++)
|
for (table_nr = 0; table_nr < max_tables_limit; table_nr++)
|
||||||
if (strncmp(ipt_acc_tables[table_nr].name, tablename,
|
if (strncmp(ipt_acc_tables[table_nr].name, tablename,
|
||||||
ACCOUNT_TABLE_NAME_LEN) == 0)
|
ACCOUNT_TABLE_NAME_LEN) == 0)
|
||||||
break;
|
break;
|
||||||
|
|
||||||
if (table_nr == ACCOUNT_MAX_TABLES) {
|
if (table_nr == max_tables_limit) {
|
||||||
printk("ACCOUNT: ipt_acc_handle_prepare_read_flush(): "
|
printk("ACCOUNT: ipt_acc_handle_prepare_read_flush(): "
|
||||||
"Table %s not found\n", tablename);
|
"Table %s not found\n", tablename);
|
||||||
return -1;
|
return -1;
|
||||||
@@ -1052,7 +1055,7 @@ static int ipt_acc_get_ctl(struct sock *sk, int cmd, void *user, int *len)
|
|||||||
spin_lock_bh(&ian->ipt_acc_lock);
|
spin_lock_bh(&ian->ipt_acc_lock);
|
||||||
|
|
||||||
/* Determine size of table names */
|
/* Determine size of table names */
|
||||||
for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
|
for (i = 0; i < max_tables_limit; i++) {
|
||||||
if (ian->ipt_acc_tables[i].name[0] != 0)
|
if (ian->ipt_acc_tables[i].name[0] != 0)
|
||||||
size += strlen(ian->ipt_acc_tables[i].name) + 1;
|
size += strlen(ian->ipt_acc_tables[i].name) + 1;
|
||||||
}
|
}
|
||||||
@@ -1067,7 +1070,7 @@ static int ipt_acc_get_ctl(struct sock *sk, int cmd, void *user, int *len)
|
|||||||
}
|
}
|
||||||
/* Copy table names to userspace */
|
/* Copy table names to userspace */
|
||||||
tnames = ian->ipt_acc_tmpbuf;
|
tnames = ian->ipt_acc_tmpbuf;
|
||||||
for (i = 0; i < ACCOUNT_MAX_TABLES; i++) {
|
for (i = 0; i < max_tables_limit; i++) {
|
||||||
if (ian->ipt_acc_tables[i].name[0] != 0) {
|
if (ian->ipt_acc_tables[i].name[0] != 0) {
|
||||||
name_len = strlen(ian->ipt_acc_tables[i].name) + 1;
|
name_len = strlen(ian->ipt_acc_tables[i].name) + 1;
|
||||||
memcpy(tnames, ian->ipt_acc_tables[i].name, name_len);
|
memcpy(tnames, ian->ipt_acc_tables[i].name, name_len);
|
||||||
@@ -1100,7 +1103,7 @@ static int __net_init ipt_acc_net_init(struct net *net)
|
|||||||
memset(ian, 0, sizeof(*ian));
|
memset(ian, 0, sizeof(*ian));
|
||||||
sema_init(&ian->ipt_acc_userspace_mutex, 1);
|
sema_init(&ian->ipt_acc_userspace_mutex, 1);
|
||||||
|
|
||||||
ian->ipt_acc_tables = kcalloc(ACCOUNT_MAX_TABLES,
|
ian->ipt_acc_tables = kcalloc(max_tables_limit,
|
||||||
sizeof(struct ipt_acc_table), GFP_KERNEL);
|
sizeof(struct ipt_acc_table), GFP_KERNEL);
|
||||||
if (ian->ipt_acc_tables == NULL) {
|
if (ian->ipt_acc_tables == NULL) {
|
||||||
printk("ACCOUNT: Out of memory allocating account_tables structure");
|
printk("ACCOUNT: Out of memory allocating account_tables structure");
|
||||||
|
|||||||
@@ -34,7 +34,6 @@
|
|||||||
#define IPT_SO_GET_ACCOUNT_GET_TABLE_NAMES (SO_ACCOUNT_BASE_CTL + 8)
|
#define IPT_SO_GET_ACCOUNT_GET_TABLE_NAMES (SO_ACCOUNT_BASE_CTL + 8)
|
||||||
#define IPT_SO_GET_ACCOUNT_MAX IPT_SO_GET_ACCOUNT_GET_TABLE_NAMES
|
#define IPT_SO_GET_ACCOUNT_MAX IPT_SO_GET_ACCOUNT_GET_TABLE_NAMES
|
||||||
|
|
||||||
#define ACCOUNT_MAX_TABLES 128
|
|
||||||
#define ACCOUNT_TABLE_NAME_LEN 32
|
#define ACCOUNT_TABLE_NAME_LEN 32
|
||||||
#define ACCOUNT_MAX_HANDLES 10
|
#define ACCOUNT_MAX_HANDLES 10
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user